Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Improve this question
I don't understand why this doesn't work? It's a register form checking if fields are filled in,password is equal to retype password, and if it doesn't already exist in database.
I get this error: Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/a4550840/public_html/newreg.php on line 32
But I already put a ';' at line 32 ... I don't understand why this error occurs.
Any help is appreciated :).
EDIT: Fixed that error ^ and added the mysql_real_escape_string , but it doesn't register the information to the database for some reason?
EDIT: It works now :), took away the quotations from the query
<?php
include ('connect.php');
if ($_POST['submit']) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$repassword = mysql_real_escape_string($_POST['repassword']);
$email = mysql_real_escape_string($_POST['email']);
if ($username && $password && $repassword && $email){
if ($password == $repassword) {
$check = mysql_query("SELECT * FROM members WHERE username='$username' ");
$countrows = mysql_num_rows($check);
if ($countrows == 0){
mysql_query("INSERT INTO members ('username','password','email') VALUES ('$username','$password','$email') ");
} else {
echo 'Username already exists';
}
} else {
echo 'Passwords don'\t match';
}
} else {
echo 'Fill in the fields';
}
} else {
echo 'Register please';
}
?>
You have a problem here:
echo 'Passwords don't match';
You need scape single quote as:
echo 'Passwords don\'t match';
or
echo "Passwords don't match";
NOTE: Your code is vulnerable to sql injection, you should use mysql_real_scape_string() before to pass yours parameters as sql query.
I suggest:
$username = mysql_real_scape_string($_POST['username']);
$password = mysql_real_scape_string($_POST['password']);
$repassword = mysql_real_scape_string($_POST['repassword']);
$email = mysql_real_scape_string($_POST['email']);
TIP: When your are testing (in dev environment) mysql querys, you should combine die(mysql_error()) at the end of line to check if you has a problem like as:
mysql_query('your sql') or die(mysql_error()).
If you have an error, this cause your app die an show the mysql error.
See this reference.
This error shows the earliest time it encounters a problem. The problem is on that line, or on a previous line. In this case you didn't escape a quote, so the parser found the rest of your string while it expected a , or ;. If you look at the colouring of your code, you'll see that more easily. The correct line would be
echo 'Passwords don\'t match';
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
i am not really good at this, this is my code. it seems like strlen() is not working, can someone help me figure what is wrong? thanks. it keeps on printing that password is too short even if i put 5 or more letters
<?php
if($username)
{
if(isset($_POST['submit']))
{
$newpass =md5($_POST['newpass']);
$confirmpass = md5($_POST['confirmpass']);
if(strlen($newpass) < 5)
{
if($newpass == $confirmpass)
{
$querychange = mysql_query("UPDATE users SET password = '$newpass' WHERE username = '$username'");
session_destroy();
?> <script> alert ( "Your password has been changed!" );
window.location='login.php'; </script> <?php
}
else
{
?> <script> alert ("New passwords don't match!" ); </script> <?php
}
}
else
{
echo "<font color='red'> * new password too short";
}
}
}
?>
First of all - doing md5 to a string will return a 32-character string.
That means that any password input by user will be hashed to a string of length 32.
This means that if(strlen($newpass) < 5) will never be true and you will always see a warning.
In this string you probably want if(strlen($newpass) > 5) - see, greater.
Then you password will be processed.
So, final code can be:
if(isset($_POST['submit'])) {
if(strlen($_POST['newpass']) >= 5)
{
$newpass = md5($_POST['newpass']);
$confirmpass = md5($_POST['confirmpass']);
// do other stuff
} else {
// warn about short password
}
}
Also take into consideration that strlen on UTF-8 encoded strings may give you unexpected results.
And for passwords you must use better methods then md5. Look at password_hash, password_verify.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am trying to populate a MySQL database by uploading contents of a SQLite database from my Android application. However when I do so the MYSQL database doesn't get populated.
The PHP script that I am trying to use to populate is as follows (note username, password etc are left out purposely, but are definitely correct). Are there any syntax errors or what could the issues be?
<?php
if(isset($_GET['sessionId']) && isset($_GET['game']) && isset($_GET['name']) && isset($_GET['avgMed']) && isset($_GET['maxMed']) && isset($_GET['avgAttn']) && isset($_GET['maxAttn']) && isset($_GET['score']) && isset($_GET['date'])
&& isset($_GET['rawFile']) && isset($_GET['EEGFile']) && isset($_GET['medFile']) && isset($_GET['attFile']))
{
$mysql_host = "";
$mysql_database = "";
$mysql_user = "";
$mysql_password = "";
// Provide host ip, mysql user name, password
$con = mysql_connect($mysql_host,$mysql_user,$mysql_password);
// Provide database name.
mysql_select_db($mysql_database);
$sessionId=$_GET['sessionId'];
$game=$_GET['game'];
$name=$_GET['name'];
$avgMed=$_GET['avgMed'];
$maxMed=$_GET['maxMed'];
$avgAttn=$_GET['avgAttn'];
$maxAttn=$_GET['maxAttn'];
$score=$_GET['score'];
$date=$_GET['date'];
$rawFile=$_GET['rawFile'];
$EEGFile=$_GET['EEGFile'];
$medFile=$_GET['medFile'];
$attFile=$_GET['attFile'];
$flag="false";
if(!empty($game) && !empty($name) && !empty($date) && !empty($sessionId))
{
$sql="Insert into `GameDetails` (`SessionID`,`Game`,`Username`,`AvgMeditation`,`MaxMeditation',`AvgAttention` ,`MaxAttention`,`Score`,`Date`,`RawFile' ,`EEGFile', `MedFile', `AttFile') values
('$sessionId','$game','$name','$avgMed','$maxMed','$avgAttn','$maxAttn','$score','$date','$rawFile','$EEGFile','$medFile','$attFile') ";
$result=mysql_query($sql);
if($result)
{
$count= mysql_affected_rows();
if($count > 0)
{
$flag="true"; //result true
}
}
mysql_close($con);
echo json_encode(array("result"=>$flag));
}
}
?>
I also recently made a change to the MySQL database within phpMyAdmin and added four new columns but I am sure that they are referenced correctly in the script.
You have multiple typos:
[...snip...],`Date`,`RawFile' ,`EEGFile', `MedFile', `AttFile') values
^----------^----------^----------^--- here
Those should be backticks (`), not ' single quotes.
If you had any kind of error handling in your script, you'd have been told about the syntax errors:
$result=mysql_query($sql) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^
and on top of that, you're vulnerable to sql injection attacks, so it's a good thing this query isn't working, since your syntax errors are preventing any injection attack from occurring int he first place.
Never EVER assume success when dealing with external resources, e.g. a database. Always assume failure, and treat success as a pleasant surprise. There's exactly ONE way for a query to succeed, and near infinite number of reasons for them to fail.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
This is basically my first time using PHP. I'm trying to create a reservation system, but I've been stuck at the registration page for a good while now. I end up getting "Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\feha\registration.php on line 57". Line 57 is:
$register = mysql_query("INSERT INTO 'users' (username, password, fname, lname, address, contact) VALUES ('".$username."','".$password."','".$fname."','".$lname."','".$address."','".$contact."')");
I've tried using a backslash before the "INSERT... and the error no longer appears, but nothing else does, for that matter. It's supposed to display a message if the user has been registered or if there was an error. I've also tried just using single quotes on the values, taking out the quotes on the table name, removing the column names.
It fixes it temporarily, but then another parse error appears further into my program, I fix it somehow, until it shows an error about unexpected $end at line 62 (my closing line). This is my entire code:
<?php
include 'connectdb.php';//database connection
if (isset($_POST['register']))
{
//input fields
$register = addslashes(strip_tags($_POST['register']));
$username = addslashes(strip_tags($_POST['username']));
$fname = addslashes(strip_tags($_POST['fname']));
$lname = addslashes(strip_tags($_POST['lname']));
$address = addslashes(strip_tags($_POST['address']));
$contact = addslashes(strip_tags($_POST['contact']));
$email = addslashes(strip_tags($_POST['email']));
$password = strip_tags($_POST['password']);
$repeat = strip_tags($_POST['repeat']);
//check for values
$errors = array();
if ($username&&$fname&&$lname &&$address&& $contact&& $email&&
$password&&$repeat)
{
if ($password!=$repeat) ///check if pw match
{
die("Your password does not match!");
}//check char length of username
if (strlen($username)<6||strlen($username)>32)
{
die ("Username must be between 6 and 32 characters");
}
//checking for password length
if (strlen(strlen($password)<8||$password)>12)
{
die ("Password must be between 8 - 12 characters");
}
//encrypt password
$password = md5($password);
//check if username already taken
$check = mysql_query ("SELECT * FROM users WHERE username='$username'");
if (mysql_num_rows($check)>=1)
{
die ("Username already taken);
}
if (!empty($errors))
{
foreach ($errors as $error)
{
echo $error, '<br/>';
}
}
else
{
$register = mysql_query("INSERT INTO 'users' (username, password, fname, lname, address, contact) VALUES ('".$username."','".$password."','".$fname."','".$lname."','".$address."','".$contact."')");
echo '<div id="good">You have been registered succesfully! ';}
}
else{echo "Please fill in all the fields";}
}
?>
Should be,
die ("Username already taken");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
<?php
$text = $_POST['username', 'bio', 'service', 'age'];
if (empty($text )) {
echo "You forgot to fill in a field.";
}
else
echo "Passed.";
?>
I know this seems like a really simple question but I cannot figure this out for the life of me. Thank you a bunch if you guys can figure this out for me.
Parse error: syntax error, unexpected ',', expecting ']' in /home/burtonmo/public_html/v2/add.php on line 2
You can only access one element at a time in an array. Change your code to something like
$username = $_POST['username'];
$bio = $_POST['bio'];
$service = $_POST['service'];
$age = $_POST['age'];
if (empty($username) || empty($bio) || empty($service) || empty($age)) {
echo "You forgot to fill in a field.";
}
else
echo "Passed.";
There are quite a few ways to check variables are set, the way your doing is syntactically incorrect hence the error:
Here is a dynamic way that you can loop through an array of expected keys and check the corresponding $_POST[*]. Good for some situations and not for others:
$form_keys = array('username','bio','service','age');
$errors = array();
//check is POST
if($_SERVER['REQUEST_METHOD']=='POST'){
//loop $form_keys array
foreach ($form_keys as $form_key){
//check the corresponding $_POST[*] - if empty fill error
if(empty($_POST[$form_key])){
$errors[$form_key] = '*required field';
}
}
//error should be empty if all went well
if(empty($errors)){
//good - do something
}else{
//bad - show errors
//$errors contained which fields were empty
}
}
Or you can do it the standard way which is the best way IMO as you can assign different errors can validate based on other types like is_numeric(). Though its obviously a longer piece of code.
$errors = array();
//check is POST
if($_SERVER['REQUEST_METHOD']=='POST'){
//check user
if(empty($_POST['username'])){
$errors['username'] = '*required field';
}
//bio
if(empty($_POST['bio'])){
$errors['bio'] = '*required field';
}
//service
if(empty($_POST['service'])){
$errors['service'] = '*required field';
}
//age
if(empty($_POST['age'])){
$errors['age'] = '*required field';
}
//error should be empty if all went well
if(empty($errors)){
//good - do something
}else{
//bad - show errors
//$errors contained which fields were empty
}
}
Good Luck Hope it helps...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I am writing a simple login script in php however it is reporting that there is an error on line 40. Personally, as an absolute beginner, I cant spot it. As far as I know everything else should be working fine but if there is anything else wrong please let me know. Any help?
<?php
if(isset($_POST['submit'])){
$dbHost = "mysql.**************.co.uk"; //Location Of Database usually its localhost
$dbUser = "r****2"; //Database User Name
$dbPass = "********"; //Database Password
$dbDatabase = "***********"; //Database Name
$db = mysql_connect($dbHost,$dbUser,$dbPass)or die("Error connecting to database.");
//Connect to the databasse
mysql_select_db($dbDatabase, $db)or die("Couldn't select the database.");
//Selects the database
/*
The Above code can be in a different file, then you can place include'filename.php'; instead.
*/
//Lets search the databse for the user name and password
//Choose some sort of password encryption, I choose sha256
//Password function (Not In all versions of MySQL).
$usr = mysql_real_escape_string($_POST['username']);
$pas = hash('sha256', mysql_real_escape_string($_POST['password']));
$sql = mysql_query("SELECT * FROM users_table
WHERE username='$usr' AND
password='$pas'
LIMIT 1");
if(mysql_num_rows($sql) == 1);{
$row = mysql_fetch_array($sql);
session_start();
$_SESSION['username'] = $row['username'];
$_SESSION['fname'] = $row['first_name'];
$_SESSION['lname'] = $row['last_name'];
$_SESSION['logged'] = TRUE;
header("Location: users_page.php"); // Modify to go to the page you would like
exit;
}
}else{
header("Location: login_page.php");
exit;
}else{ //If the form button wasn't submitted go to the index page, or login page
header("Location: index.php");
exit;
}
?>
Many thanks
if(mysql_num_rows($sql) == 1);{
Remove the semi-colon
See the other answer for another error on curly bracket closing
It looks like you have an extra closing bracket here:
exit;
}
}else{
Should be
exit;
}else{
You have two open-ended else calls at the end of your function
}else{
header("Location: login_page.php");
exit;
}else{ //If the form button wasn't submitted go to the index page, or login page
header("Location: index.php");
exit;
}
Remove one or put a conditional if statement on one. Also take the ";" out of
if(mysql_num_rows($sql) == 1);{