Please help, can't seem to see where problem lies. I have placed session_start() at start of script, yet problem recurs. Will appreaciate suggestions.

<?php 
session_name ('YourVisitID');
ini_set('session.use_cookies', 0); // Don't use cookies. 
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php # Script 16.0 - login.php
// Send NOTHING to the Web browser prior to the session_start() line!
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once ('./connect/mysql_connect.php'); //Connect to the db.
// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string(trim($data), $dbc);
} // End of function.
$errors = array(); // Initialize error array.
// Check for email.
if (empty($_POST['User_ID'])) {
$errors[] = 'You forgot to enter your user ID.';
} else {
$ui = ($_POST['User_ID']);
}
// Check for Password.
if (empty($_POST['Password'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$pa = escape_data($_POST['Password']);
}
 
if (empty($errors)) { // If everything's OK.
 
// Retrieve the User_ID and First_Name for email and password combination. 
$query = "SELECT User_ID, First_Name FROM Users WHERE User_ID=('$ui')";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
 
if ($row) { // A record was pulled from the database.
 
// Set the session data & redirect.
$_SESSION['User_ID'] = $row[0];
$_SESSION['First_Name'] = $row[1];
 
// Redirect the user to the loggedin.php page.
// Start defining the URL.
 
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
 
// Add the page.
$url .= '/loggedin.php?' . SID; // Add the session name and ID.
 
if (!headers_sent()) {
header("Location: $url");
exit(); // Quit the script.
} else {
echo 'Wanted to redirect you but was not able to.';
}
 
} else { // No record matched the query.
$errors[] = 'The email address and password entered do not match those on file.';
// Public message.
$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
}
} // End of if (empty($errors)) IF.
 
mysql_close(); // Close the databsae connection.
 
} else { // Form has not been submitted.
 
$errors = NULL;
 
} // End of the main submit conditional.
 
// Begin the page now.
$page_title = 'Login'; 
 
if (!empty($errors)) { // Print any error messages.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occured:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
 
// Create the form.
?>
<h2>Login</h2>
<form action="login.php" method="post">
<p>User ID: <input type="text" name="User_ID" size="7" maxlength="7" /> </p>
<p>Password: <input type="password" name="Password" size="12" maxlength="12" /> </p>
<p><input type="submit" name="submit" value="Login" /> </p>
<input type="hidden" name="submitted" value="TRUE" /> 
</form>
 
 
</body>
</html>

Several header misplace were found in your script:
1. session_start() should go before defining your session_name.
2. Setting a value to session at mid of the script, after header was sent. You should have set your session at the beginning of the page (before any HTML output).
3. You have header("Location: $url"); which will earn you another error message -- header already sent...

This article has been dead for over six months. Start a new discussion instead.