0

Here's my code:

<?php
include("conf.php"); 
if(isset($_POST['firstName']) && !empty($_POST['firstName'])) {
    $addQuery = "INSERT INTO members VALUES ('','".$_POST['firstName']."','".$_POST['lastName']."','".$_POST['loyalty']."','".$_POST['citizenType']."','".$_POST['grade']."','".$_POST['status']."')";
    mysqli_query($conn,$addQuery);
    header("Location: index.php"); 
    exit();
} else {
?>

<div class="container">
.
.
.
<?php } ?>

I cannot figure out why it doesn't redirect...

katsele
  • 65
  • 10
  • Doest it gives any errors? Is the location correct? Are the post variables set ? – Tushar Gupta Apr 14 '17 at 23:15
  • No errors, just a blank screen. The redirection seems to be correct, I use it on another page... The `$_POST` are variable, yes – katsele Apr 14 '17 at 23:16
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 14 '17 at 23:25
  • When you ask a question about an error, **ALWAYS** post the error log. To enable error reporting to your php code, append `error_reporting(E_ALL); ini_set('display_errors', '1');` at the top of your script, what does it return ? – Pedro Lobito Apr 15 '17 at 01:20

1 Answers1

1

Based only on the code in your question, there's something wrong in the conf.php include file. It probably has a carriage return or other output that is preventing the header from operating since there is already output.

shawn
  • 383
  • 2
  • 8