<?php
if(isset($_REQUEST['submitBtn'])){
include '_inc/dbconn.php';

$code1=$_REQUEST['code1'];

$sql="SELECT code1 FROM code WHERE code1='$code1'";
$result=mysql_query($sql) or die(mysql_error());
$rws=  mysql_fetch_array($result);

if($rws[0]==$code1 ){
 header('location:customer_transfer_process1.php');     }  
   else
        header('location:test.php');
        }

?>

你的代码有一些错误。在数据库事务中使用用户输入时，还应始终清除用户输入。

<form method='POST'>
    <table align="center">

        <tr><td>Transaction Access Code:</td></tr>
        <tr><td><input type="password" name="code1"></td></tr>
        <tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
    </table>
</form>

<?php

if(isset($_POST['code1'])){ 
    include '_inc/dbconn.php';

    $code1 = htmlspecialchars($_POST['code1']); // sanitize user input

    $sql="SELECT code1 FROM code WHERE code1='{$code1}'";

    $result = mysql_query($sql) or die(mysql_error());
    $rws = mysql_fetch_array($result);

    if($rws[0]==$code1 ){ //success, transfer
        header("customer_transfer_process.php");
    } else { //fail, send them somewhere else
        header("customer_transfer_process1.php");
    }
}
?>

首先，不要使用 mysql_* 函数，它们在>=php7中被删除。假设您切换库（我将演示如何使用pdo），您不应该将用户提交的数据附加到查询中，而是应该绑定参数/值。最后，您可能应该使用一个会话让您的应用程序知道此用户已经提供了启动所需的信息。
/_inc/dbconn.php文件

<?php

# Create connection. See documentation for more info on PDO

$con = new PDO("mysql:host=localhost;dbname=whatever",'root','');

/不管这个叫什么

<?php

# NOTE: this php block should be placed at the top of the page, first thing

# Use session

session_start();

# Add this anyway

include('_inc/dbconn.php');

# Get action check

include(__DIR__.'/_inc/functions/getAction.php');

# Match form action

$action = getAction();
if($action == 'set_trans_code'){
    # Set default redirect
    $redirect = "customer_transfer_process1.php";
    # Prepare and execute
    $query = $con->prepare("SELECT code1 FROM code WHERE code1 = ?");
    $query->execute(array($_REQUEST['code1']));
    $result = $query->fetch(PDO::FETCH_ASSOC);
    # Check the key you called from db
    if($result['code1'] == $_REQUEST['code1']){
        # Assign code here, then check on the next page
        # Saves user from having to resubmit if user goes off page
        $_SESSION['transcode'] == $_REQUEST['code1'];
        # Overwrite default
        $redirect = "customer_transfer_process.php";
    }

    header($redirect);
    exit;
}
?>

<form action='' method='POST'>
    <!-- I like to set action names to differentiate tasks -->
    <input type="hidden" name="action" value="set_trans_code" />
    <table align="center">
        <tr><td>Transaction Access Code:</td></tr>
        <tr><td><input type="password" name="code1"></td></tr>
        <tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
    </table>
</form>

/_inc/functions/getaction.php文件
我真的只会创造这样的东西，如果你用了很多形式的行动一遍又一遍。

<?php
function getAction($type='POST')
{
    $REQ = '_'.strtoupper($type);
    return (!empty(${$REQ}['action']))? ${$REQ}['action'] : false;
}