I am looking for some kind of bug in my code which is causing this PHP page to not redirect. I’m looking to see if someone might know the cause of this problem (it may have something to do with the cookies).

inc_vars.php:

<?php
//some of the variables have been omitted.
$pid = 'gbb';
$dbtable ='';
$dbname = '';
$dbuser = '';
$dbpass = '';

$connect = mysql_connect('localhost', $dbuser, $dbpass);

if(!$connect){
    header('Location: omitted');
    die();
}

mysql_select_db ($dbname, $connect);

$webroot = 'omitted';

$share_page = $webroot . '/share-the-training';

$gift = $webroot . '/free-video?setuser=1199';

$bonus_content = $webroot . '/awesome-bonus';

$share_php = $webroot . '/share.php';

?>

refresh_id.php:

<?php

include_once('inc_vars.php');

$results = mysql_query("SELECT id FROM " . $dbtable . " WHERE email='" . $_GET['email'] . "'");


if(!$results || mysql_num_rows($results)==0){
    header('Location: ' . $share_page . '?errorcode=1');
    die();
}

$res_arr = mysql_fetch_assoc ($results);

setcookie($pid . "_viral", (string)$res_arr['id'], time() + 3600 * 365);

move_on();

function move_on(){
    header ('Location: ' . $share_php);
    die();
}

?>

When the person visits refresh_id.php?email=their_email they should redirect to the $share_php page. This is not working.

However, if this scenario happens: refresh_id.php?email=an-email-that-is-not-in-database then the script redirects to $share_page absolutely fine.

I have tried this with and without the gbb_viral cookie in place. I’m not sure why this isn’t working. All pages are live and on the internet right now in case you want to look for yourself.

omitted

An email that exists in the database is as follows: acctrafficcop@gmail.com (for those that want to test this)

UPDATE

Stupid mistake with scopes. I simply added global $share_php in the move_on() function and everything is working fine now. Thank you everyone for the heads up on SQL injection, I am switching over to prepared statements right now.