Forum Moderators: coopster
Parse error: parse error, unexpected '>' in /home/content/K/e/v/html/userloginscript.php on line 24
Heres the code:
<?php
include ('TopPart.php')
?>
<?php
if ((!$_POST[username]) ¦¦ (!$_POST[password])) {
header("Location: userlogin.htm");
exit;
}
$conn = mysql_connect("sql.example.net", "user", "pass")
or die (mysql_error());
mysql_select_db("mydb", $conn) or die(mysql_error());
$sql = "SELECT username FROM auth_users where username =
'$_POST[username]' and password = password('$_POST[password]')';
$result = mysql_query($sql,$con) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$username = mysql_result($result, 0, 'username');
$password = mysql_result($result, 0, 'password');
$display_block = "<P>$username have been Authorized!</p>
<p>Your Authorized Abilities:
<ul>
<li><a href=\"fileupload.htm\">Upload Form</a>
</ul>";
} else {
header("Location: userlogin.htm");
exit;
}
?>
<html>
<head>
<title>Upload Form Login</title>
</head>
<body>
<? echo "$msg";?>
</body>
</html
<?php
include ('BottomPart.php')
?>
Any help?
[edited by: jatar_k at 6:10 pm (utc) on April 10, 2006]
[edit reason] removed login details [/edit]
your quoting is messed up in this line
$sql = "SELECT username FROM auth_users where username =
'$_POST[username]' and password = password('$_POST[password]')';
what happens is that when you miss a parentheses, brace, a semi colon or mismatch quotes the error shows up later in the code. If you get an error for a specific line and you can't see anything wrong with it then you move up[ from the reported place in the script line by line.
Your line above should read
$sql = "SELECT username FROM auth_users where username = '" . $_POST[username] . "' and password = password('" . $_POST[password] . "')";
your final quote was single instead of double. I also pulled the $_POST vars out and concatenated the string as well. Array variables don't get parsed properly between double quotes so you should use this method.
another tip: I would strictly advise against using $_POST vars directly in your queries sent to mysql. This opens the door for SQL injection and allows for exploitation of your db. You need to clecn those vars first.
try this thread on PHP User Authentication and Passwords [webmasterworld.com] from our library [webmasterworld.com]. There are a few other interesting threads in there as well. ;)
<?php
if ((!$_POST[username]) ¦¦ (!$_POST[password])) {
header("Location: userlogin.htm");
exit;
}
$conn = mysql_connect("@@@.@@@", "@@@@", "@@@@@")
or die (mysql_error());
mysql_select_db("EugeneRC", $conn) or die(mysql_error());
$sql = "SELECT username FROM auth_users where username = '" . $_POST[username] . "' and password = password('" . $_POST[password] . "')";
$result = mysql_query($sql,$con) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$username = mysql_result($result, 0, 'username');
$password = mysql_result($result, 0, 'password');
$display_block = "<P>".$username." have been Authorized!</p>
<p>Your Authorized Abilities:
<ul>
<li><a href=\"fileupload.htm\">Upload Form</a>
</ul>";
} else {
header("Location: userlogin.htm");
exit;
}
?>
<html>
<head>
<title>Upload Form Login</title>
</head>
<body>
<? echo "$msg";?>
</body>
</html
<?php
include ('BottomPart.php')
?>
---------
Now this: Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/K/e/v/KevinKelm/html/userloginscript.php on line 15
lol this is hard!
$result = mysql_query($sql,$con) or die(mysql_error());
be like this:
$result = mysql_query($sql,$conn) or die(mysql_error());
Your Connection is conn and not con
Habtom
$sql = "SELECT username FROM auth_users where username = '" . $_POST[username] . "' and password = password('" . $_POST[password] . "')";
should go something like:
$sql = "SELECT username FROM auth_users where username = '" . $_POST[username] . "' and password = '" . $_POST[password] . "'";
Habtom
