PHP - MailHandler.php header location not working from here

Question

I am using TMForm.js to execute bat/MailHandler.php file to validate username and password for a login form. I am using Firefox Firebug to check the request and response for bat/MailHandler.php and that is works fine, it checks the database verifies the username and password but fails to transfer back the control to after login page using location header as shown in the code below. Header location is not working in my bat/MailHandler.php file. I am pasting the code here, please do guide me with the solution.

<?php
     include("../connect.php");

     $userName=$_POST['name'];
     $password=$_POST['state'];
     //$value=$_POST['check'];

     $sql="SELECT * from login where email='".$userName."'";

     $result=mysql_query($sql) or die(mysql_error());
     while ($row=mysql_fetch_array($result)){
         $memID=$row['id'];
         $userNamedb=$row['email'];
         $passworddb=$row['password'];
     }

    if($userName==$userNamedb && $password==$passworddb){
        session_start();
        $_SESSION['id']= $memID;
        $_SESSION['uname']= $userName;
        $_SESSION['upassword']= $password;
        header("location:../afterlogin.php");
    }
    else{
        $flag=1;
        header("location:../memberlogin.php?valid=".$flag);
    }
?>

Answer 1

HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path

http://php.net/manual/en/function.header.php

The link above also has an example how to modify your code.

---

Side notes:

1.

$userName=$_POST['name'];
// ...
$sql="SELECT * from login where email='".$userName."'";

Don't do this. This code is vulnerable to SQL injection attacks. See also:

• How can I prevent SQL injection in PHP?
• https://xkcd.com/327/

2.

Do not use mysql_* functions. Use mysqli_* instead:

It is not recommended to use the old mysql extension for new development, as it has been deprecated as of PHP 5.5.0 and will be removed in the future.

http://php.net/manual/en/mysqlinfo.api.choosing.php