-1

Can not redirect to the dashboard page. Data get echo but not redirected to the dashboard. Please help me to get out of this problem. Thanks in Advance.

     if(isset($_POST['user_login'])){

            $error=array();
            $error2=array();

            $username=htmlspecialchars($_REQUEST['username']);
            if(empty($username)){
                $error['username']="Username/User ID is required.";    
            }

            $password=htmlspecialchars($_REQUEST['password']);
            if(empty($password)){
                $error['password']="Password is required.";    
            }

            if(count($error)==0){

    $q_seluser="select * from inst_user_registration where username= $username AND password=$password";
            //  echo "$q_seluser";

                $q_selu_res=mysqli_query($q_seluser)or die(mysqli_error());

                $login_num=mysqli_num_rows($q_selu_res); 
                //$login_num = mysqli_num_rows($q_seluser); 

                    if($login_num==1){

                session_start();

                $login_row=mysqli_fetch_array($q_selu_res,MYSQLI_ASSOC);

                $_SESSION['uid']=$login_row['uid'];

                echo'<script>window.location="user-dashboard.php";</script>';

            }

            else{

                $error2[]="Either Username and/or Password wrong.";

            }
        }   

        }

        ?>

Thanks for the help. Login details get echo but cannot redirect to the next page after login. It shows a blank page. I am a beginner to php and cannot get this error.

Arun Sharma
  • 137
  • 1
  • 12
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Feb 03 '20 at 11:37
  • 1
    Use `Header(...)` to redirect – B001ᛦ Feb 03 '20 at 11:37
  • And why are you executing htmlspecialchars() against the password? The password should never ever be shown on screen, so it's not necessary to do this - all you are doing with that is potentially altering valid password data, which might make it impossible to match to the data in the database. – ADyson Feb 03 '20 at 11:38
  • Also, you should not be aiming to do a direct match from the password the user inputs to the password data stored in the database, anyway. Please don't store passwords in plain text. Learn about [password hashing](https://www.php.net/manual/en/faq.passwords.php) – ADyson Feb 03 '20 at 11:38
  • "Data get echo"...which data is echoed, exactly? What debugging have you done to see what path your code is taking? Anyway as B001 says, it's much better to use PHP's `header` command to cause a redirect. Using JavaScript is pretty crude and is not necessary. – ADyson Feb 03 '20 at 11:40
  • Use `window.location.href=` not `window.location=` – GetSet Feb 03 '20 at 11:41
  • And it's unclear if/when you ever echo the errors - you've got two error arrays (`$error` and `$error2`, which itself makes no obvious sense) but there is no `echo` command shown for either of them, so we don't know if you are seeing that info or not. – ADyson Feb 03 '20 at 11:42
  • @GetSet why? It should make no difference. From the server-side a redirect should really be done using the `header()` command anyway/ – ADyson Feb 03 '20 at 11:43
  • @ADyson because if OP echo's the errors (or anything), `header()` won't work. But who knows exactly where all his bugs reside. – GetSet Feb 03 '20 at 11:45
  • P.S. Have you got error reporting switched on? Have you got mysqli set to throw exceptions when a problem occurs? It's very clear that both your `mysqli_query` and `mysqli_error` function calls are incorrect - please check the manual [here](https://www.php.net/manual/en/mysqli.query.php) and [here](https://www.php.net/manual/en/mysqli.error.php)) for how many parameters those functions require when used in procedural mode, and what the contents of the parameters should be. Your code should be generating errors/warnings because of this (assuming you ever execute those functions). – ADyson Feb 03 '20 at 11:47
  • @GetSet well if there are errors (e.g. incorrect username or something), then they would not want to be doing the redirect anyway, it should be returning the errors to the client in the same script instead. (And if there are actual PHP errors like an exception, those should be logged to a file, not echoed). So I don't think your point really makes much sense. – ADyson Feb 03 '20 at 11:48
  • @ADyson not for you or me, was taking the the OP's learning into consideration as a step towards debugging. – GetSet Feb 03 '20 at 11:49

1 Answers1

2

If you want to redirect in PHP you have to use header function

header('location:user-dashboard.php');
exit(); // thanks ADyson for reminding me to use exit after header
failedCoder
  • 1,346
  • 1
  • 14
  • 38