I keep getting this error and I cannot figure it out. My curly brackets are closed, and I am using the correct tags for <?php to open and ?> to close my code. Can someone please help me!
Here is my code: -
<?php
-
//Connect To Database
-
$hostname='mideasthonors2.db.4381361.hostedresource.com';
-
$username='**************';
-
$password='***********';
-
$dbname='mideasthonors2';
-
$usertable='admin_tasks';
-
$yourfield = 'Name';
-
-
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
-
mysql_select_db($dbname);
-
-
$query = 'SELECT * FROM $usertable';
-
$result = mysql_query($query);
-
if($result) {
-
while($row = mysql_fetch_array($result)){
-
$name = $row['$yourfield'];
-
echo 'Name: '.$name;
-
-
mysql_select_db("mideasthonors2");
-
-
$sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address)
-
-
VALUES
-
-
{$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']};
-
-
if (!mysql_query($sql,$con))
-
-
{
-
-
die('Error: ' . mysql_error());
-
-
}
-
-
echo '1 record added';
-
-
mysql_close($con);
-
}
-
}
-
?>
68  11041  Atli 5,058
Expert 4TB
Hi.
You don't close your string properly on line #26.
That's why you get this error.
Also, to close a huge security hole in that code.
Don't put user input directly into SQL queries... or anything, for that matter.
Always validate it and sanitize it before using it.
The mysql_real_escape_query function is extremely helpful here.
Check out SQL Injection in the manual. Explains why this is so important.
How would I end line 26? I have tried removing the semi-colon and using ) instead of } and I still keep getting the same result. I am not really sure what to try next.
Atli 5,058
Expert 4TB
Close the string with a double-quote before the semi-colon.
The string should be enclosed in quote-marks, but you only ever open the string, forgetting to close it with the second quote-mark.
The problem is basically: -
// You are doing this:
-
$sql = "INSERT INTO whatever;
-
-
// Where you should be doing
-
$sql = "INSERT INTO whatever";
-
The variables, which you correctly enclose in brackets, are not a part of the problem, and should work fine if left alone as they are.
Now it is telling me the brackets are wrong on line 26. The issue the whole time has been with line 26, however I did go ahead and make the changes you suggested: -
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
-
mysql_select_db($dbname);
-
-
$query = 'SELECT * FROM $usertable';
-
$result = mysql_query($query);
-
if($result) {
-
while($row = mysql_fetch_array($result)){
-
$name = $row['$yourfield'];
-
echo 'Name: '.$name;
-
-
mysql_select_db("mideasthonors2");
-
-
$sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address)";
-
-
VALUES
-
-
{$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']};
-
-
if (!mysql_query($sql,$con))
-
-
{
-
-
die('Error: ' . mysql_error());
-
-
}
-
-
echo '1 record added';
-
-
mysql_close($con);
-
}
-
}
-
?>
Atli 5,058
Expert 4TB
You closed the string in the wrong line.
Everything you want to have inside a string must be enclosed inside the quotes.
You have like 3 lines there that should be inside your string, but you close the string after the first line.
You are doing something like this: -
$str = "This string spans";
-
multiple lines and
-
should not be closed
-
until after the last line;
-
So PHP, having closed the string after the first line, tries to parse the rest of what should be inside the string as PHP code, obviously failing.
It should look like: -
$str = "This string spans
-
multiple lines and
-
should not be closed
-
until after the last line";
-
So I put the quote at the end of line 26, which solved that problem. Now at the bottom of the script where the last 2 curly brackets are, I am now receiving this error:
syntax error, unexpected '}' in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 23
I thought these brackets were necessary to close the connection?
@mideastgirl
It's not that hard. All opened brackets must have closing brackets.
Try this code: -
-
<?php
-
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
-
mysql_select_db($dbname);
-
-
$query = 'SELECT * FROM $usertable';
-
$result = mysql_query($query);
-
-
if($result)
-
{
-
while($row = mysql_fetch_array($result))
-
{
-
$name = $row['$yourfield'];
-
echo 'Name: '.$name;
-
-
mysql_select_db("mideasthonors2");
-
-
$sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address) VALUES {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']}";
-
-
if (!mysql_query($sql,$con))
-
{
-
die('Error: ' . mysql_error());
-
}
-
-
echo '1 record added';
-
}
-
}
-
-
mysql_close($con); // should be at the same level as your connect().
-
-
-
I tried the code you gave me and this is the error I received:
Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in /home/content/m/i/d/mideasthonors/html/admintaskstable.php on line 28
You did not include the database connection which I added on line 2, which gave me an error that no connection was possible, or something to that degree. And now it is giving me the error above. This is the code I am using: -
<?php
-
include ("admintasks-dbcon.php");
-
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
-
mysql_select_db($dbname);
-
-
$query = 'SELECT * FROM $usertable';
-
$result = mysql_query($query);
-
-
if($result)
-
{
-
while($row = mysql_fetch_array($result))
-
{
-
$name = $row['$yourfield'];
-
echo 'Name: '.$name;
-
-
mysql_select_db("mideasthonors2");
-
-
$sql="INSERT INTO $usertable (Name, Address 1, Address 2, City, State, Zip Code, Website, Contact Name, Position, Phone Number, Email Address) VALUES {$_POST['name']},{$_POST['address 1']},{$_POST['address 2']},{$_POST['city']},{$_POST['state']},{$_POST['zip code']},{$_POST['website']},{$_POST['contact name']},{$_POST['position']},{$_POST['phone number']},{$_POST['email address']}";
-
-
if (!mysql_query($sql,$con))
-
{
-
die('Error: ' . mysql_error());
-
}
-
-
echo '1 record added';
-
}
-
}
-
mysql_close($con);
-
?>
I find it hard to believe you do not understand.
The error message tells you exactly what is wrong.
Where is the resource $con?
Is it in
include ("admintasks-dbcon.php");
If not then it just comes randomly into play half way through your script.
Even so it is not a critical error so it should still work.
I would have expected a more serious error earlier because the mysterious $con
is used here - if (!mysql_query($sql,$con))
but php is good at guessing which database you mean
Thank you for your help. I deleted the start session at the top of this page and no error message came up, but it still will not go to the next page of admintasks.php which is where it should go to after logging in. Here is my script: - <?php
-
include("admin-dbcon.php");
-
-
//Check to see if the username and password is valid (if it is in the database)
-
$validate = mysql_query("select * from admin_login where username = '$_POST[username]' and password = '$_POST[password]'");
-
-
$isvalid=mysql_num_rows($validate);
-
-
//if valid login send on, if not send to error page
-
if ($isvalid != 0) {
-
$_SESSION['username'] = $_POST[username];
-
while ($row=mysql_fetch_array($validate)){
-
$_SESSION['userid']=$row["ID"];
-
}
-
header("Location: admintasks.php");
-
}
-
//else {
-
// header("Location: login-error.php");
-
//}
-
?>
I am still getting an error message when I try to login from page www.mideasthonors.org/adminlogin.php this is the error I am receiving:
Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 15
This is the code I am using: -
<?php
-
include("admin-dbcon.php");
-
-
//Check to see if the username and password is valid (if it is in the database)
-
$validate = mysql_query("select * from admin_login where username = '$_POST[username]' and password = '$_POST[password]'");
-
-
$isvalid=mysql_num_rows($validate);
-
-
//if valid login send on, if not send to error page
-
if ($isvalid != 0) {
-
$_SESSION['username'] = $_POST[username];
-
while ($row=mysql_fetch_array($validate)){
-
$_SESSION['userid']=$row["ID"];
-
}
-
header("Location: admintasks.php");
-
}
-
//else {
-
// header("Location: login-error.php");
-
//}
-
?>
-
Cannot modify header information - headers already sent by
This generally means the browser has already output something or recieved HTML headers before receiving some header information.
I am not very experienced with header stuff but session_start must be called before any other output to the browser, including header().
What is admin-dbcon.php up to?
Just check you have no white space either side of <?php, this has got me a few times
This is the code in admin-dbcon.php: -
<?php
-
$dbHost = 'mideasthonors.db.4381361.hostedresource.com';
-
$dbName = 'mideasthonors';
-
$dbUser = 'xxx';
-
$dbPass = 'xxx';
-
-
mysql_connect("$dbHost","$dbUser","$dbPass") or die("Error: Unable to connect to database! Please try again later.");
-
-
//Select the database we want to use
-
mysql_select_db($dbName) or die("Error: Could not select database");
-
?>
-
I have not opened a session in either one or a header at the top. So I will re-add session start () and see what happens
I feel like code needs to be in adminlogin.php and admintasks.php to get the two to connect to the actual loginprocess.php page. I am trying to get from adminlogin.php to admintasks.php through a login process which is in loginprocess.php. The code to connect to mysql is in admin-dbcon.php...in other words, I feel like all five pages should be linked someone??? Maybe I am wrong...but I am literally only a week into all the php stuff and have looked up how to do what I have so far online. I really do appreciate the help you all are giving.
Lets improve your code a bit to narrow down the problem - <?php
-
include("admin-dbcon.php");
-
-
//Check to see if the username and password is in database
-
$username = $_POST['username'];
-
echo $username; #disable for header to work
-
$password = $_POST['password'];
-
echo $password; #disable for header to work
-
-
$sql = "select * from admin_login
-
where username = '$username'
-
and password = '$password'";
-
echo $sql; #disable for header to work
-
-
if($validate = mysql_query($sql))
-
{
-
$isvalid = mysql_num_rows($validate);
-
echo $isvalid;
-
-
//if valid login send on, if not send to error page
-
if ($isvalid)
-
{
-
$_SESSION['username'] = $_POST[username];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
print_r($_SESSION);#disable for header to work
-
//If everything is OK up to here un-comment header
-
#header("Location: admintasks.php");
-
}
-
else
-
{
-
echo 'invalid login';
-
#header("Location: login-error.php");
-
}
-
}else echo 'empty recordset';
-
?>
Atli 5,058
Expert 4TB
Code_green is right there.
The header function, as well as any function that alters the HTTP headers, can't be called after you have started sending output.
Output being; echo calls, HTML before the <?php ?> block, white-spaces before the <?php ?> block... anything like that.
The reason for this, just to clarify, is that a HTTP response is composed of two parts; the headers and the content.
The headers must be sent before the contents, which is why you can not alter the headers after you start sending content.
P.S.
To reiterate my earlier point about SQL Injection.
The login script you posted there, where you put the $_POST values directly into the SQL query, is wide open for even a novice hacker.
Something as simple as passing ' or 1='1 as the password might be enough to log in using an invalid user-name. mysql_real_escape_string - If your data hasn't been passed through this function, do not use it! (99% of the time, anyway)
Unfortunately that did not go as planned:( I replaced the script with your suggestions and now my username and password are on the adminloginprocess.php page:
usernamepasswordselect * from admin_login where username = 'xxx' and password = 'xxx'1Array ( [username] => xxx [userid] => )
That was not exactly the desired result I was looking for, however I do appreciate all of your help!
No! The code I posted is part of the debugging process.
It was to help you 'see' what is happening.
It hasn't a chance in hell of making your script 'work'.
You need to understand that you cannot keep hacking at a piece of code.
You have to take it apart, find out where it is going wrong then put it back together.
Nobody here is going to give you a completed script.
But we will help you overcome specific problems.
So the code supplied is demonstrating this process.
Are all the ecoed vales as expected?
Repeat what I have done in your other files.
Atli,
You said that the _POST information should not be seen because it can be hacked into, but I am not really sure where this should go then? These are my database files, which will not actually be viewed by anyone because in theory when the user logs in it should either go to the error page or the admintasks page. I have been informed by the IT Department here on campus, where I am a student, to make sure I have database files where I keep these scripts. He has also suggested putting my login for the database in a seperate file, which I have done. I guess I am lost, because you are suggesting one thing while someone else is suggesting another.
CODE GREEN:
I was not aware the script that you gave me was for debugging. As I mentioned I am completely new to this php stuff. I have built website before in html, but never in php where I needed to connect to a database. I have been reading up and trying things with php for the past two months. This is the first post I have made on any forum in regards to php or mysql, so I do not exactly know how they work. I HAVE read the guidelines, and I have also looked at other posts and have found that many times those replying give the person with a question a code to try. I thought that is what you had done.
In any case, this is the code I am now using, and am receiving a different error than before. -
<?php
-
include("admin-dbcon.php");
-
-
//Check to see if the username and password is valid (if it is in the database)
-
$username =$_POST ['username'];
-
echo $username;
-
$password = $_POST['password'];
-
echo $password;
-
-
$sql ="select * from admin_login where username = 'username' and password = 'password';
-
echo $sql;
-
if ($validate = mysql_quere($sql))
-
{
-
-
$isvalid=mysql_num_rows($validate);
-
echo $isvalid;
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST[username];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
if ($isvalid)
-
{
-
$_SESSION['username'] = $_POST[username];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
print_r($SESSION);
-
#header("Location: admintasks.php");
-
}
-
else{
-
echo 'invalid login';
-
#header (Location: login-error.php");
-
}
-
}else echo 'empty recordset';
-
?>
-
 Atli 5,058
Expert 4TB
Line #19 of your latest code example. You spell the $isvalid variable name incorrectly. There is an extra "e" at the end there.
And the if on line #26 isn't really needed, as you have already validated the $isvalid variable at that point in line #19. @mideastgirl
What I am suggesting has nothing to do with database connection files, or anything of that sort.
What I am saying is:
You need to validate the information that your clients are passing to you via the <form> elements on your page.
For example, if I have this form: -
<form action="login.php">
-
User: <input name="Username" type="text" /><br />
-
Pass: <input name="Password" type="password" /><br />
-
<input type="submit" />
-
</form>
And this query in a login script: -
$sql = "SELECT `UserID` FROM `User`
-
WHERE `UserName` = '{$_POST['Username']}'
-
AND `Password` = '{$_POST['Password']}'";
-
$result = mysql_query($sql) or die(mysql_error());
-
This query should work perfectly. Valid users would return the UserID and invalid users would return an empty set.
But... if I were to put ANY username into the field, and use ' OR 1='1 as my password, it would turn the query into this: -
SELECT `UserID` FROM `User`
-
WHERE `UserName` = 'random username'
-
AND `Password` = '' OR 1='1'
Which would return the ENTIRE TABLE, and successfully validate the user, even tho he doesn't exist.
This is what you have to protect against.
If I were to change the query in my previous script like so: -
// Get and sanitize the user input
-
$sUsername = mysql_real_escape_string($_POST['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Username']);
-
-
// Check if the username and password are valid
-
$sql = "SELECT `UserID` FROM `User`
-
WHERE `UserName` = '{$sUsername}'
-
AND `Password` = '{$sPassword}'";
-
$result = mysql_query($sql) or die(mysql_error());
Using the password I used earlier, would create this query: -
SELECT `UserID` FROM `User`
-
WHERE `UserName` = 'random username'
-
AND `Password` = '\' OR 1=\'1'
Now the previous scenario would fail, because the mysql_real_escape_string function escaped the quotes, turning the password into a single string of text, rather then allowing it to alter the actual query.
See what I mean?
so by placing an "s" in front of Username and Password, it is allowing the sanitizing? I kind of understand. I am going to apply it to my current script (that is applying the s before username and password and add the necessary brackets into my scripting and will let you know the results.
Thanks Atli!
If I may ask, what does that mean?
@mideastgirl
not quite, the "s" alone does not sanitize anything, it's the mysql_real_escape_string() function that does the hard work for you.
Atli sanitizes the POST values ( $_POST['Username']) by creating a new variable ( $sUsername) and giving that variable the sanitized value of $_POST['Username'] as result of the mysql_real_escape_string() function.
I think I am getting closer!!!
Ok I am now receiving this error which has something to do with sending users to the next page...I think that is.
Here is the code I am using, and my error is saying this: Parse error: syntax error, unexpected T_ELSE in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32 -
<?php
-
include("admin-dbcon.php");
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST ['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
//ensure username and password are valide
-
$sql ="SELECT * from admin_login WHERE Username = 'username' AND password = 'password'";
-
-
if ($validate = mysql_quere($sql))
-
{
-
-
$isvalid=mysql_num_rows($validate);
-
echo $isvalide;
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
print_r($SESSION);
-
#header("Location: admintasks.php");
-
}
-
else{
-
echo 'invalid login';
-
#header ("Location: login-error.php");
-
}
-
}else echo 'empty recordset';
-
?>
-
I am now receiving this error?!!! GRRR! I just want this script to work! I have to get this website running within the next 3 weeks, and I keep getting all of these errors!:(
The error is saying that it is occurring on line 9. -
<?php
-
include("admin-dbcon.php");
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST ['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
//ensure username and password are valide
-
$sql ="SELECT * from admin_login WHERE Username = 'username' AND Password = 'password'";
-
-
if ($validate = mysql_quere($sql))
-
{
-
-
$isvalide=mysql_num_rows($validate);
-
echo $isvalide;
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
print_r($SESSION);
-
#header("Location: admintasks.php");
-
}
-
#header ("Location: login-error.php");
-
}
-
}else echo 'empty recordset';
-
?>
-
HELP ME PLEASE!
it's a typo, the function is named mysql_query().
I don't know which editor you use, but I recommend one with auto-complete functionality (Geany, or (if you have a Mac) SubEthaEdit) and code folding (minimize code blocks in curly brackets)
That was a really easy typo I should have seen, thank you so much. So now that is fixed and instead of moving on to the next page I am just getting "()" on the page after I enter my login info. I have looked to see if I have have that anywhere in my script but I do not. I do not think it is an error because it is not saying that it is. If anyone has an idea please let me know.
Atli 5,058
Expert 4TB
Line #7.
Surely this part of your query isn't correct? - WHERE Username = 'username' AND Password = 'password'";
Did you mean to put the $sUsername and $sPassword variables in there to check for?
Line #29
Should be:
And once you are done debugging the script, you should remove all the echo and print_r calls and de-comment your header calls. Those aren't meant to be in there once you start using it.
I removed the print_r codes and the header comments, and now am back to getting the unexpected $end error again. I am absolutely flustered with this scripting.
This is what I have: -
<?php
-
include("admin-dbcon.php");
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST ['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
//ensure username and password are valide
-
$sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'";
-
-
if ($validate = mysql_query($sql))
-
{
-
-
$isvalide=mysql_num_rows($validate);
-
echo $isvalide;
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
header("Location: admintasks.php");
-
}
-
header ("Location: login-error.php");
-
?>
-
And this is the error I am getting:
Parse error: syntax error, unexpected $end in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 32
When I deleted the echo statement as you suggested and the last curly bracket that went with it, it began to say this. So I replaced the curly bracket and I am still getting this error:(
I think I fixed it?!
at the end of the code I placed }} one on line 32 and one on 33 and a blank page now comes up...BUT I need admintasks.php to come up instead of a blank page, with ...adminloginprocess.php as the website. Any suggestions?
try putting an exit(); after each header() (no need to further execute the script when relocated)
NOTE: proper indentation helps counting the brackets, see here (use the one you like best, but stick to the one you use)
I tried adding the exits: -
<?php
-
include("admin-dbcon.php");
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST ['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
//ensure username and password are valide
-
$sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'";
-
-
if ($validate = mysql_query($sql))
-
{
-
-
$isvalide=mysql_num_rows($validate);
-
echo $isvalide;
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
header("Location: admintasks.php")exit();
-
}
-
header ("Location: login-error.php")exit();
-
}
-
}
-
?>
-
And am now receiving this error-Parse error: syntax error, unexpected T_EXIT in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 29
Do you look at the lines before you post the errors here?
You won't learn much if we correct every semi-colon for you. Don't be scared of the code, it's not as complicated and mysterious as you make it seem. Have a little more confidence in yourself.
Dan
generally, if the error message says something about unexpected T_*** then you should look for missing parentheses, brackets, commas, semi-colons and the like.
Atli 5,058
Expert 4TB
Also, if you get a decent IDE, like Aptana, NetBeans or even Notepad++, they pretty much show you exactly where syntax errors like these are.
You should put a bit of time into learning the basic syntax before you try coding anything real. Will save you a LOT of time on errors like these.
Errors, like the last one you posted, should be obvious to you once you've gotten to know the basics.
I removed the exits after the header functions, and there were semicolons already after the header functions, unless I needed to move them so that they were before the exit, in any case I removed the exits and now I am still unable to move onto the next page!!! I cannot figure this out!
give this "article" a read, it should clarify how to use the header() function.
I read that article, and it said to do what I am already doing to get to the next "location". I also re-added the exists! The page is still not going to the next page. Should I have header at the top of the script? Instead of at the bottom?
Atli 5,058
Expert 4TB
There is still one major glitch in there. First, take a look at the way you handle the execution of your SQL query.
You don't actually do anything if the SQL query were to fail. You simply let the code trail into nothingness.
When you execute a query, you typically check whether it is OK (as you do), but print an error message if it doesn't (which you do not). -
$result = mysql_query($sql);
-
if($result) {
-
// Do stuff with the result
-
}
-
else {
-
die("SQL Query failed!");
-
}
Second, take a look at the SQL query.
Typically, when you use SELECT to search for a value, you specify a column name and then provide a variable for the value that is to be checked.
Your code specifies a static value, but provides a variable for the column name.
It is supposed to be the other way around.
Combined, these two problems cause the code to completely ignore everything inside your first if statement, and since you don't provide anything as an alternative, it just gives you a blank page.
what do you mean by static value?
Also can you please check to ensure I included your first prognosis correctly in my scripting: -
<?php
-
include("admin-dbcon.php");
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST ['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
//ensure username and password are valide
-
$sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'";
-
if ($validate = mysql_query($sql))
-
{
-
$isvalide=mysql_num_rows($validate);
-
echo $isvalide;
-
}
-
else {
-
die (SQL Query failed!");
-
-
//if valid login send on, if not send to error page
-
if ($isvalide)
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
{
-
$_SESSION['username'] = $_POST['username'];
-
while ($row=mysql_fetch_array($validate))
-
{
-
$_SESSION['userid']=$row["ID"];
-
}
-
header("Location: admintasks.php");
-
exit;
-
}
-
header("Location: login-error.php");
-
exit;
-
-
}
-
}
-
?>
-
Thank you
@mideastgirl
er, exactly as in any dictionary described. @mideastgirl
nope, still the the same problem (about the "static" value)
Is the static value you are referring to the 'username' and 'password'??? If that is what you are referring to that is what my columns are on my SQL Table so I am not sure how that is static??? Unless I need to actually enter in the passwords or username on the page and that does not seem right at all.
This looks like a real hair pulling time thread.
You have your variables in the wrong place: - $sql ="SELECT * from admin_login WHERE $sUsername = 'username' AND $sPassword = 'password'";
So if someone entered the username Fred and password of test the SQL which would be executed would be:
SELECT * from admin_login WHERE Fred = 'username' AND test = 'password'
It should be: - $sql ="SELECT * from admin_login WHERE username = '$sUsername' AND password = '$sPassword'";
mideastgirl, it seems you should concentrate on learning how to debug code but putting in markers, etc so you can see where things are failing and narrow down the problem.
I have tried adding what Atli has told me to use which would help me identify my problems but I work for a University and there is no funding available to purchase these editors.
Thank you very much for spelling out my problem to me! Believe me it is quite frustrating when I have to dance around the problem. Once I understand where I screwed up, instead of guessing, its much easier for me to move on with the next problem and the next page that I must go onto to put this website to rest.
I thought that is what the others were suggesting, that is with the 'username' but when Atli initially informed me to us the sanitize string with the $sUsername, it would have been a bit more helpful if the problem would have been brought to my attention when I was working on that portion, so as not to have me guess where these static variables are.
On a separate note: I have changed the variables and I am assuming I can remove the 14th line, which I am now receiving an error for?? Which validates the username and password. But if they are being validated in the line I just fixed, I do not see why they would need to be validated again.
Scratch my last comment. I removed it and now my page just keeps going to a blank page! Grrrrr! This is a hair pulling problem!
Seems like you are going about in quite a long way. This is a simplified version of your code: - <?php
-
include("admin-dbcon.php");
-
-
// you need this to be able to use sessions
-
session_start();
-
-
//sanitize the user input to ensure random usernames cannot be used
-
$sUsername= mysql_real_escape_string($_POST['Username']);
-
$sPassword = mysql_real_escape_string($_POST['Password']);
-
-
//ensure username and password are valide
-
$qry = mysql_query("
-
SELECT * from admin_login
-
WHERE = username '$sUsername'
-
AND password = '$sPassword'
-
");
-
-
// check the number of rows returned
-
if(mysql_num_rows($qry) == 0)
-
{
-
// not a valid login redirect to fail
-
header("Location: login-error.php");
-
exit;
-
}
-
-
// if you get here then you have made a match
-
// store data in session variables
-
$row = mysql_fetch_array($qry);
-
$_SESSION['username'] = $row['username'];
-
$_SESSION['userid'] = $row['ID'];
-
-
// redirect user onto admintasks.php
-
header("Location: admintasks.php");
-
?>
This is untested but it does what you need it to do.
I do appreciate the help hoopy! However I am getting this error:
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 5
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 19
Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/i/d/mideasthonors/html/adminloginprocess.php:1) in /home/content/m/i/d/mideasthonors/html/adminloginprocess.php on line 22
Which seems to be the header problem again:(
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Janwillem Borleffs |
last post by:
Q: I'm getting an unexpected $ or $end parse/syntax error, what's causing
this?
A: This is caused when an expression is started with an opening brace, but
the closing brace is omitted.
...
|
by: Wescotte |
last post by:
The error message Parse error: syntax error, unexpected $end in FILE on
line X is one I run into frequently and I know the cause is I missed an
ending quote.
Is there an easy way to determine...
|
by: mikeinspain |
last post by:
Keep getting this error!
Parse error: syntax error, unexpected $end in /home/9144/domains/cbweb.co.uk/html/faq_finance.php on line 139
PHP Below.. Script was working 1 minute and copied the...
|
by: kestrel |
last post by:
I have some html code that is supposed to be displayed by php echo. But for some reason i keep getting a syntax error, and i cant figure out what is going on.
Heres what i have
<?php...
|
by: praclarush |
last post by:
I've just started php, and this is a class assignment, but my question is I’m getting this error PHP Parse error: syntax error, unexpected T_IF, expecting T_VARIABLE or '$' in...
|
by: ajd335 |
last post by:
Hi all...
I am getting an error Parse error: syntax error, unexpected $end in http:/..... on line 117...(117 is the EOF)..
can you plz help me out..I have checked out for the < , > ,{ ,} etc.......
|
by: Lawrence Krubner |
last post by:
Imagine a template system that works by getting a file, as a string, and
then putting it through eval(), something like this:
$formAsString = $controller->command("readFileAndReturnString",...
|
by: fburn |
last post by:
I need some help with an error I'm getting using php 5.2.5 running on linux.
I receive an error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or...
|
by: akohistani |
last post by:
I am having Parse error problem with my newly purchased Php upload script I have uploaded the script and I get the error below
Parse error: syntax error, unexpected $end in URL/functions.php on...
|
by: benicio |
last post by:
Parse error: syntax error, unexpected T_STRING, expecting '(' in C:\wamp\www\study_group\includes\functions.php on line 19
I got this error and this syntax is from 8 to 19th line.
<?php
...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| | |
