Code:

<!DOCTYPE html 
    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
    <link rel="stylesheet" rev="stylesheet" href="style.css" media="all" />
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1250" />
    <title>Logovanje korisnika</title>

<script type="text/Javascript">
function xmlhttpPost(strURL)
{
    var xmlHttpReq = false;
    var self = this;
    // Mozilla/Safari
    if (window.XMLHttpRequest) {
        self.xmlHttpReq = new XMLHttpRequest();
    }
    // IE
    else if (window.ActiveXObject) {
        self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
    }
    self.xmlHttpReq.open('POST', strURL, true);
    self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    self.xmlHttpReq.onreadystatechange = function() {
        if (self.xmlHttpReq.readyState == 4) {
            updatepage(self.xmlHttpReq.responseText);
        }
    }
    self.xmlHttpReq.send(getquerystring());
}

function getquerystring()
{
    var form     = document.forms['frmLogin'];
    var korisnickoime = form.korisnickoime.value;
    var lozinka = form.lozinka.value;
    qstr = 'korisnickoime=' + escape(korisnickoime) + "&" + 'lozinka=' + escape(lozinka);
    return qstr;
}

function updatepage(str)
{
    
    if(str == "administrator")
    {
        window.location = "admin/home.php";
    }
    
    else if(str == "korisnik")
    {
        window.location = "members/home.php";
    }
    else
    document.getElementById("result").innerHTML = str;
}
</script>

</head>

<body>
    <div id="container_centered">
    <h2>Logovanje korisnika</h2>
    <form id="frmLogin" action="">
        <table class="login">
            <tr>
                <td>Korisnièko ime: </td>
                <td><input type="text" name="korisnickoime" /></td>
            </tr>
            <tr>
                <td>Lozinka: </td>
                <td><input type="password" name="lozinka" /></td>
            </tr>
        </table>
        <p><input type="button" value="Pošalji" onclick='xmlhttpPost("login.php")' /> <input type="reset" value="Poništi" /></p>
        <div id="result"></div>
    </form>
    
    <p><a href="http://validator.w3.org/check?uri=referer">
    <img src="http://www.w3.org/Icons/valid-xhtml10-blue"
        alt="Valid XHTML 1.0 Strict" height="31" width="88" />
    </a></p>
    </div>
</body>
</html>

Code:

Line 40, Column 55: character "&" is the first character of a delimiter but occurred as data.


qstr = 'korisnickoime=' + escape(korisnickoime) + "&" + 'lozinka=' + escape(lozinka);