--- Arnout Boks <[EMAIL PROTECTED]> wrote:
> header('Location: ' . urlencode('loginForm.php?error=Incorrect
> password'));The Location header requires an absolute URL. Also, this is the header you are sending: Location: loginForm.php%3Ferror%3DIncorrect+password I doubt that's the URL you meant. URL encode the value of URL variables, not the entire URL. Lastly, I hope you're not blindly displaying $_GET['error'] on your loginForm.php page, otherwise you have a cross-site scripting vulnerability. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
