Get value of this field into this variable

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="dbname"; // Database name 
$tbl_name="Student"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$salt = '~Z`!@#$%I^&*()_-+Q=}]{[\|"><';
$myusername = mysql_real_escape_string($_POST['regduser']); 
$mypassword = $_POST['regdpass'];
$mypassword = hash('sha512', $mypassword.$salt);

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$studentID = $_POST['stuID'];
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count=1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("regduser");
session_register("regdpass"); 
header("locati开发者_Go百科on:/student.php?stuID=$studentID");
}
else {
echo "$mypassword<br />";
echo "$badpasses<br>";
echo "Wrong Username or Password";
}

ob_end_flush();
?>

Specifically on this line:

header("location:/student.php?stuID=$studentID");

Why isn't $studentID getting any value in the above code? The field name stuID is getting selected in the SELECT statement above it. How do I get this value to be the value of $studentID ?

Thanks. Sorry if its a little newbish, I'm new to php.

Instead of checking the value of $count with ==, you are assigning the value:

// This...
if($count=1){

// Should be...
if($count == 1){

Note also that the header("Location") call, to conform to the HTTP spec, should be a full URL:

header("Location: http://www.example.com/student.php?stuID=$studentID");
// Also, you must call exit() right after to prevent further execution of your script
exit();

Finally, you called mysql_real_escape_string() on regduser, but you must also call it on $myusername and $mypassword.

what you are currently doing is gettin the 'stuID' from $_POST (from user input/http request), just like you are getting the user/pass

you want to fetch the result (that contains the 'stuID') from the SQL

after $result=mysql_query($sql);

change this:

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$studentID = $_POST['stuID'];
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count=1){

to

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$result=mysql_query($sql);
$user = mysql_fetch_array($result);

if($user){   // login success
    $studentID = $user['stuID'];
....

You're never using the result of the database query! In particular, the line

$studentID = $_POST['stuID'];

is not getting the value from the database, but rather from the HTTP POST parameters. You have to use mysql_fetch_assoc or something like that at some point:

$qures = mysql_fetch_assoc($result);
$studentID = $qures["stuID"];

(This is just conceptually. You should do the check for the number of results first and make sure that there is a result.)