0

I am writing an inventory Management system. I am mostly complete with it. It is pretty basic, but does the job.

So now I am working on the look of it. I placed a Searchbox/Query inside a div at the top of the page. The Search works. But it only displays the result on the page that is listed.

What I want to do is have the Search redirect to this page when the button is Submitted, but It is not working. So I am wondering where to put the header("Location: loggedin.php");

I have gotten this to work in different parts of the Site, but for some reason it is not working here.

<?php

session_start();

if( isset( $_POST['Search'] ) ) {

// build a function to validate data
function validateFormData( $formData ) {
    $formData = trim( stripslashes( htmlspecialchars( $formData ) ) );
    return $formData;
}

$formEmail = validateFormData( $_POST['email'] );

include('connection.php');



$query = "SELECT first_name, last_name, email, card_number, pc_type 
FROM 
profiles WHERE email ='$formEmail'";
$result = mysqli_query( $conn, $query );


if( $formEmail == $email )  {


        session_start();


        $_SESSION['email'] = $email;

        header("Location: profilepage2.php");

    }
}
 mysqli_close($conn);

?>

I do not think the HTML should matter in this case, but if I am wrong I will post it in an edit.

Bill
  • 13
  • 7
  • 1
    Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 28 '17 at 18:52
  • Thank you for the heads up. I am going to fix that right now. – Bill Apr 28 '17 at 18:58

2 Answers2

1

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

Rumen Panchev
  • 468
  • 11
  • 26
1

You can put your header("Location: your-url") anywhere in your script but it should be placed before you send any output as defined in the manual here http://php.net/manual/en/function.header.php.

You need to add exit; immediately after the header which is very important, Otherwise the script execution will not be terminated.

you must use like,

header(“Location: loggedin.php”);
exit;

If redirect is not working then try to add ob_start at the first line of your script just next to the open PHP tag like below,

<?php ob_start();
manian
  • 1,418
  • 2
  • 16
  • 32