This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 6 years ago.
Parse error: syntax error, unexpected T_VARIABLE in Z:\home\ser.ser\www\sign_up.php on line 19
Also I have error with $q = mysql_query("SELECT * FROM users WHERE (login="$login")");
Help, please.
<?php
include 'mysql_connect.php';
$login = $_POST['login'];
$password = $_POST['password'];
$b_arr['b_dd'] = $_POST['B_DD'];
$b_arr['b_mm'] = $_POST['B_MM'];
$b_arr['b_yy'] = $_POST['B_YY'];
$b_date = $b_arr['b_yy'].$$b_arr['b_mm'].$b_arr['b_dd'];
if (!isUserExist($login)) {
reg($login, $password, $b_date);
} else {
echo 'This user is exist !';
}
function reg($login, $password, $b_date) {
// NEXT LINE ERROR
$query = mysql_query("INSERT INTO users VALUES ("$login", "$password", "$b_date")");
// END ERROR
}
function isUserExist($login) {
$q = mysql_query("SELECT * FROM users WHERE (login="$login")");
$result = mysql_fetch_array($q);
if ($result) {
return true;
}
}
?>
Warning: this code is dangerous. Please read about SQL Injection and why your code is extremely problematic. In short, anything that's put into the database must be sanitized.
Now, more to your question:
You aren't handling strings correctly. If you wish to use this dangerous method of querying, you need to concatenate your values into a string. To add variables to a string you use the . operator. So, to fix this line you would need to use something like:
$qry_str = "INSERT INTO users VALUES ('" . $login . "', '" . $password . "', '" . $b_date . "')";
$query = mysql_query($qry_str);
Note: I broke it into two lines for better readability and your isUserExist() function has the same issue.
You have errors in concatenations.
Please look at here: https://www.diffnow.com/?report=jgv1m
<?php
include 'mysql_connect.php';
$login = $_POST['login'];
$password = $_POST['password'];
$b_arr['b_dd'] = $_POST['B_DD'];
$b_arr['b_mm'] = $_POST['B_MM'];
$b_arr['b_yy'] = $_POST['B_YY'];
$b_date = $b_arr['b_yy'].$$b_arr['b_mm'].$b_arr['b_dd'];
if (!isUserExist($login)) {
reg($login, $password, $b_date);
} else {
echo 'This user is exist !';
}
function reg($login, $password, $b_date) {
// NEXT LINE ERROR
$query = mysql_query("INSERT INTO users VALUES ('".$login."', '".$password."', '".$b_date."')");
// END ERROR
}
function isUserExist($login) {
$q = mysql_query("SELECT * FROM users WHERE (login='".$login."')");
$result = mysql_fetch_array($q);
if ($result) {
return true;
}
}
?>
Related
This question already has answers here:
Parse error: Syntax error, unexpected end of file in my PHP code
(19 answers)
Closed 3 years ago.
I am getting the Parse error: syntax error, unexpected end of file regardless of what I change/add to my code, the error constantly tells me that there is something wrong with my last line.
My PHP file should be saving form input to the database but this error seems to be getting in the way and I cannot figure out what is causing it.
PHP Code
<?php
function so56917978_upload_callback() {
//Register variables
$adddate = $_POST['adddate'];
$addcontact = $_POST['addcontact'];
$adda = $_POST['adda'];
$addb = $_POST['addb'];
$addincome = $_POST['addincome'];
$addpayment = $_POST['adddate'];
$addsubbie = $_POST['addsubbie'];
$addcust = $POST['addcust'];
//connect with Database
$host_name = 'zzz.hosting-data.io';
$database = 'zzz';
$user_name = 'zysql_connect($host_name, $user_name, $password);
if(!$connect) {
die('Not Connected To Server');
}
//Connection to database
if(!mysql_select_db($connect, $database)) {
echo 'Database Not Selected';
}
$query = mysql_query($connect,"SELECT * FROM table WHERE adddate = '$adddate' OR addcontact = '$addcontact' OR adda= '$adda' OR addb = '$addb' OR addincome = '$addincome' OR addpayment = '$addpayment' OR addsubbie = '$addsubbie' OR addcust = '$addcust'");
$sql = "INSERT INTO table (adddate, addcontact, adda, addb, addincome, addpayment, addsubbie, addcust) VALUES ('$adddate', '$addcontact', '$adda', '$addb', '$addincome', '$addpayment', '$addsubbie', '$addcust')";
if (!mysql_query($connect,$sql)) {
die('Error: ' . mysql_error($connect));
}
echo "1 record added";
mysql_close($connect);
<?php
function so56917978_upload_callback() {
//Register variables
$adddate = $_POST['adddate'];
$addcontact = $_POST['addcontact'];
$adda = $_POST['adda'];
$addb = $_POST['addb'];
$addincome = $_POST['addincome'];
$addpayment = $_POST['adddate'];
$addsubbie = $_POST['addsubbie'];
$addcust = $POST['addcust'];
//connect with Database
$host_name = 'zzz.hosting-data.io';
$database = 'zzz';
$user_name = 'zysql_connect($host_name, $user_name, $password);
if(!$connect) {
die('Not Connected To Server');
}
//Connection to database
if(!mysql_select_db($connect, $database)) {
echo 'Database Not Selected';
}
$query = mysql_query($connect,"SELECT * FROM table WHERE adddate = '$adddate' OR addcontact = '$addcontact' OR adda= '$adda' OR addb = '$addb' OR addincome = '$addincome' OR addpayment = '$addpayment' OR addsubbie = '$addsubbie' OR addcust = '$addcust'");
$sql = "INSERT INTO table (adddate, addcontact, adda, addb, addincome, addpayment, addsubbie, addcust) VALUES ('$adddate', '$addcontact', '$adda', '$addb', '$addincome', '$addpayment', '$addsubbie', '$addcust')";
if (!mysql_query($connect,$sql)) {
die('Error: ' . mysql_error($connect));
}
echo "1 record added";
mysql_close($connect);
}
You forgot the closing }
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I'm making a login script which fetches data from two tables. I understand that this error occurs when the statement returns FALSE AKA a boolean, but why is it returning false???
I made a function which works up to a point
function loginall($username, $password)
{
$db_host="localhost";
$db_username="root";
$db_password="";
$db_name="name";
$con=mysqli_connect($db_host, $db_username,$db_password, $db_name);
$mysqli = new mysqli("$db_host","$db_username","$db_password", "$db_name");
$qry = "SELECT username, password, level, active FROM businesses WHERE username=? AND password=?
UNION SELECT username, password, level, active FROM employees WHERE username=? AND password=?";
$stmt = $mysqli->prepare($qry);
$stmt->bind_param("ssss", $u,$p,$uu,$pp);
$u = $username;
$p = $password;
$uu = $username;
$pp = $password;
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array(MYSQLI_ASSOC))
{
return $row;
}
}
it works great until I try fetching more columns from the tables, or even trying to SELECT * from the tables. I read through other similar questions and found codes to get the error to appear, but no luck. Thank you!
Your function will end/return as soon as it hits the first return statement in the loop (first iteration).
You will need to build the complete array and then return it once.
This ought to do it:
if(!($stmt=$mysqli->prepare($qry))){
return ["Prepare failed: ".mysqli_error($mysqli)]; // what does this say?
}elseif(!$stmt->bind_param("ssss",$u,$p,$uu,$pp)){
return ["Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error];
}else{
$u = $username;
$p = $password;
$uu = $username;
$pp = $password;
if (!$stmt->execute()){
return ["Execute failed: (" . $stmt->errno . ") " . $stmt->error];
}else{
$result = $stmt->get_result();
while($row = $result->fetch_array(MYSQLI_ASSOC)){
$rows[]=$row;
}
return $rows;
}
}
Try backticking all of your column names. LEVEL is a MySQL KEYWORD.
Try this maybe bind_result() not get_result():
You might be wondering, why even use bind_result()?
This is strictly due to preference, as the syntax is considered to be more readable.
However, it should be noted that bind_result() may not be used with the * wildcard selector. It must contain explicit values
Here in this code using bind_result(), the values $usernameRow, $passwordRow, .... are form the database tebles:
.....
...
.
$stmt->bind_param("ssss", $username, $password, $username, $password);
$stmt->execute();
$stmt->store_result();
$numRows = $stmt->num_rows;
$stmt->bind_result($usernameRow, $passwordRow, $levelRow, $activeRow);
if($numRows > 0) {
while ($stmt->fetch()) {
$u[] = $usernameRow;
$p[] = $passwordRow;
$uu[] = $levelRow;
$pp[] = $activeRow;
}
}
$stmt->close();
my mysql table accepts NULL values on many fields, I'm updating records and my desktop app is creating a http string as follows and sending to a php script.
www.webpage/script.php?firstval=48.345345&secondval=234&thirdval=&fourthval=simon
on the db thirdval is already NULL
but the parameters in the http string may or may not hold values
do I need to :
A)pass the parameter in the http string as
b)pass the parameter in the httpstring as
c)cater for the null value in the php script(
d)not include the parameter in the http string at all
or something else
my phpscript is like so :
?php
DEFINE ('DBUSER', 'generic01');
DEFINE ('DBPW', 'genpass');
DEFINE ('DBHOST', 'mysql4.xxxxxxxxx.com');
DEFINE ('DBNAME', '_Places');
$dbc = mysqli_connect(DBHOST,DBUSER,DBPW);
if (!$dbc) {
die("Database connection failed: " . mysqli_error($dbc));
exit();
}
$dbs = mysqli_select_db($dbc, DBNAME);
if (!$dbs) {
die(" Database selection bit failed: " . mysqli_error($dbc));
exit();
}
$lat = mysqli_real_escape_string($dbc, $_GET['lat']);
$lng = mysqli_real_escape_string($dbc,$_GET['lng']);
$prox = mysqli_real_escape_string($dbc,$_GET['prox']);
$description = mysqli_real_escape_string($dbc,$_GET['description']);
$id = mysqli_real_escape_string($dbc,$_GET['id']);
$direction = mysqli_real_escape_string($dbc,$_GET['direction']);
$avoiddays = mysqli_real_escape_string($dbc,$_GET['avoiddays']);
$validfrom = mysqli_real_escape_string($dbc,$_GET['validfrom']);
$validto = mysqli_real_escape_string($dbc,$_GET['validto']);
$gefid = mysqli_real_escape_string($dbc,$_GET['gefid']);
$expiry = mysqli_real_escape_string($dbc,$_GET['expiry']);
$query = "UPDATE places SET rt_lat = '$lat',rt_lng= '$lng',rt_prox = '$prox', rt_description = '$description', rt_direction = '$direction',rt_avoiddays = '$avoiddays',rt_validto = '$validto',rt_validfrom = '$validfrom',rt_gefid = '$gefid',rt_expiry='$expiry' WHERE rt_id = '$id'";
$result = mysqli_query($dbc, $query) or trigger_error("Query MySQL Error: " . mysqli_error($dbc));
mysqli_close($dbc);
?>
All help appreciated,
You do not need to include it in the http request, but you have to catch that, otherwise you get an E_NOTICE error.
For all fields that can be null:
if (isset($_GET['gefid'])) {
$gefid = mysqli_real_escape_string($dbc,$_GET['gefid']);
} else {
$gefid = null;
}
PHP has no knowledge of SQL nulls. If you want a blank/not-set $_GET value to become a null in the DB, then you have to take special steps:
if(isset($_GET['lat']) || ($_GET['lat'] == '')) {
$lat = 'NULL'; // a plain PHP string with the word "null" in it
} else {
$lat = "'" . mysqli_real_escape_string($dbc, $_GET['lat']) . "'"; // note the extra quotes
}
$sql = "INSERT ... VALUES ($lat, ....)"
If you do it any other way, e.g (just as an example, yes it's sql-injection vulnerable):
$sql = "INSERT ... VALUES ('$_GET[lat]', ...)";
Then for an empty $_GET['lat'] your query would actually be
INSERT ... VALUES ('', ...)
and you'd be inserting an empty string, NOT an sql null.
This question already has answers here:
Object of class mysqli_result could not be converted to string
(5 answers)
Closed 1 year ago.
I am getting an error and for the life of my can't figure it out. My code is kind of messy so watch out:
$hostname = ""; //SET SERVER/HOSTNAME
$dbusername = ""; //SET DATABASE USERNAME
$dbname = ""; //SET DATABASE NAME
$dbpassword = ""; //SET DATABASE USERNAME
$link = mysqli_connect($hostname, $dbusername, $dbpassword, $dbname);
if (!$link) {
die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
$sql = "SELECT * FROM utility WHERE `program_code` = '$program_code'";
$result = mysqli_query($link, $sql, MYSQLI_USE_RESULT);
if (!$result)
{
echo 'Error: ', $mysqli->error;
}
while($row = $result->fetch_assoc()){
$program_code1 = $row['program_code'];
$utility_company = $row['utility_company'];
$rate = $row['rate'];
$term = $row['term'];
}
$sql1 = "INSERT INTO v88374 (id, ldc_account_num, revenue_class_desc, first_name, last_name, home_phone_num, sline1_addr, scity_name, spostal_code, marketer_name, distributor_name, service_type_desc, bill_method, enroll_type_desc, requested_start_date, plan_desc, contract_start_date, contract_end_date, fixed_commodity_amt, vendor_id, office_id, agent_id, customer_name, contact_name, result, promo_code, validation_code, email, state, bname, baddress, program_code, date) VALUES ( '','$ldc_account_num1','$revenue_class_desc','$first_name1','$last_name1', '$home_phone_num1','$sline1_addr1','$scity_name1','$spostal_code1','','$utility_company','$service_type_desc','$bill_method','$enroll_type_desc','$requested_start_date','$plan_desc','$contract_start_date','$contract_end_date','$rate','$vendor_id','$office_id','$agent_id1','$customer_name','$contact_name','$result','$promo_code','$validation_code1','$email1','$state1','$bname1','$baddress1','$program_code1', now())";
$result1 = mysqli_query($link, $sql1, MYSQLI_STORE_RESULT);
if (!$result1)
{
echo 'Error: ', $mysqli->error;
}
else if ($result1){
echo "Thank you. Information submitted.";
}
I am getting the error (in the subject of this question)when my second sql statement starts, at $sql1 = long_string_of_code
I'm thinking it's something with my variables from the first statement maybe? If I echo my variables from the first statemenet, I get them all ok. So I am not sure what the deal is. Any help is appreciated, I know this is a lot of code to go through. Thank you.
contact_name','$result','$promo_code'
Your using result in the second SQL. Its an object so you can't use it as a string. Change that variable and it should work
I'm trying to fetch results using mysqli->fetch_row() (or fetch_object(), fetch_array()), yet when I go to run the code at run time it gives me the following error:
Fatal error: Call to a member function fetch_row() on a non-object in...on line 23.
The var in question that does this is $results in the code below. $user and $password gain their values from another .php file that this file is being included in so that's not really important at the moment. Now correct me if I'm wrong but if $results is being set = to $db->query($query) then isn't it supposed to inherit the properties of $db aka the mysqli class?
class mySQLHelper{
public function checkPass($user, $pass){
global $db;
$db = new mysqli();
$db->connect('localhost', 'root', '', 'mydb');
if (mysqli_connect_errno()){
echo 'Can not connect to database';
echo mysqli_connect_errno(). mysqli_connect_error();
exit;
return false;
}
$query = "SELECT user, password FROM Users WHERE user = $user AND password = $pass " ;
echo $query;
$results = $db->query($query);
while ($row = $results->fetch_row()){
echo htmlspecialchars($row->user);
echo htmlspecialchars($row->password);
}
$results->close();
$url = 'http://'. $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/";
if(!$results){
// mysqli_close($db);
// header("Location:.$url.login.php&msg=1");
}
else{
// mysqli_close($db);
// header("Location:.$url.featured.php");
}
}
}
Your query is failing on this line:
$results = $db->query($query);
Because of this, $results is false - not a result object as you expect.
To fix the issue, you need to add quotes around your variables (or use prepared statements):
$query = "SELECT user, password FROM Users WHERE user = '".$user."' AND password = '".$pass."' " ;
I would suggest updating to use a prepared statement to prevent SQL-injection issues too though:
$stmt = $db->prepare('SELECT user, password FROM Users WHERE user = ? AND password = ?');
$stmt->bind_param('ss', $user, $pass);
$stmt->execute();
$results = $stmt->get_result();
You script is lacking error checking, and therefore the error in the query is not handled.
$query = "SELECT user, password FROM Users
WHERE user = '$user' AND password = '$pass' " ;
// ^ quotes needed
echo $query;
$results = $db->query($query);
// handle a error in the query
if(!$results)
die($db->error);
while ($row = $results->fetch_row()){
echo htmlspecialchars($row->user);
echo htmlspecialchars($row->password);
}
If you user & password field text or varchar, then you need to use single quote around them
$query = "SELECT user, password FROM Users WHERE user = '".$user."' AND password = '".$pass."' " ;
You have to check, if query runs properly:
if ($result = $mysqli->query($query))
{
}
Use: var_dump($results) to check what it contains
Why are you checking if($results) after trying to manipulate it?
This...
$results->close();
//...
if(!$results){
//...
}
Should be...
if(!$results){
//...
}
$results->close();