urlencode prob

[Reaper0167]

my error message is appearing in the address box of my browswer.  i am using urlencode for an error message.

// this is from my login.php
<?php
$message = "Welcome $username. You are now logged in.";  
    header("location: home.php?error=" . urlencode($message));
?>

 

// here is my index.php with the div tag where the error is displayed
<?php
<div class="error">
      <div align="center">
            <? echo $_GET['error']; ?>
</div>
?>

 

this is what my address box in my browswer looks like after the error is posted on index.php

http://-------.com/index.php?error=This+username+is+not+registered.+Pleaser+register+first.

[kenrbnsn]

What's the problem?

 

Ken

[Reaper0167]

the error appears on my page inside my div just fine. but for some reason this appears in the url box of my browser

http://**********.com/index.php?error=This+username+is+not+registered.+Pleaser+register+first.

and this doesn't seem right to me. should this be happening?

[Reaper0167]

here check it out for yourself..

http://www.mylahstone.com

just put any name and password in and click submit.

the reason why i don't like it is because after the error is displayed i can't hit the refresh button to get rid of the error because it is part of the url.

[kenrbnsn]

It's appearing in the url box in your browser because you're putting it there with the header() function. If you don't want it to appear, use sessions.

 

In your login.php

<?php
session_start(); // put this line at the start of your script
$_SESSION['message'] = 'Put the message or error here';
header('location: another_script.php');
?>

In another_script.php

<?php
session_start();
if (isset($_SESSION['message'])) {
    echo $_SESSION['message'];
    unset $_SESSION['message'];
}
?>

 

Ken

[Reaper0167]

now i think i'm starting to annoy everyone on this forum. thanks for your help ken,, but i couldn't seem to get it to work... here is my code originally the way i had it. some php tags were thrown in here just to give it some color

// my login script

<?php

// datbase information
include 'connection.php';

// define variables, md5 password and clean up variables for more security
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

// checking if username is in database
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// variable for database entry
$count = mysql_num_rows($result);

// display log in success or error
if ($count == 1) {
$message = "Welcome $username. You are now logged in.";  
    header("location: home.php?error=" . urlencode($message));  // must be registered to visit home.php
} 
else {
    $message = "$username is not a registered username. Pleaser register first.";
    header("location: index.php?error=" . urlencode($message));  // check div tag for code on index.php
}

?> 

 

// here is my index.php which has the form

<?php
<style>
.error { color: #ff0000; }
.mylinks { color: #0099FF; }
</style>

<!-- using javascript to make sure fields are not left empty -->

<script type="text/javascript" language="javascript">

    function validate(form1)
    {
    var valid = true;

    if (form1.username.value)
    {
        document.getElementById('username_error').innerHTML = '';
    }
    else
    {
        document.getElementById('username_error').innerHTML = 'Please enter a username.';
        valid = false;
    }

    if (form1.password.value)
    {
        document.getElementById('password_error').innerHTML = '';
    }
    else
    {
        document.getElementById('password_error').innerHTML = 'Please enter a password.';
        valid = false;
    }
    return valid;
    }
    </script>
?>    
<?php
<style type="text/css">
    <!--
    body {
    background-color: #FFFFFF;
    }
    -->
    </style>

    <title></title>
    <style type="text/css">
    p.c3 {text-align: center}
    div.c2 {text-align: right}
    div.c1 {text-align: center}
.style5 {color: #000000}
    </style>
</head>

<body>
    <p> </p>

    <p> </p>

    <p> </p>

    <p> </p>

<table width="100%" height="36" border="0" cellpadding="0" cellspacing="0">
        <tr>
            <td height="36">
                <div class="c1">
                    <img src="pics/header.png" alt="header" width="433" height="37">
                </div>
            </td>
        </tr>
    </table>

    <p align="center">Hi, please log in.<br>
    </p>
    <div class="error">
      <div align="center">
        <?php 
		echo $_GET['error']; 
	?>
?>
<?php	
        </div>
<form action="login.php" method="post" name="form1" id="form1" onSubmit="return validate(this);">
<table width="100%" border="0" cellspacing="3" cellpadding="0">
            <tr>
                <td width="39%">
                    <div class="c2">
                        <label for="username">Username:</label>
                    </div>
                </td>

                <td width="61%"><input name="username" type="text" size="35" /> <span id="username_error" class="error"></td>
</tr>

            <tr>
                <td>
                    <div class="c2">
                        <label for="password">Password:</label>
                    </div>
                </td>

                <td><input name="password" type="password" size="35" /> <span id="password_error" class="error"></td>
            </tr>

            <tr>
                <td> </td>

                <td><input type="submit" name="submit" id="submit" value="  Log in  "></td>
            </tr>
  </table>
</form>

<p class="c3"><span class="style5">Don't have a username?</span>  <br>
     <a href="registration.php" class="mylinks">Click here to register.</a></p>



<!-- using javascript  to set focus of the cursor on the username textfield -->
<script type="text/javascript" language="javascript">

    document.form1.username.focus();

</script>
?>

[DarkWater]

Several things are wrong.  First of all, you're not doing any server-side validation.  JS validation is great for a double check, but it can be easily disabled.  Also, I see no code that actually logs the user in.  It just has a message that says they're logged in.  It doesn't actually do anything though.

[Reaper0167]

the javascript i put in is just to make sure that the fields have something filled in. as for the user being logged in,, i still need to work on that but i'm not sure where to start. i keep trying to google all this stuff but can't find a straight answer. Now I'm thinking that I need to redo my login/reg script so that it actually does something, right?