I can login to production just fine with my code.  But when I switch the wsdl to the sandbox one (the only change I make to my code), I get the following:

INVALID_LOGIN: Invalid username, password, security token; or user locked out.
Fatal error: SoapClient::__setSoapHeaders() [<a href='soapclient.--setsoapheaders'>soapclient.--setsoapheaders</a>]: Invalid SOAP header in C:\xampp\htdocs\SFApp\Includes\soapclient\SforceBaseClient.php on line 273

I do have the ini_set("soap.wsdl_cache_enabled", "0" ) ; line in my code.

What's going on?  Do I need to get a new security token for the sandbox?

I can login to production just fine with my code.  But when I switch the wsdl to the sandbox one (the only change I make to my code), I get the following:

INVALID_LOGIN: Invalid username, password, security token; or user locked out.
Fatal error: SoapClient::__setSoapHeaders() [<a href='soapclient.--setsoapheaders'>soapclient.--setsoapheaders</a>]: Invalid SOAP header in C:\xampp\htdocs\SFApp\Includes\soapclient\SforceBaseClient.php on line 273

I do have the ini_set("soap.wsdl_cache_enabled", "0" ) ; line in my code.

What's going on?  Do I need to get a new security token for the sandbox?