0

The question is: How do i insert the variable $conf_url as a part of the link in line 16: header('Location:' $conf_url.'index_back.php');

<?php
session_start();
include("conexao.php");

$email = $_POST['email'];
$senha = $_POST['senha'];

$query1 = mysqli_query($con, "SELECT * FROM usuario WHERE email = '$email' AND senha = '$senha'");
$row = $query1->fetch_row();
$_SESSION["iduser"] = $row[0];
$_SESSION["nome"] = $row[2];
$_SESSION["sobrenome"] = $row[3];
$_SESSION["img"] = $row[8];

if($query1->num_rows == 1){
    header('Location:' $conf_url.'index_back.php');
    //echo "<meta http-equiv='refresh' content='0, url= $conf_url/index_back.php'>";
}else{
    $_SESSION['error'] = 'Email e/ou senha invalido(s).';
    header('Location: '$conf_url'.'/login.php);
    //echo "<meta http-equiv='refresh' content='0, url= $conf_url/login.php'>";
}
?>

config.php
<?php
$conf_url = "http://localhost/production/";
?>
Pedro Rocha
  • 1
  • 1
    Don't wrap it in single quotes. Or any quotes at all. – John Conde Sep 26 '16 at 12:22
  • 1
    You are just MISSING a `.` concatenation mark – RiggsFolly Sep 26 '16 at 12:25
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Sep 26 '16 at 12:25
  • I've tried, but it didn't work. – Pedro Rocha Sep 26 '16 at 12:26
  • @PedroRocha You are missing the dot for both headers in your script. Aswell you have $conf_url with a trailing slash and without. – Xatenev Sep 26 '16 at 12:26
  • @JayBlanchard You got that link in some editor to copy it under every post? – Xatenev Sep 26 '16 at 12:27
  • I have a macro for several @Xatenev – Jay Blanchard Sep 26 '16 at 12:27
  • Problem solved, thank you, guys. – Pedro Rocha Sep 26 '16 at 12:30

2 Answers2

0

You can do it like so

header("Location: " .$conf_url. "/login.php");
Marcin
  • 1,488
  • 1
  • 13
  • 27
  • 3
    Why change a perfectly adequate `'` single quotes to a double quotes and then use dot concatenation when a simple variable expansion would have worked in double quotes – RiggsFolly Sep 26 '16 at 12:26
0

You have simply missed the '.' concatenation mark in both of your header() functions, and also messed up the string literals.

if($query1->num_rows == 1){
    header('Location:' . $conf_url . '/index_back.php');

}else{
    $_SESSION['error'] = 'Email e/ou senha invalido(s).';
    header('Location: ' . $conf_url . '/login.php');

}

Or using variable expansion in double quotes.

if($query1->num_rows == 1){
    header("Location: $conf_url/index_back.php");

}else{
    $_SESSION['error'] = 'Email e/ou senha invalido(s).';
    header("Location: $conf_url/login.php");

}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149