This is done by Javascript and Ajax. I don't have any articles on that yet. So you'll have to search Google. From my experience, it's not hard to learn but you have to remember, it won't work if someone has javascript disabled on their browser- And, you want to make sure to still validate input on the server side (PHP); So you're really double coding for the sake of user-friendly features, but isn't that what it's all about?

Ah, thanks! I was Googling PHP errors on same page I thought it was all PHP but I was wrong, anyway I found bunch of results on AJAX Thanks!

EDIT: Ok, I found some tutorials but its too hard to follow them. Will be appreciate if you could make a tutorial that is simple and easy to understand.

Here is one way to do it with PHP

To display Wrong username/passwo rd message on login page do following:

in in.php replace this line

Code:

Omg. Thanks so much! Hope it works for me. Ill let ya know if it does work.

EDIT: Yes! It worked. Thanks!

it's a bad idea to directly echo something user-entered (like $_GET['err_mes sage']) because it could contain javascript to redirect to a different page or sniff passwords or any number of other things.

always make sure to use htmlspecialchar s() or htmlentities() before echoing anything that could have come from the user.

Hmmm, but user didn't enter anything, there was error when logged in. So
would someone still could do code injection? Even though the error came from a script that will log you in?

for example, someone can post this link:

http://www.your site.com/login. php?err_message =<script> window.location ="http:// www.evilsite.co m/"</s cript>

then it your site would send anyone who clicked the link to evilsite.com, and they might think you meant to have that happen.

also, the Location header is supposed to use a fully qualified URL (starting with http://)

ahh ok. I'll fix those header before I go and buy a hosting. Its in my local machine right now.