-2
<?php
include "connect.php";
$nama = $_POST['nama'];
$password = $_POST['password'];
$message = "Your data is not in our database! check for mistake";

$sql = "select * from tbuser where nama = '$nama' and pass = '$password'";
$query = mysqli_query($con,$sql) or die("error $sql");
$num = mysqli_num_rows($query);
$result = mysqli_fetch_array($query);

if($num==1){
    header("location: home.php");
}
else{
    echo "<script type='text/javascript'>alert('$message');</script>";
}   

?>

so after the message is sent, I want it to come back to the index.php. I tried to use header("location:index.php") but it didn't work.

Vincent Xaviera
  • 5
  • 4
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Jul 31 '21 at 10:21
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Jul 31 '21 at 10:21
  • If my answer solved your problem, can you mark it as accepted with that tick mark you see besides my answer? – nice_dev Jul 31 '21 at 12:46
  • 1
    @nice_dev sorry for the late respond I have accepted it – Vincent Xaviera Aug 01 '21 at 08:18
  • @VincentXaviera I am glad I could be of help. – nice_dev Aug 01 '21 at 08:35

1 Answers1

0

If you just want to redirect to index page after the alert, you could just do,

echo "<script type='text/javascript'>alert('$message');window.location.href='/index.php';</script>";
nice_dev
  • 17,053
  • 2
  • 21
  • 35