MySQLi / PHP: Not redirecting to error page?

Question

So what I'm trying to do here is have my users login in. This is the script I am using to do that.

I have just used an converter found here: https://wikis.oracle.com/display/mysql/Converting+to+MySQLi to convert my Mysql to mysqli because I am a beginner and had no idea how to do that.

Now when the users puts in an correct password and username. It goed exactly how I want it and the user gets redirected to 'dashboard.php' However, when user enters incorrect data, the users ends up on a black 'login.php' (which is the code I am showing here) instead of 'loginerror.php' which is what I want.

I hope some people here can help me out because I am pretty lost.

PS: Yes I know the passwords are in plain text right now but don't worry about that because I will fix that later.

<?php

  session_start(); 

  if(!$_SERVER['REQUEST_METHOD'] == 'POST') { 
      echo "Please leave.<br /><br />"; 
      echo "<a href='index'>Click to go back</a>"; 
      exit();     
  } 


  if(($GLOBALS["___mysqli_ston"] = mysqli_connect('localhost',  'root',  ''))) { 
      if(((bool)mysqli_query($GLOBALS["___mysqli_ston"], "USE users"))) {  
          $username = $_POST['username']; 
          $password = $_POST['password']; 

          $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'"; 
          $zoekresultaat = mysqli_query($GLOBALS["___mysqli_ston"], $query); 

          if($zoekresultaat = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) > 0) { 
              $record = mysqli_fetch_assoc($zoekresultaat);  

              $zoekresultaat = mysqli_query($GLOBALS["___mysqli_ston"], $query); 

              if($zoekresultaat = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) > 0) { 
                  $record = mysqli_fetch_assoc($zoekresultaat); 

                  $_SESSION['login'] = true; 
                  $_SESSION['username'] = $record['username']; 

                  header('location: dashboard.php'); 
              } else { 
                  header('location: loginerror.php'); 
              } 

              exit(); 
          } else { 
              echo "<br /><br />Could not find Database"; 
          } 
      } else { 
          echo "<br /><br />Could not connect to Database"; 
      } 
  } 
?> 

Answer 1

You cannot redirect using the header method after anything has been outputted. In this case, you use Echo before your header redirection, so it will not work.

See this thread for reference : How to fix "Headers already sent" error in PHP

What you should do define redirection before outputting anything in your application, if it seems difficult, your application might need to be restructured.

Here are some alternatives if you don't want to do that, but they are bad practice :

HTML

<meta http-equiv="Location" content="http://example.com/">

Javascript

<script> location.replace("target.html"); </script>

Also as usual, defend yourself against MySQL injections : How can I prevent SQL injection in PHP? .