<form action='' method='POST'>
<table align="center">
<tr><td>Transaction Access Code:</td></tr>
<tr><td><input type="password" name="code1"></td></tr>
<tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
</table>
</form>
<?php
if(isset($_REQUEST['submitBtn'])){
include '_inc/dbconn.php';
$code1=$_REQUEST['code1'];
$sql="SELECT code1 FROM code WHERE code1='$code1'";
$result=mysql_query($sql) or die(mysql_error());
$rws= mysql_fetch_array($result);
if($rws[0]==$code1 ){
header("customer_transfer_process.php");}
else
header("customer_transfer_process1.php");}
?>
Your code had some errors. You also should always scrub user input when using it in a database transaction.
<form method='POST'>
<table align="center">
<tr><td>Transaction Access Code:</td></tr>
<tr><td><input type="password" name="code1"></td></tr>
<tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
</table>
</form>
<?php
if(isset($_POST['code1'])){
include '_inc/dbconn.php';
$code1 = htmlspecialchars($_POST['code1']); // sanitize user input
$sql="SELECT code1 FROM code WHERE code1='{$code1}'";
$result = mysql_query($sql) or die(mysql_error());
$rws = mysql_fetch_array($result);
if($rws[0]==$code1 ){ //success, transfer
header("customer_transfer_process.php");
} else { //fail, send them somewhere else
header("customer_transfer_process1.php");
}
}
?>
<?php
if(isset($_REQUEST['submitBtn'])){
include '_inc/dbconn.php';
$code1=$_REQUEST['code1'];
$sql="SELECT code1 FROM code WHERE code1='$code1'";
$result=mysql_query($sql) or die(mysql_error());
$rws= mysql_fetch_array($result);
if($rws[0]==$code1 ){
header('location:customer_transfer_process1.php'); }
else
header('location:test.php');
}
?>
First of all, don't use mysql_* functions anymore, they are removed in >= PHP7. Assuming you switch libraries (I will demonstrate using PDO), you should not append user-submitted data into the query, instead you should bind parameters/values. Last, you should probably employ a session to let your app know this user has already supplied the information required to start.
/_inc/dbconn.php
<?php
# Create connection. See documentation for more info on PDO
$con = new PDO("mysql:host=localhost;dbname=whatever",'root','');
/whatever_this_is_called.php
<?php
# NOTE: this php block should be placed at the top of the page, first thing
# Use session
session_start();
# Add this anyway
include('_inc/dbconn.php');
# Get action check
include(__DIR__.'/_inc/functions/getAction.php');
# Match form action
$action = getAction();
if($action == 'set_trans_code'){
# Set default redirect
$redirect = "customer_transfer_process1.php";
# Prepare and execute
$query = $con->prepare("SELECT code1 FROM code WHERE code1 = ?");
$query->execute(array($_REQUEST['code1']));
$result = $query->fetch(PDO::FETCH_ASSOC);
# Check the key you called from db
if($result['code1'] == $_REQUEST['code1']){
# Assign code here, then check on the next page
# Saves user from having to resubmit if user goes off page
$_SESSION['transcode'] == $_REQUEST['code1'];
# Overwrite default
$redirect = "customer_transfer_process.php";
}
header($redirect);
exit;
}
?>
<form action='' method='POST'>
<!-- I like to set action names to differentiate tasks -->
<input type="hidden" name="action" value="set_trans_code" />
<table align="center">
<tr><td>Transaction Access Code:</td></tr>
<tr><td><input type="password" name="code1"></td></tr>
<tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
</table>
</form>
/_inc/functions/getAction.php
I would really only create something like this if you use a lot of form actions over and over.
<?php
function getAction($type='POST')
{
$REQ = '_'.strtoupper($type);
return (!empty(${$REQ}['action']))? ${$REQ}['action'] : false;
}