-2
<?php   session_start();
    include_once("include/Connection.php");

    $userid=$_POST['userid'];
    $password=$_POST['password'];

    $loginSql = "SELECT * FROM admin2 WHERE  admin_name='$userid' and admin_psw='$password'";
    $loginQuery=mysql_query($loginSql);
    $num_row = mysql_num_rows($loginQuery);
    $login = mysql_fetch_array($loginQuery);

    $user = $login['admin_name'];
    $password = $login['admin_psw'];

    echo $user;
    echo    $password;

    if($num_row >0) 
    {
        if($user == $userid) 
        {
            $_SESSION['id_gosi'] = $login['id'];
            $_SESSION['userid_gosi'] = $login['admin_name'];
            header("Location: CustomerMaster.php");
            }
      else{
            header("Location: index.php?msg=2");
            exit();}}   
  else{
      header("Location: index.php?msg=1");
    }?>

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\php_mahavirbhadra\Admin\validate_login.php:17) in C:\wamp\www\php_mahavirbhadra\Admin\validate_login.php on line 26

Warning: Unknown: 1 result set(s) not freed. Use mysql_free_result to free result sets which were requested using mysql_query() in Unknown on line 0

when i write above code for admin login in php than connection successfully done but give me above error what can i do for this error ...Please give me solution....

Charles
  • 50,943
  • 13
  • 104
  • 142
parul_bhura
  • 21
  • 2
  • 6
  • 6
    This is a duplicate of one of the few hundred similar posts, which you can view under the "Related" list to the right. You have output prior to the opening PHP tag, either whitespace, HTML output, or maybe a Unicode BOM. Oh, and you also have [massive SQL injection vulnerabilities](http://en.wikipedia.org/wiki/SQL_injection). – Charles Apr 28 '11 at 07:17
  • Why don't you `exit` after `header("Location: CustomerMaster.php")` and `header("Location: index.php?msg=1")`? – binaryLV Apr 28 '11 at 07:34

1 Answers1

2

print/echo before HEADER is WRONG !!!

/* echo $user;
   echo $password;*/

if($num_row >0) 
{
 if($user == $userid) 
 {
  .... 
  header("Location: CustomerMaster.php");
 }
 else
 {
  header("Location: index.php?msg=2");
  exit();
 }
}   
else
   header("Location: index.php?msg=1");
?>

never echo ANYTHING before HEADER, so remove those ECHO $USER, $PASSWORD

Tip 1-> Use mysqli instead of mysql
Tip 2-> Use prepared statement
Tip 3-> Use mysql_real_escape_string()

Sourav
  • 17,065
  • 35
  • 101
  • 159
  • Tip 1-> Use mysqli *or PDO* ;) About tip 3 - it would be wrong to use `mysql_real_escape_string()`, when using anything other than mysql functions (`mysql_query()` and others). – binaryLV Apr 28 '11 at 07:33