<!DOCTYPE HTML>
<html>
<body>
<p>Redirecting...</p>
<?php
session_start();
$user=$_POST['uname'];
$_SESSION['username']=$user;
$con=mysql_connect("localhost","root","nano");
mysql_select_db("airline")or die("Db error");


$username=$_POST['uname'];
$password=$_POST['ptxt'];





$query = mysql_query("select * from user where password='$password' AND name='$username'");
if($username=="" && $password=="")header('location:admin.php');
else if($username=="hijran" && $password=="khan")header('refresh:5; user.php');
else header('location:error.php');
?>
</body>
</html>

You shall not send any HTML output before the header function. It won't work. So rearrange your code. Something like:

<?php
if($username=="" && $password=="") {
    header('location:admin.php');
    exit(); // add this for security
} else if($username=="hijran" && $password=="khan") {
    header('refresh:5; user.php');
} else {
    header('location:error.php');
    exit(); // add this for security
}
?>
<!DOCTYPE HTML>
<html>
<body>
<p>Redirecting...</p>
<?php
session_start();
$user=$_POST['uname'];
$_SESSION['username']=$user;
$con=mysql_connect("localhost","root","nano");
mysql_select_db("airline")or die("Db error");
$username=$_POST['uname'];
$password=$_POST['ptxt'];
$query = mysql_query("select * from user where password='$password' AND name='$username'");
</body>
</html>

Please note: the above example is just to show the concept. I am not sure if the functionality is still what you wanted.

when i do like this so it's given me a error of (Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\checksession.php on line 16). :(

<?php
$con = mysql_connect("localhost","root","nano");
$selected = mysql_select_db("airline");


$username=$_POST['uname'];
$password=$_POST['ptxt'];

$username = stripslashes($username);
$password = stripslashes($password);



$query = "select * from user where username='$username' AND password='$password'";
$result = mysql_query($query);
$row = mysql_num_rows($result);

if($row ==1){
    echo "It works!";
}
?>

You should run the above code only when the form was submitted so you have to do a check first:

// suppose your form has a submit button named submit
if(isset($_POST['submit'])) {
    // now you do your usual stuff
    $con = mysql_connect("localhost","root","nano");
    $selected = mysql_select_db("airline");

    // do not forget to sanitize/validate the user input
    $username=$_POST['uname'];
    $password=$_POST['ptxt'];

    // you would normaly do stripslashes only when magic_quotes_gpc is on (i.e. prior to PHP 5.3)
    // I doubt it's needed here
    $username = stripslashes($username);
    $password = stripslashes($password);

    $query = "select * from user where username='$username' AND password='$password'";
    $result = mysql_query($query);
    $row = mysql_num_rows($result);
    if($row ==1){
        echo "It works!";
    }
}

session_start(); shall be before html .use this above the html code.Rest i have not checked will be watching this article

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.