By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
426,165 Members | 1,928 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 426,165 IT Pros & Developers. It's quick & easy.

Parse error: syntax error, unexpected $end in...

mideastgirl
P: 65
I keep getting this error and I cannot figure it out. My curly brackets are closed, and I am using the correct tags for <?php to open and ?> to close my code. Can someone please help me!

Here is my code:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. //Connect To Database
  3. $hostname='mideasthonors2.db.4381361.hostedresource.com';
  4. $username='**************';
  5. $password='***********';
  6. $dbname='mideasthonors2';
  7. $usertable='admin_tasks';
  8. $yourfield = 'Name';
  9.  
  10. mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
  11. mysql_select_db($dbname);
  12.  
  13. $query = 'SELECT * FROM $usertable';
  14. $result = mysql_query($query);
  15. if($result) {
  16.     while($row = mysql_fetch_array($result)){
  17.         $name = $row['$yourfield'];
  18.         echo 'Name: '.$name;
  19.  
  20. mysql_select_db("mideasthonors2");
  21.  
  22. $sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address)
  23.  
  24. VALUES
  25.  
  26. {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']};
  27.  
  28. if (!mysql_query($sql,$con))
  29.  
  30.   {
  31.  
  32.   die('Error: ' . mysql_error());
  33.  
  34.   }
  35.  
  36. echo '1 record added';
  37.  
  38. mysql_close($con);
  39.     }
  40. }    
  41. ?>
Jun 23 '09 #1
Share this Question
Share on Google+
68 Replies


Atli
Expert 5K+
P: 5,058
Hi.

You don't close your string properly on line #26.
That's why you get this error.

Also, to close a huge security hole in that code.
Don't put user input directly into SQL queries... or anything, for that matter.
Always validate it and sanitize it before using it.
The mysql_real_escape_query function is extremely helpful here.

Check out SQL Injection in the manual. Explains why this is so important.
Jun 23 '09 #2

mideastgirl
P: 65
How would I end line 26? I have tried removing the semi-colon and using ) instead of } and I still keep getting the same result. I am not really sure what to try next.
Jun 23 '09 #3

Atli
Expert 5K+
P: 5,058
Close the string with a double-quote before the semi-colon.

The string should be enclosed in quote-marks, but you only ever open the string, forgetting to close it with the second quote-mark.

The problem is basically:
Expand|Select|Wrap|Line Numbers
  1. // You are doing this:
  2. $sql = "INSERT INTO whatever;
  3.  
  4. // Where you should be doing
  5. $sql = "INSERT INTO whatever";
  6.  
The variables, which you correctly enclose in brackets, are not a part of the problem, and should work fine if left alone as they are.
Jun 24 '09 #4

mideastgirl
P: 65
Now it is telling me the brackets are wrong on line 26. The issue the whole time has been with line 26, however I did go ahead and make the changes you suggested:
Expand|Select|Wrap|Line Numbers
  1. mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
  2. mysql_select_db($dbname);
  3.  
  4. $query = 'SELECT * FROM $usertable';
  5. $result = mysql_query($query);
  6. if($result) {
  7.     while($row = mysql_fetch_array($result)){
  8.         $name = $row['$yourfield'];
  9.         echo 'Name: '.$name;
  10.  
  11. mysql_select_db("mideasthonors2");
  12.  
  13. $sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address)";
  14.  
  15. VALUES
  16.  
  17. {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']};
  18.  
  19. if (!mysql_query($sql,$con))
  20.  
  21.   {
  22.  
  23.   die('Error: ' . mysql_error());
  24.  
  25.   }
  26.  
  27. echo '1 record added';
  28.  
  29. mysql_close($con);
  30.     }
  31. }    
  32. ?>
Jun 24 '09 #5

Atli
Expert 5K+
P: 5,058
You closed the string in the wrong line.

Everything you want to have inside a string must be enclosed inside the quotes.
You have like 3 lines there that should be inside your string, but you close the string after the first line.

You are doing something like this:
Expand|Select|Wrap|Line Numbers
  1. $str = "This string spans";
  2.         multiple lines and
  3.         should not be closed
  4.         until after the last line;
  5.  
So PHP, having closed the string after the first line, tries to parse the rest of what should be inside the string as PHP code, obviously failing.

It should look like:
Expand|Select|Wrap|Line Numbers
  1. $str = "This string spans
  2.         multiple lines and
  3.         should not be closed
  4.         until after the last line";
  5.  
Jun 24 '09 #6

mideastgirl
P: 65
So I put the quote at the end of line 26, which solved that problem. Now at the bottom of the script where the last 2 curly brackets are, I am now receiving this error:

syntax error, unexpected '}' in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 23

I thought these brackets were necessary to close the connection?
Jun 24 '09 #7

dlite922
Expert 100+
P: 1,584
@mideastgirl
It's not that hard. All opened brackets must have closing brackets.

Try this code:

Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php
  3. mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
  4. mysql_select_db($dbname);
  5.  
  6. $query = 'SELECT * FROM $usertable';
  7. $result = mysql_query($query);
  8.  
  9. if($result) 
  10. {
  11.     while($row = mysql_fetch_array($result))
  12.     {
  13.         $name = $row['$yourfield'];
  14.         echo 'Name: '.$name;
  15.  
  16.         mysql_select_db("mideasthonors2");
  17.  
  18.         $sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address) VALUES {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']}";
  19.  
  20.         if (!mysql_query($sql,$con))         
  21.         {
  22.             die('Error: ' . mysql_error());
  23.         }
  24.  
  25.         echo '1 record added'; 
  26.     }
  27. }
  28.  
  29. mysql_close($con);    // should be at the same level as your connect(). 
  30.  
  31.  
  32.  
Jun 24 '09 #8

mideastgirl
P: 65
I tried the code you gave me and this is the error I received:

Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 28

You did not include the database connection which I added on line 2, which gave me an error that no connection was possible, or something to that degree. And now it is giving me the error above. This is the code I am using:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include ("admintasks-dbcon.php");
  3. mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
  4. mysql_select_db($dbname);
  5.  
  6. $query = 'SELECT * FROM $usertable';
  7. $result = mysql_query($query);
  8.  
  9. if($result) 
  10.  {
  11.      while($row = mysql_fetch_array($result))
  12.      {
  13.          $name = $row['$yourfield'];
  14.          echo 'Name: '.$name;
  15.  
  16.          mysql_select_db("mideasthonors2");
  17.  
  18.          $sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address) VALUES {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']}";
  19.  
  20.          if (!mysql_query($sql,$con))         
  21.          {
  22.              die('Error: ' . mysql_error());
  23.          }
  24.  
  25.         echo '1 record added'; 
  26.      }
  27.  }
  28. mysql_close($con); 
  29. ?>
Jun 24 '09 #9

code green
Expert 100+
P: 1,726
I find it hard to believe you do not understand.
The error message tells you exactly what is wrong.
Expand|Select|Wrap|Line Numbers
  1. mysql_close($con);  
Where is the resource $con?
Is it in
include ("admintasks-dbcon.php");
If not then it just comes randomly into play half way through your script.
Even so it is not a critical error so it should still work.
I would have expected a more serious error earlier because the mysterious $con
is used here
Expand|Select|Wrap|Line Numbers
  1.  if (!mysql_query($sql,$con))    
but php is good at guessing which database you mean
Jun 25 '09 #10

mideastgirl
P: 65
Thank you for your help. I deleted the start session at the top of this page and no error message came up, but it still will not go to the next page of admintasks.php which is where it should go to after logging in. Here is my script:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3.  
  4. //Check to see if the username and password is valid (if it is in the database)
  5. $validate = mysql_query("select * from admin_login where username = '$_POST[username]' and password = '$_POST[password]'"); 
  6.  
  7. $isvalid=mysql_num_rows($validate);
  8.  
  9. //if valid login send on, if not send to error page
  10. if ($isvalid != 0) {
  11.     $_SESSION['username'] = $_POST[username];
  12.     while ($row=mysql_fetch_array($validate)){
  13.         $_SESSION['userid']=$row["ID"];
  14.     }
  15.      header("Location: admintasks.php");
  16. //else {
  17. //    header("Location: login-error.php");
  18. //}
  19. ?>
Jun 25 '09 #11

mideastgirl
P: 65
I am still getting an error message when I try to login from page www.mideasthonors.org/adminlogin.php this is the error I am receiving:

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 15
This is the code I am using:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3.  
  4. //Check to see if the username and password is valid (if it is in the database)
  5. $validate = mysql_query("select * from admin_login where username = '$_POST[username]' and password = '$_POST[password]'"); 
  6.  
  7. $isvalid=mysql_num_rows($validate);
  8.  
  9. //if valid login send on, if not send to error page
  10. if ($isvalid != 0) {
  11.     $_SESSION['username'] = $_POST[username];
  12.     while ($row=mysql_fetch_array($validate)){
  13.         $_SESSION['userid']=$row["ID"];
  14.     }
  15.      header("Location: admintasks.php");
  16. //else {
  17. //    header("Location: login-error.php");
  18. //}
  19. ?>
  20.  
Jun 25 '09 #12

code green
Expert 100+
P: 1,726
Cannot modify header information - headers already sent by
This generally means the browser has already output something or recieved HTML headers before receiving some header information.

I am not very experienced with header stuff but session_start must be called before any other output to the browser, including header().

What is admin-dbcon.php up to?

Just check you have no white space either side of <?php, this has got me a few times
Jun 25 '09 #13

mideastgirl
P: 65
This is the code in admin-dbcon.php:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $dbHost = 'mideasthonors.db.4381361.hostedresource.com';
  3. $dbName = 'mideasthonors';
  4. $dbUser = 'xxx';
  5. $dbPass = 'xxx';
  6.  
  7. mysql_connect("$dbHost","$dbUser","$dbPass") or die("Error: Unable to connect to database! Please try again later.");
  8.  
  9. //Select the database we want to use
  10. mysql_select_db($dbName) or die("Error: Could not select database");
  11. ?>
  12.  
I have not opened a session in either one or a header at the top. So I will re-add session start () and see what happens
Jun 25 '09 #14

mideastgirl
P: 65
I feel like code needs to be in adminlogin.php and admintasks.php to get the two to connect to the actual loginprocess.php page. I am trying to get from adminlogin.php to admintasks.php through a login process which is in loginprocess.php. The code to connect to mysql is in admin-dbcon.php...in other words, I feel like all five pages should be linked someone??? Maybe I am wrong...but I am literally only a week into all the php stuff and have looked up how to do what I have so far online. I really do appreciate the help you all are giving.
Jun 25 '09 #15

code green
Expert 100+
P: 1,726
Lets improve your code a bit to narrow down the problem
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. include("admin-dbcon.php"); 
  3.  
  4. //Check to see if the username and password is in database
  5. $username = $_POST['username']; 
  6. echo $username; #disable for header to work
  7. $password = $_POST['password'];  
  8. echo $password; #disable for header to work
  9.  
  10. $sql = "select * from admin_login 
  11.     where username = '$username' 
  12.     and password = '$password'";
  13. echo $sql; #disable for header to work
  14.  
  15. if($validate = mysql_query($sql))
  16. {  
  17.      $isvalid = mysql_num_rows($validate);
  18.      echo $isvalid; 
  19.  
  20.      //if valid login send on, if not send to error page 
  21.     if ($isvalid) 
  22.     { 
  23.        $_SESSION['username'] = $_POST[username]; 
  24.        while ($row=mysql_fetch_array($validate))
  25.        { 
  26.              $_SESSION['userid']=$row["ID"]; 
  27.        } 
  28.        print_r($_SESSION);#disable for header to work
  29.        //If everything is OK up to here un-comment header
  30.        #header("Location: admintasks.php"); 
  31.     } 
  32.    else 
  33.    { 
  34.      echo 'invalid login';
  35.      #header("Location: login-error.php"); 
  36.    } 
  37. }else echo 'empty recordset';
  38. ?> 
Jun 25 '09 #16

Atli
Expert 5K+
P: 5,058
Code_green is right there.
The header function, as well as any function that alters the HTTP headers, can't be called after you have started sending output.

Output being; echo calls, HTML before the <?php ?> block, white-spaces before the <?php ?> block... anything like that.

The reason for this, just to clarify, is that a HTTP response is composed of two parts; the headers and the content.
The headers must be sent before the contents, which is why you can not alter the headers after you start sending content.

P.S.
To reiterate my earlier point about SQL Injection.
The login script you posted there, where you put the $_POST values directly into the SQL query, is wide open for even a novice hacker.
Something as simple as passing ' or 1='1 as the password might be enough to log in using an invalid user-name.

mysql_real_escape_string - If your data hasn't been passed through this function, do not use it! (99% of the time, anyway)
Jun 25 '09 #17

mideastgirl
P: 65
Unfortunately that did not go as planned:( I replaced the script with your suggestions and now my username and password are on the adminloginprocess.php page:

usernamepasswordselect * from admin_login where username = 'xxx' and password = 'xxx'1Array ( [username] => xxx [userid] => )

That was not exactly the desired result I was looking for, however I do appreciate all of your help!
Jun 26 '09 #18

code green
Expert 100+
P: 1,726
No! The code I posted is part of the debugging process.
It was to help you 'see' what is happening.
It hasn't a chance in hell of making your script 'work'.

You need to understand that you cannot keep hacking at a piece of code.
You have to take it apart, find out where it is going wrong then put it back together.

Nobody here is going to give you a completed script.
But we will help you overcome specific problems.

So the code supplied is demonstrating this process.
Are all the ecoed vales as expected?

Repeat what I have done in your other files.
Jun 26 '09 #19

mideastgirl
P: 65
Atli,
You said that the _POST information should not be seen because it can be hacked into, but I am not really sure where this should go then? These are my database files, which will not actually be viewed by anyone because in theory when the user logs in it should either go to the error page or the admintasks page. I have been informed by the IT Department here on campus, where I am a student, to make sure I have database files where I keep these scripts. He has also suggested putting my login for the database in a seperate file, which I have done. I guess I am lost, because you are suggesting one thing while someone else is suggesting another.
Jun 26 '09 #20

mideastgirl
P: 65
CODE GREEN:
I was not aware the script that you gave me was for debugging. As I mentioned I am completely new to this php stuff. I have built website before in html, but never in php where I needed to connect to a database. I have been reading up and trying things with php for the past two months. This is the first post I have made on any forum in regards to php or mysql, so I do not exactly know how they work. I HAVE read the guidelines, and I have also looked at other posts and have found that many times those replying give the person with a question a code to try. I thought that is what you had done.
In any case, this is the code I am now using, and am receiving a different error than before.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3.  
  4. //Check to see if the username and password is valid (if it is in the database)
  5. $username =$_POST ['username'];
  6. echo $username;
  7. $password = $_POST['password'];
  8. echo $password;
  9.  
  10. $sql ="select * from admin_login where username = 'username' and password = 'password'; 
  11. echo $sql;
  12. if ($validate = mysql_quere($sql))
  13. {
  14.  
  15. $isvalid=mysql_num_rows($validate);
  16. echo $isvalid;
  17.  
  18. //if valid login send on, if not send to error page 
  19.     if ($isvalide)
  20.     {
  21.     $_SESSION['username'] = $_POST[username];
  22.     while ($row=mysql_fetch_array($validate))
  23.     {
  24.         $_SESSION['userid']=$row["ID"];
  25.     }
  26.      if ($isvalid) 
  27.       { 
  28.          $_SESSION['username'] = $_POST[username]; 
  29.         while ($row=mysql_fetch_array($validate))
  30.        { 
  31.               $_SESSION['userid']=$row["ID"]; 
  32.         } 
  33.         print_r($SESSION); 
  34.         #header("Location: admintasks.php");
  35.         }
  36.         else{
  37.         echo 'invalid login';
  38.         #header (Location: login-error.php");
  39.         }
  40.     }else echo 'empty recordset';
  41. ?>
  42.  
Jun 26 '09 #21

Atli
Expert 5K+
P: 5,058
Line #19 of your latest code example. You spell the $isvalid variable name incorrectly. There is an extra "e" at the end there.

And the if on line #26 isn't really needed, as you have already validated the $isvalid variable at that point in line #19.

@mideastgirl
What I am suggesting has nothing to do with database connection files, or anything of that sort.

What I am saying is:
You need to validate the information that your clients are passing to you via the <form> elements on your page.

For example, if I have this form:
Expand|Select|Wrap|Line Numbers
  1. <form action="login.php">
  2.   User: <input name="Username" type="text" /><br />
  3.   Pass: <input name="Password" type="password" /><br />
  4.   <input type="submit" />
  5. </form>
And this query in a login script:
Expand|Select|Wrap|Line Numbers
  1. $sql = "SELECT `UserID` FROM `User`
  2.         WHERE `UserName` = '{$_POST['Username']}'
  3.         AND   `Password` = '{$_POST['Password']}'";
  4. $result = mysql_query($sql) or die(mysql_error());
  5.  
This query should work perfectly. Valid users would return the UserID and invalid users would return an empty set.

But... if I were to put ANY username into the field, and use ' OR 1='1 as my password, it would turn the query into this:
Expand|Select|Wrap|Line Numbers
  1. SELECT `UserID` FROM `User`
  2. WHERE `UserName` = 'random username'
  3. AND   `Password` = '' OR 1='1'
Which would return the ENTIRE TABLE, and successfully validate the user, even tho he doesn't exist.

This is what you have to protect against.
If I were to change the query in my previous script like so:
Expand|Select|Wrap|Line Numbers
  1. // Get and sanitize the user input
  2. $sUsername = mysql_real_escape_string($_POST['Username']);
  3. $sPassword = mysql_real_escape_string($_POST['Username']);
  4.  
  5. // Check if the username and password are valid
  6. $sql = "SELECT `UserID` FROM `User`
  7.         WHERE `UserName` = '{$sUsername}'
  8.         AND   `Password` = '{$sPassword}'";
  9. $result = mysql_query($sql) or die(mysql_error());
Using the password I used earlier, would create this query:
Expand|Select|Wrap|Line Numbers
  1. SELECT `UserID` FROM `User`
  2. WHERE `UserName` = 'random username'
  3. AND   `Password` = '\' OR 1=\'1'
Now the previous scenario would fail, because the mysql_real_escape_string function escaped the quotes, turning the password into a single string of text, rather then allowing it to alter the actual query.

See what I mean?
Jun 27 '09 #22

mideastgirl
P: 65
so by placing an "s" in front of Username and Password, it is allowing the sanitizing? I kind of understand. I am going to apply it to my current script (that is applying the s before username and password and add the necessary brackets into my scripting and will let you know the results.

Thanks Atli!
Jun 29 '09 #23

mideastgirl
P: 65
If I may ask, what does that mean?
Jun 29 '09 #24

Dormilich
Expert Mod 5K+
P: 8,639
@mideastgirl
not quite, the "s" alone does not sanitize anything, it's the mysql_real_escape_string() function that does the hard work for you.

Atli sanitizes the POST values ($_POST['Username']) by creating a new variable ($sUsername) and giving that variable the sanitized value of $_POST['Username'] as result of the mysql_real_escape_string() function.
Jun 29 '09 #25

mideastgirl
P: 65
I think I am getting closer!!!

Ok I am now receiving this error which has something to do with sending users to the next page...I think that is.

Here is the code I am using, and my error is saying this: Parse error: syntax error, unexpected T_ELSE in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3. //sanitize the user input to ensure random usernames cannot be used
  4. $sUsername= mysql_real_escape_string($_POST ['Username']);
  5. $sPassword = mysql_real_escape_string($_POST['Password']);
  6. //ensure username and password are valide
  7. $sql ="SELECT * from admin_login WHERE Username = 'username' AND password = 'password'"; 
  8.  
  9. if ($validate = mysql_quere($sql))
  10. {
  11.  
  12. $isvalid=mysql_num_rows($validate);
  13. echo $isvalide;
  14.  
  15. //if valid login send on, if not send to error page 
  16.     if ($isvalide)
  17.     {
  18. $_SESSION['username'] = $_POST['username'];
  19. while ($row=mysql_fetch_array($validate))
  20.     {
  21.         $_SESSION['userid']=$row["ID"];
  22.     } 
  23.       { 
  24.          $_SESSION['username'] = $_POST['username']; 
  25.         while ($row=mysql_fetch_array($validate))
  26.        { 
  27.               $_SESSION['userid']=$row["ID"]; 
  28.         } 
  29.         print_r($SESSION); 
  30.         #header("Location: admintasks.php");
  31.         }
  32.         else{
  33.         echo 'invalid login';
  34.         #header ("Location: login-error.php");
  35.         }
  36.     }else echo 'empty recordset';
  37. ?>
  38.  
Jun 29 '09 #26

mideastgirl
P: 65
I am now receiving this error?!!! GRRR! I just want this script to work! I have to get this website running within the next 3 weeks, and I keep getting all of these errors!:(

The error is saying that it is occurring on line 9.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3. //sanitize the user input to ensure random usernames cannot be used
  4. $sUsername= mysql_real_escape_string($_POST ['Username']);
  5. $sPassword = mysql_real_escape_string($_POST['Password']);
  6. //ensure username and password are valide
  7. $sql ="SELECT * from admin_login WHERE Username = 'username' AND Password = 'password'"; 
  8.  
  9. if ($validate = mysql_quere($sql))
  10. {
  11.  
  12. $isvalide=mysql_num_rows($validate);
  13. echo $isvalide;
  14.  
  15. //if valid login send on, if not send to error page 
  16.     if ($isvalide)
  17.     {
  18. $_SESSION['username'] = $_POST['username'];
  19. while ($row=mysql_fetch_array($validate))
  20.     {
  21.         $_SESSION['userid']=$row["ID"];
  22.     } 
  23.       { 
  24.          $_SESSION['username'] = $_POST['username']; 
  25.         while ($row=mysql_fetch_array($validate))
  26.        { 
  27.               $_SESSION['userid']=$row["ID"]; 
  28.         } 
  29.         print_r($SESSION); 
  30.         #header("Location: admintasks.php");
  31.         }
  32.         #header ("Location: login-error.php");
  33.         }
  34.     }else echo 'empty recordset';
  35. ?>
  36.  
HELP ME PLEASE!
Jun 29 '09 #27

Dormilich
Expert Mod 5K+
P: 8,639
it's a typo, the function is named mysql_query().

I don't know which editor you use, but I recommend one with auto-complete functionality (Geany, or (if you have a Mac) SubEthaEdit) and code folding (minimize code blocks in curly brackets)
Jun 29 '09 #28

mideastgirl
P: 65
That was a really easy typo I should have seen, thank you so much. So now that is fixed and instead of moving on to the next page I am just getting "()" on the page after I enter my login info. I have looked to see if I have have that anywhere in my script but I do not. I do not think it is an error because it is not saying that it is. If anyone has an idea please let me know.
Jun 29 '09 #29

Atli
Expert 5K+
P: 5,058
Line #7.
Surely this part of your query isn't correct?
Expand|Select|Wrap|Line Numbers
  1. WHERE Username = 'username' AND Password = 'password'";
Did you mean to put the $sUsername and $sPassword variables in there to check for?

Line #29
Expand|Select|Wrap|Line Numbers
  1. print_r($SESSION);
Should be:
Expand|Select|Wrap|Line Numbers
  1. print_r($_SESSION);
And once you are done debugging the script, you should remove all the echo and print_r calls and de-comment your header calls. Those aren't meant to be in there once you start using it.
Jun 29 '09 #30

mideastgirl
P: 65
I removed the print_r codes and the header comments, and now am back to getting the unexpected $end error again. I am absolutely flustered with this scripting.
This is what I have:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3. //sanitize the user input to ensure random usernames cannot be used
  4. $sUsername= mysql_real_escape_string($_POST ['Username']);
  5. $sPassword = mysql_real_escape_string($_POST['Password']);
  6. //ensure username and password are valide
  7. $sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'"; 
  8.  
  9. if ($validate = mysql_query($sql))
  10. {
  11.  
  12. $isvalide=mysql_num_rows($validate);
  13. echo $isvalide;
  14.  
  15. //if valid login send on, if not send to error page 
  16.     if ($isvalide)
  17.     {
  18. $_SESSION['username'] = $_POST['username'];
  19. while ($row=mysql_fetch_array($validate))
  20.     {
  21.         $_SESSION['userid']=$row["ID"];
  22.     } 
  23.       { 
  24.          $_SESSION['username'] = $_POST['username']; 
  25.         while ($row=mysql_fetch_array($validate))
  26.        { 
  27.               $_SESSION['userid']=$row["ID"]; 
  28.         }  
  29.         header("Location: admintasks.php");
  30.         }
  31.         header ("Location: login-error.php");
  32. ?>
  33.  
And this is the error I am getting:
Parse error: syntax error, unexpected $end in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32

When I deleted the echo statement as you suggested and the last curly bracket that went with it, it began to say this. So I replaced the curly bracket and I am still getting this error:(
Jun 30 '09 #31

mideastgirl
P: 65
I think I fixed it?!

at the end of the code I placed }} one on line 32 and one on 33 and a blank page now comes up...BUT I need admintasks.php to come up instead of a blank page, with ...adminloginprocess.php as the website. Any suggestions?
Jun 30 '09 #32

Dormilich
Expert Mod 5K+
P: 8,639
try putting an exit(); after each header() (no need to further execute the script when relocated)

NOTE: proper indentation helps counting the brackets, see here (use the one you like best, but stick to the one you use)
Jun 30 '09 #33

mideastgirl
P: 65
I tried adding the exits:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3. //sanitize the user input to ensure random usernames cannot be used
  4. $sUsername= mysql_real_escape_string($_POST ['Username']);
  5. $sPassword = mysql_real_escape_string($_POST['Password']);
  6. //ensure username and password are valide
  7. $sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'"; 
  8.  
  9. if ($validate = mysql_query($sql))
  10.     {
  11.  
  12. $isvalide=mysql_num_rows($validate);
  13. echo $isvalide;
  14.  
  15. //if valid login send on, if not send to error page 
  16.     if ($isvalide)
  17.     {
  18. $_SESSION['username'] = $_POST['username'];
  19. while ($row=mysql_fetch_array($validate))
  20.     {
  21.         $_SESSION['userid']=$row["ID"];
  22.     } 
  23.     { 
  24.         $_SESSION['username'] = $_POST['username']; 
  25.         while ($row=mysql_fetch_array($validate))
  26.     { 
  27.         $_SESSION['userid']=$row["ID"]; 
  28.     }  
  29.         header("Location: admintasks.php")exit();
  30.     }
  31.         header ("Location: login-error.php")exit();
  32.     }
  33.     }
  34. ?>
  35.  
And am now receiving this error-Parse error: syntax error, unexpected T_EXIT in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 29
Jun 30 '09 #34

Dormilich
Expert Mod 5K+
P: 8,639
@mideastgirl
add a ; after the header() function calls.
Jun 30 '09 #35

dlite922
Expert 100+
P: 1,584
Do you look at the lines before you post the errors here?

You won't learn much if we correct every semi-colon for you. Don't be scared of the code, it's not as complicated and mysterious as you make it seem. Have a little more confidence in yourself.



Dan
Jun 30 '09 #36

Dormilich
Expert Mod 5K+
P: 8,639
generally, if the error message says something about unexpected T_*** then you should look for missing parentheses, brackets, commas, semi-colons and the like.
Jun 30 '09 #37

Atli
Expert 5K+
P: 5,058
Also, if you get a decent IDE, like Aptana, NetBeans or even Notepad++, they pretty much show you exactly where syntax errors like these are.

You should put a bit of time into learning the basic syntax before you try coding anything real. Will save you a LOT of time on errors like these.
Errors, like the last one you posted, should be obvious to you once you've gotten to know the basics.
Jun 30 '09 #38

mideastgirl
P: 65
I removed the exits after the header functions, and there were semicolons already after the header functions, unless I needed to move them so that they were before the exit, in any case I removed the exits and now I am still unable to move onto the next page!!! I cannot figure this out!
Jul 1 '09 #39

Dormilich
Expert Mod 5K+
P: 8,639
give this "article" a read, it should clarify how to use the header() function.
Jul 1 '09 #40

mideastgirl
P: 65
I read that article, and it said to do what I am already doing to get to the next "location". I also re-added the exists! The page is still not going to the next page. Should I have header at the top of the script? Instead of at the bottom?
Jul 1 '09 #41

Atli
Expert 5K+
P: 5,058
There is still one major glitch in there.

First, take a look at the way you handle the execution of your SQL query.
You don't actually do anything if the SQL query were to fail. You simply let the code trail into nothingness.

When you execute a query, you typically check whether it is OK (as you do), but print an error message if it doesn't (which you do not).
Expand|Select|Wrap|Line Numbers
  1. $result = mysql_query($sql);
  2. if($result) {
  3.   // Do stuff with the result
  4. }
  5. else {
  6.   die("SQL Query failed!");
  7. }
Second, take a look at the SQL query.
Typically, when you use SELECT to search for a value, you specify a column name and then provide a variable for the value that is to be checked.

Your code specifies a static value, but provides a variable for the column name.
It is supposed to be the other way around.

Combined, these two problems cause the code to completely ignore everything inside your first if statement, and since you don't provide anything as an alternative, it just gives you a blank page.
Jul 1 '09 #42

mideastgirl
P: 65
what do you mean by static value?
Also can you please check to ensure I included your first prognosis correctly in my scripting:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3. //sanitize the user input to ensure random usernames cannot be used
  4. $sUsername= mysql_real_escape_string($_POST ['Username']);
  5. $sPassword = mysql_real_escape_string($_POST['Password']);
  6. //ensure username and password are valide
  7. $sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'"; 
  8. if ($validate = mysql_query($sql))
  9.     {
  10. $isvalide=mysql_num_rows($validate);
  11. echo $isvalide;
  12. }
  13. else {
  14. die (SQL Query failed!");
  15.  
  16. //if valid login send on, if not send to error page 
  17.     if ($isvalide)
  18.     {
  19. $_SESSION['username'] = $_POST['username'];
  20. while ($row=mysql_fetch_array($validate))
  21.     {
  22.         $_SESSION['userid']=$row["ID"];
  23.     } 
  24.     { 
  25.         $_SESSION['username'] = $_POST['username']; 
  26.         while ($row=mysql_fetch_array($validate))
  27.     { 
  28.         $_SESSION['userid']=$row["ID"]; 
  29.     }  
  30.         header("Location: admintasks.php");
  31.         exit;
  32.     }
  33.         header("Location: login-error.php");
  34.         exit;
  35.  
  36.     }  
  37.     }
  38.      ?> 
  39.  
Thank you
Jul 6 '09 #43

Dormilich
Expert Mod 5K+
P: 8,639
@mideastgirl
er, exactly as in any dictionary described.

@mideastgirl
nope, still the the same problem (about the "static" value)
Jul 7 '09 #44

mideastgirl
P: 65
Is the static value you are referring to the 'username' and 'password'??? If that is what you are referring to that is what my columns are on my SQL Table so I am not sure how that is static??? Unless I need to actually enter in the passwords or username on the page and that does not seem right at all.
Jul 7 '09 #45

P: 88
This looks like a real hair pulling time thread.

You have your variables in the wrong place:

Expand|Select|Wrap|Line Numbers
  1. $sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'";
So if someone entered the username Fred and password of test the SQL which would be executed would be:

SELECT * from admin_login WHERE Fred = 'username' AND test = 'password'

It should be:

Expand|Select|Wrap|Line Numbers
  1. $sql ="SELECT * from admin_login WHERE username = '$sUsername' AND password = '$sPassword'";
mideastgirl, it seems you should concentrate on learning how to debug code but putting in markers, etc so you can see where things are failing and narrow down the problem.
Jul 7 '09 #46

mideastgirl
P: 65
I have tried adding what Atli has told me to use which would help me identify my problems but I work for a University and there is no funding available to purchase these editors.
Thank you very much for spelling out my problem to me! Believe me it is quite frustrating when I have to dance around the problem. Once I understand where I screwed up, instead of guessing, its much easier for me to move on with the next problem and the next page that I must go onto to put this website to rest.

I thought that is what the others were suggesting, that is with the 'username' but when Atli initially informed me to us the sanitize string with the $sUsername, it would have been a bit more helpful if the problem would have been brought to my attention when I was working on that portion, so as not to have me guess where these static variables are.

On a separate note: I have changed the variables and I am assuming I can remove the 14th line, which I am now receiving an error for?? Which validates the username and password. But if they are being validated in the line I just fixed, I do not see why they would need to be validated again.
Jul 7 '09 #47

mideastgirl
P: 65
Scratch my last comment. I removed it and now my page just keeps going to a blank page! Grrrrr! This is a hair pulling problem!
Jul 7 '09 #48

P: 88
Seems like you are going about in quite a long way. This is a simplified version of your code:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include("admin-dbcon.php");
  3.  
  4. // you need this to be able to use sessions
  5. session_start();
  6.  
  7. //sanitize the user input to ensure random usernames cannot be used
  8. $sUsername= mysql_real_escape_string($_POST['Username']);
  9. $sPassword = mysql_real_escape_string($_POST['Password']);
  10.  
  11. //ensure username and password are valide
  12. $qry = mysql_query(" 
  13.   SELECT * from admin_login 
  14.   WHERE = username '$sUsername' 
  15.   AND password = '$sPassword' 
  16. ");
  17.  
  18. // check the number of rows returned 
  19. if(mysql_num_rows($qry) == 0)
  20. {
  21.   // not a valid login redirect to fail 
  22.   header("Location: login-error.php");
  23.   exit;
  24. }
  25.  
  26. // if you get here then you have made a match 
  27. // store data in session variables 
  28. $row = mysql_fetch_array($qry);
  29. $_SESSION['username'] = $row['username'];
  30. $_SESSION['userid'] = $row['ID'];
  31.  
  32. // redirect user onto admintasks.php
  33. header("Location: admintasks.php");
  34. ?>
This is untested but it does what you need it to do.
Jul 7 '09 #49

mideastgirl
P: 65
I do appreciate the help hoopy! However I am getting this error:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 22

Which seems to be the header problem again:(
Jul 7 '09 #50

68 Replies

Post your reply

Sign in to post your reply or Sign up for a free account.