Jump to content

Getting data from SQL into header location


thurmanmurman

Recommended Posts

Hi All,

 

Right now i have a mySQL db called members with 4 columns: ID (PK), username, password, and directory.

 

i am using a check login page and wish to redirect my user on successful login to the directory specified in the mySQL db.

 

Here is the code below. At the moment, upon login, the address bar changes to ...undefined/index.php.

 

I have tested the mySQL_evaluate function on a test page and when I echo the results, it displays the correct information. Any ideas?

#####THE CODE#####

 

<?php

ob_start();

 

$host="";                            // Host name

$username="";                 // Mysql username

$password="";                 // Mysql password

$db_name="";                 // Database name

$tbl_name="members"; // Table name

 

 

// Connect to server and select database.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

#####

function mysql_evaluate($query, $default_value="undefined") {

    $result = mysql_query($query);

    if (mysql_num_rows($result)==0)

        return $default_value;

    else

        return mysql_result($result,0);

}

#####

 

// Define $myusername and $mypassword

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

$mydirectory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'");

 

// encrypt password

$encrypted_mypassword=md5($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

$result=mysql_query($sql);

 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($count==1){

 

// Register $myusername, $mypassword, $mydirecory and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

session_register("mydirectory");

 

$host  = $_SERVER['HTTP_HOST'];

$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

$directory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'");

$extra = 'index.php';

header("Location: http://$host$uri$directory/$extra");

}

else {

echo "Wrong Username or Password";

}

 

ob_end_flush();

?>

well there's obviously something wrong with the function, as it is returning that undefined.  Change

 

$result = mysql_query($query);

 

to

 

$result = mysql_query($query) or die(mysql_error());

 

does it give an error? (remove it when you are done)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.