Parse error: syntax error, unexpected $end in...

Hi.

You don't close your string properly on line #26.
That's why you get this error.

Also, to close a huge security hole in that code.
Don't put user input directly into SQL queries... or anything, for that matter.
Always validate it and sanitize it before using it.
The mysql_real_escape_query function is extremely helpful here.

Check out SQL Injection in the manual. Explains why this is so important.

How would I end line 26? I have tried removing the semi-colon and using ) instead of } and I still keep getting the same result. I am not really sure what to try next.

Close the string with a double-quote before the semi-colon.

The string should be enclosed in quote-marks, but you only ever open the string, forgetting to close it with the second quote-mark.

The problem is basically:
The variables, which you correctly enclose in brackets, are not a part of the problem, and should work fine if left alone as they are.

Now it is telling me the brackets are wrong on line 26. The issue the whole time has been with line 26, however I did go ahead and make the changes you suggested:

You closed the string in the wrong line.

Everything you want to have inside a string must be enclosed inside the quotes.
You have like 3 lines there that should be inside your string, but you close the string after the first line.

You are doing something like this:
So PHP, having closed the string after the first line, tries to parse the rest of what should be inside the string as PHP code, obviously failing.

It should look like:

So I put the quote at the end of line 26, which solved that problem. Now at the bottom of the script where the last 2 curly brackets are, I am now receiving this error:

syntax error, unexpected '}' in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 23

I thought these brackets were necessary to close the connection?

@mideastgirl
It's not that hard. All opened brackets must have closing brackets.

Try this code:

I tried the code you gave me and this is the error I received:

Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 28

You did not include the database connection which I added on line 2, which gave me an error that no connection was possible, or something to that degree. And now it is giving me the error above. This is the code I am using:

I find it hard to believe you do not understand.
The error message tells you exactly what is wrong.
Where is the resource $con?
Is it in

include ("admintasks-dbcon.php");

If not then it just comes randomly into play half way through your script.
Even so it is not a critical error so it should still work.
I would have expected a more serious error earlier because the mysterious $con
is used here but php is good at guessing which database you mean

Thank you for your help. I deleted the start session at the top of this page and no error message came up, but it still will not go to the next page of admintasks.php which is where it should go to after logging in. Here is my script:

I am still getting an error message when I try to login from page www.mideasthonors.org/adminlogin.php this is the error I am receiving:

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 15
This is the code I am using:

Cannot modify header information - headers already sent by

This generally means the browser has already output something or recieved HTML headers before receiving some header information.

I am not very experienced with header stuff but session_start must be called before any other output to the browser, including header().

What is admin-dbcon.php up to?

Just check you have no white space either side of <?php, this has got me a few times

This is the code in admin-dbcon.php:

I have not opened a session in either one or a header at the top. So I will re-add session start () and see what happens

I feel like code needs to be in adminlogin.php and admintasks.php to get the two to connect to the actual loginprocess.php page. I am trying to get from adminlogin.php to admintasks.php through a login process which is in loginprocess.php. The code to connect to mysql is in admin-dbcon.php...in other words, I feel like all five pages should be linked someone??? Maybe I am wrong...but I am literally only a week into all the php stuff and have looked up how to do what I have so far online. I really do appreciate the help you all are giving.

Lets improve your code a bit to narrow down the problem

Code_green is right there.
The header function, as well as any function that alters the HTTP headers, can't be called after you have started sending output.

Output being; echo calls, HTML before the <?php ?> block, white-spaces before the <?php ?> block... anything like that.

The reason for this, just to clarify, is that a HTTP response is composed of two parts; the headers and the content.
The headers must be sent before the contents, which is why you can not alter the headers after you start sending content.

P.S.
To reiterate my earlier point about SQL Injection.
The login script you posted there, where you put the $_POST values directly into the SQL query, is wide open for even a novice hacker.
Something as simple as passing ' or 1='1 as the password might be enough to log in using an invalid user-name.

mysql_real_escape_string - If your data hasn't been passed through this function, do not use it! (99% of the time, anyway)

Unfortunately that did not go as planned:( I replaced the script with your suggestions and now my username and password are on the adminloginprocess.php page:

usernamepasswordselect * from admin_login where username = 'xxx' and password = 'xxx'1Array ( [username] => xxx [userid] => )

That was not exactly the desired result I was looking for, however I do appreciate all of your help!

No! The code I posted is part of the debugging process.
It was to help you 'see' what is happening.
It hasn't a chance in hell of making your script 'work'.

You need to understand that you cannot keep hacking at a piece of code.
You have to take it apart, find out where it is going wrong then put it back together.

Nobody here is going to give you a completed script.
But we will help you overcome specific problems.

So the code supplied is demonstrating this process.
Are all the ecoed vales as expected?

Repeat what I have done in your other files.

Atli,
You said that the _POST information should not be seen because it can be hacked into, but I am not really sure where this should go then? These are my database files, which will not actually be viewed by anyone because in theory when the user logs in it should either go to the error page or the admintasks page. I have been informed by the IT Department here on campus, where I am a student, to make sure I have database files where I keep these scripts. He has also suggested putting my login for the database in a seperate file, which I have done. I guess I am lost, because you are suggesting one thing while someone else is suggesting another.

CODE GREEN:
I was not aware the script that you gave me was for debugging. As I mentioned I am completely new to this php stuff. I have built website before in html, but never in php where I needed to connect to a database. I have been reading up and trying things with php for the past two months. This is the first post I have made on any forum in regards to php or mysql, so I do not exactly know how they work. I HAVE read the guidelines, and I have also looked at other posts and have found that many times those replying give the person with a question a code to try. I thought that is what you had done.
In any case, this is the code I am now using, and am receiving a different error than before.

Line #19 of your latest code example. You spell the $isvalid variable name incorrectly. There is an extra "e" at the end there.

And the if on line #26 isn't really needed, as you have already validated the $isvalid variable at that point in line #19.

@mideastgirl
What I am suggesting has nothing to do with database connection files, or anything of that sort.

What I am saying is:
You need to validate the information that your clients are passing to you via the <form> elements on your page.

For example, if I have this form:
And this query in a login script:
This query should work perfectly. Valid users would return the UserID and invalid users would return an empty set.

But... if I were to put ANY username into the field, and use ' OR 1='1 as my password, it would turn the query into this:
Which would return the ENTIRE TABLE, and successfully validate the user, even tho he doesn't exist.

This is what you have to protect against.
If I were to change the query in my previous script like so:
Using the password I used earlier, would create this query:
Now the previous scenario would fail, because the mysql_real_escape_string function escaped the quotes, turning the password into a single string of text, rather then allowing it to alter the actual query.

See what I mean?

so by placing an "s" in front of Username and Password, it is allowing the sanitizing? I kind of understand. I am going to apply it to my current script (that is applying the s before username and password and add the necessary brackets into my scripting and will let you know the results.

Thanks Atli!

If I may ask, what does that mean?

@mideastgirl
not quite, the "s" alone does not sanitize anything, it's the mysql_real_escape_string() function that does the hard work for you.

Atli sanitizes the POST values ($_POST['Username']) by creating a new variable ($sUsername) and giving that variable the sanitized value of $_POST['Username'] as result of the mysql_real_escape_string() function.

I think I am getting closer!!!

Ok I am now receiving this error which has something to do with sending users to the next page...I think that is.

Here is the code I am using, and my error is saying this: Parse error: syntax error, unexpected T_ELSE in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32

I am now receiving this error?!!! GRRR! I just want this script to work! I have to get this website running within the next 3 weeks, and I keep getting all of these errors!:(

The error is saying that it is occurring on line 9.
HELP ME PLEASE!

it's a typo, the function is named mysql_query().

I don't know which editor you use, but I recommend one with auto-complete functionality (Geany, or (if you have a Mac) SubEthaEdit) and code folding (minimize code blocks in curly brackets)

That was a really easy typo I should have seen, thank you so much. So now that is fixed and instead of moving on to the next page I am just getting "()" on the page after I enter my login info. I have looked to see if I have have that anywhere in my script but I do not. I do not think it is an error because it is not saying that it is. If anyone has an idea please let me know.

Line #7.
Surely this part of your query isn't correct?
Did you mean to put the $sUsername and $sPassword variables in there to check for?

Line #29
Should be:
And once you are done debugging the script, you should remove all the echo and print_r calls and de-comment your header calls. Those aren't meant to be in there once you start using it.

I removed the print_r codes and the header comments, and now am back to getting the unexpected $end error again. I am absolutely flustered with this scripting.
This is what I have:

And this is the error I am getting:
Parse error: syntax error, unexpected $end in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32

When I deleted the echo statement as you suggested and the last curly bracket that went with it, it began to say this. So I replaced the curly bracket and I am still getting this error:(

I think I fixed it?!

at the end of the code I placed }} one on line 32 and one on 33 and a blank page now comes up...BUT I need admintasks.php to come up instead of a blank page, with ...adminloginprocess.php as the website. Any suggestions?

try putting an exit(); after each header() (no need to further execute the script when relocated)

NOTE: proper indentation helps counting the brackets, see here (use the one you like best, but stick to the one you use)

I tried adding the exits:

And am now receiving this error-Parse error: syntax error, unexpected T_EXIT in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 29

@mideastgirl
add a ; after the header() function calls.

Do you look at the lines before you post the errors here?

You won't learn much if we correct every semi-colon for you. Don't be scared of the code, it's not as complicated and mysterious as you make it seem. Have a little more confidence in yourself.



Dan

generally, if the error message says something about unexpected T_*** then you should look for missing parentheses, brackets, commas, semi-colons and the like.

Also, if you get a decent IDE, like Aptana, NetBeans or even Notepad++, they pretty much show you exactly where syntax errors like these are.

You should put a bit of time into learning the basic syntax before you try coding anything real. Will save you a LOT of time on errors like these.
Errors, like the last one you posted, should be obvious to you once you've gotten to know the basics.

I removed the exits after the header functions, and there were semicolons already after the header functions, unless I needed to move them so that they were before the exit, in any case I removed the exits and now I am still unable to move onto the next page!!! I cannot figure this out!

give this "article" a read, it should clarify how to use the header() function.

I read that article, and it said to do what I am already doing to get to the next "location". I also re-added the exists! The page is still not going to the next page. Should I have header at the top of the script? Instead of at the bottom?

There is still one major glitch in there.

First, take a look at the way you handle the execution of your SQL query.
You don't actually do anything if the SQL query were to fail. You simply let the code trail into nothingness.

When you execute a query, you typically check whether it is OK (as you do), but print an error message if it doesn't (which you do not).
Second, take a look at the SQL query.
Typically, when you use SELECT to search for a value, you specify a column name and then provide a variable for the value that is to be checked.

Your code specifies a static value, but provides a variable for the column name.
It is supposed to be the other way around.

Combined, these two problems cause the code to completely ignore everything inside your first if statement, and since you don't provide anything as an alternative, it just gives you a blank page.

what do you mean by static value?
Also can you please check to ensure I included your first prognosis correctly in my scripting:

Thank you

@mideastgirl
er, exactly as in any dictionary described.

@mideastgirl
nope, still the the same problem (about the "static" value)

Is the static value you are referring to the 'username' and 'password'??? If that is what you are referring to that is what my columns are on my SQL Table so I am not sure how that is static??? Unless I need to actually enter in the passwords or username on the page and that does not seem right at all.

This looks like a real hair pulling time thread.

You have your variables in the wrong place:

So if someone entered the username Fred and password of test the SQL which would be executed would be:

SELECT * from admin_login WHERE Fred = 'username' AND test = 'password'

It should be:

mideastgirl, it seems you should concentrate on learning how to debug code but putting in markers, etc so you can see where things are failing and narrow down the problem.

I have tried adding what Atli has told me to use which would help me identify my problems but I work for a University and there is no funding available to purchase these editors.
Thank you very much for spelling out my problem to me! Believe me it is quite frustrating when I have to dance around the problem. Once I understand where I screwed up, instead of guessing, its much easier for me to move on with the next problem and the next page that I must go onto to put this website to rest.

I thought that is what the others were suggesting, that is with the 'username' but when Atli initially informed me to us the sanitize string with the $sUsername, it would have been a bit more helpful if the problem would have been brought to my attention when I was working on that portion, so as not to have me guess where these static variables are.

On a separate note: I have changed the variables and I am assuming I can remove the 14th line, which I am now receiving an error for?? Which validates the username and password. But if they are being validated in the line I just fixed, I do not see why they would need to be validated again.

Scratch my last comment. I removed it and now my page just keeps going to a blank page! Grrrrr! This is a hair pulling problem!

Seems like you are going about in quite a long way. This is a simplified version of your code:

This is untested but it does what you need it to do.

I do appreciate the help hoopy! However I am getting this error:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 22

Which seems to be the header problem again:(