0

I wrote this code and worked perfectly on my localhost but after uploading it I get an error below is the code :

<?php
require ('config.php');
$dblink = new PDO("mysql:host=$host;dbname=$db",$user,$pass);
session_start();
    $user = $_POST["user"];
    $pass = md5($_POST["pass"]);
    $mysql_login = "SELECT * FROM admins WHERE username='$user' AND password='$pass'";
    $query_login = $dblink->query($mysql_login) or die("failed!");
    $total = $query_login->rowCount();
    if($total==1){
    $_SESSION["loggedIn"] = true;
    header("Location:admin.php");
    }else{
    header("Location:admin.php");
    }
?>

And Here is the error

Warning: Cannot modify header information - headers already sent by (output started at /home/voiceiq/public_html/config.php:8) in /home/voiceiq/public_html/login.php on line 12

And as I told you in my localhost "Xampp Server" it's working perfectly but after uploading the warning stills show.

Please any help??

Nova Design
  • 108
  • 2
  • 12
  • Why do you go through the trouble of using PDO but fail to actually use parameterized queries? What you have is terribly insecure. You **will be hacked** if you haven't been already. – Brad Feb 19 '13 at 20:49
  • 2
    What is in your `config.php`'s line 8? – complex857 Feb 19 '13 at 20:49
  • Unrelated to question: please don't use MD5 for password hashing and either escape your input before running it through a query or use parameterized queries/statements. – Lusitanian Feb 19 '13 at 20:59

3 Answers3

1

Remove ?> from the bottom of config.php. You don't need it and a space after it is probably causing your problem.

seanbreeden
  • 6,104
  • 5
  • 36
  • 45
0

Just make sure you file does not contain any whitespaces and script does not echo anything. Before using header(); The same about require ('config.php');

Also, try encoding your file into UTF-8 without BOM.

sybear
  • 7,837
  • 1
  • 22
  • 38
0

Something is send, "echoed" or "displayed" before the redirect happens.

Read the "description" block on this page, the greyish block inside.

http://www.php.net/manual/en/function.header.php

Figure out what it is, resolve it and you won't get that warning anymore.

floriank
  • 25,546
  • 9
  • 42
  • 66