redirect to another page based on user type

Question

<?php
    session_start();
    include("connection.php");
    if(isset($_GET['submit'])) {
        mysql_connect('localhost','root','') or die(mysql_error());
        mysql_select_db('awnb') or die(mysql_erroe());
        $Email=$_GET['LoginEmail'];
        $password=$_GET['LoginPassword'];
        if($Email!=""&&$password!="") {
            $query=mysql_query("select * from users where Email='".$Email."' and Password='".$password."'") or die(mysql_error());
            $res=mysql_fetch_row($query);
            if($res) {
                $userType = $res['Type'];
                if($userType == 'user') {
                    $_SESSION['Email']=$Email;
                    header("location:profileuser.php");
                    exit;
                } else if($userType == 'sec') {
                    $_SESSION['Email']=$Email;
                    header("location:profile.php");
                    exit;
                }
            } else {
                echo "
                <script type='text/javascript'>
                alert('Username or Password is incorrect');
                </script>";
                header("location:index.php");
            }
        } else {
            echo "
            <script type='text/javascript'>
            alert('Enter both Username and Passowrd');
            </script>";
            header("location:index.php");
        }
    }
?>

• In this code Type is an attribute in table which tells about the type of user,there are two types of users called as user or sec. if type is user it should redirect to profileuser.php otherwise to profile.php but i am unable to do redirect the pages based on user type.

Answer 1

To answer your question, you are fetching a row that has a numeric index:

mysql_fetch_row() fetches one row of data from the result associated with the specified result identifier. The row is returned as an array. Each result column is stored in an array offset, starting at offset 0.

If you want to get a associative array, you need mysql_fetch_assoc.

That said, there is so much wrong with your code that you should probably start over:

• The mysql_* functions are deprecated;
• You have an SQL injection problem;
• You are storing a plain-text password;
• You are echoing output before a header redirect;
• You use GET instead of POST to send sensitive login data.

You can find a lot of information about each point here on SO so I am not going to repeat it, but like I said, you should probably just start over.