Hi,
I'm building a login page that redirects the user to the login form when an incorrect password is entered. An error message is passed as an URL parameter. Something like:
if(!$pwd == $correctPwd){ header('Location: ' . urlencode('loginForm.php?error=Incorrect password')); exit; }
Don't urlencode the whole url, only the string:
header('Location: loginForm.php?error=' . urlencode('Incorrect password'));You should also use full url:
header('Location: http://server.net/loginForm.php?error=' . urlencode('Incorrect password'));
When you output the string on the login page, use htmlspecialchars to be safe of XSS attacks.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
