header not waok on my projct

General PHP Help
#1

[php]

<?php //Start session session_start(); //Include database connection details include_once 'connection/connect.php'; //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; if(isset($_POST['login'])) { //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $username = clean($_POST['username']); $password = clean($_POST['password']); //Input Validations if($username == '') { $errmsg_arr[] = 'Please Enter Username'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Please Enter Password'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { echo'Something happen'; $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("Location:index.php"); exit(); } //Create query $qry="SELECT * FROM user WHERE username='$username' AND password='".md5($password)."'"; $result=mysql_query($qry) or die(mysql_error()); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) > 0) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_MEMBER_ROLE'] = $member['role']; $_SESSION['SESS_MEMBER_IMG'] = $member['picture']; $name = $member['firstName']." ".$member['lastName']; $_SESSION['SESS_FULL_NAME'] = $name; session_write_close(); //Which user is login to the system if($member['role']=='Admin') { header("Location:admin-home.php"); exit(); } else if($member['role']=='other'){ header("Location:sale-home.php"); exit(); } } else { //Login failed $errmsg_arr[] = 'user name and password not found'; $errflag = true; if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("Location:index.php"); exit(); } } }else { die("Query failed"); } } ?>

Please help me un blabe to direct
[/php]

#2

Your code is vulnerable to an SQL injection attack. You are using outdated code that has been completely removed from PHP. You need to use PDO with prepared statements.

Sponsor our Newsletter | Privacy Policy | Terms of Service