PHP login page redirects to itself and doesn't login

Question

I am trying to make a simple PHP MySQL login page. I keep reading over the code and can't see what I'm doing wrong. I'm testing with an e-mail and password that I've just looked at in the database as a test so I know it exists. When I click submit on the previous form, it just redirects me back to the same page and doesn't log in (I know this because my header changes with the $_SESSION variables when it works; I know this because my registration page works but not the login once you register). Be aware too that upon registration they enter their first and last name which is why I've included it on the $_SESSION variables on session_start. Here's the code (first the form and the then the checklogin.php page):

<!--THIS IS THE FORM FROM THE PAGE SIGN_IN.PHP-->
<form method="post" target="checklogin.php">
   <label for="email">EMAIL/USERNAME:</label>
   <input type="text" name="email" id="email">
   <label for="password">PASSWORD:</label>
   <input type="password" name="password" id="password">
   <br />
   <input type="submit" value="Let's Play!">
</form>

And this is the checklogin.php script that the form posts to:

<?php
$mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
if (!$mysqli)
  {
  die('Could not connect: ' . mysqli_error($mysqli));
  }

// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);

$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);

if(is_object($result) && $result->num_rows == 1){
  // Register variables and redirect to file "profile.php"
  session_start();
  $_SESSION['firstname']=$_POST['firstname'];
  $_SESSION['lastname']=$_POST['lastname'];
  $_SESSION['email']=$_POST['email'];
  $_SESSION['password']=$_POST['password'];
  redirect('profile.php');
} else {
  echo "Wrong Username or Password";
}

?>

I've also tried this with header('location:profile.php') but with the same results.

Answer 1

<form method="post" action="checklogin.php">

The action attribute is for specifying the URL where you form will be posted. While the target attribute is for specifying where the URL should be loaded.

If the action property is missing, it defaults to the current URL, this is why you are navigating to the same page when you submit the form.

Answer 2

Change Your Form As:

    <form method="post" action="checklogin.php">
       <label for="email">EMAIL/USERNAME:</label>
       <input type="text" name="email" id="email">
       <label for="password">PASSWORD:</label>
       <input type="password" name="password" id="password">
       <br />
       <input type="submit" value="Let's Play!">
    </form>

 Checklogin.php as

    <?php
    $mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
    if (!$mysqli)
      {
      die('Could not connect: ' . mysqli_error($mysqli));
      }

    // username and password sent from form
    //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
    $email=$mysqli->real_escape_string($_POST['email']);
    $password=$mysqli->real_escape_string($_POST['password']);

    $sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
    $result = $mysqli->query($sql);

    if(is_object($result) && $result->num_rows == 1){
      // Register variables and redirect to file "profile.php"
      session_start();
      $_SESSION['firstname']=$_POST['firstname'];
      $_SESSION['lastname']=$_POST['lastname'];
      $_SESSION['email']=$_POST['email'];
      $_SESSION['password']=$_POST['password'];
      //redirect('profile.php');
      header('location:profile.php');

} else {
  echo "Wrong Username or Password";
}

?>