Leaderboard

in html5, no action attribute at all means that the form submits to the same page. you can also set action='#' to submit to the same page, but an empty action attribute, action='', is not valid html5 markup (as of the last time i checked.)

Okay, now you get to do what I've had to do a thousand times.... google your error message, click the first result and see which scenario applies to your script. Debugging goes like this: 1.) Error reporting (you now have that at the top of your page) 2.) Google your errors 3.) Fix your errors. p.s. I'm still bothered about your <form> tag which appears to have no action ... but I'm too lazy to read your code and see if you have a javascript form.submit() in there somewhere... p.s#2 ..and the line of code that reads: if(isset($_COOKIE["id"])) .... where is "id" anywhere on what you posted? I see a setcookie("user_id" ..... and obviously "id" is different than "user_id" so does that need fixin' ???

here's a list of things your login code needs to do differently - do NOT store the user_id in a cookie to identify who is logged in. anyone or a bot script can supply any value for a cookie when they request your page and appear to be anyone, such as you or an administrator on your site, just by going through all possible user id's until they find one that works. you would instead generate a random unique value, similar to what a session id cookie is, and store it in a database table that relates it to the actual user_id and store it in the cookie. you must have an exit/die statement after every header() redirect to STOP code execution. your current code is executing all the rest of the code on the page at each header() redirect. don't use fetchAll() and a loop for a query that will at most match one row of data. just directly call the fetch() method and test if a row of data was found. as to your current problem, the code you are dealing with is the login form processing code and the login form. however, you have put the login form processing code at what appears to be the top of the main index.php page. this doesn't make any sense, logically, because you would be redirecting to the main page, that you are already on, if the cookie is set. you are also testing a different cookie name then the one you are setting (id vs user_id), and there's no code setting the $user_id variable you are testing on the page to determine if there is a logged in user.

Especially when learning PHP (like I currently am), it is really really important to have the latest PHP and latest mySQL. I literally spent months on cleaning up my PHP 5 code only to realize that PHP 7.4 is available, and those months could have been spent learning how to code properly. So definitely upgrade your PHP and mySQL to the max. Email your shared hosting company if necessary... ask them to move you to a newer server, etc. THEN all you have to do is stick the Error Reporting code on top, and it (along with a few google searches) will actually teach you how to fix everything in your code. It is VERY satisfying to have error reporting ON, and to have no errors! Also, turn on mySQL error reporting, too (google how to do this).