mig_29 Posted October 14, 2017 Share Posted October 14, 2017 I am using XAMPP and myphpadmin to try to get this login form to work, but whenever I try to execute I get this error: Parse error: syntax error, unexpected '$result' (T_VARIABLE) in C:\xampp\htdocs\project2\reg.php on line 24 When I tried to validate the code, I got this: PHP Syntax Check: Parse error: syntax error, unexpected '$result' (T_VARIABLE) in your code on line 24$result = mysqli_query($conn, $sql); PHP Syntax Check: Errors parsing your code Here is the code, i made the text blue on line 24. <?php $cookie_name = "loggedin"; $servername = "localhost"; $username = "root"; $password = ""; $database = "pro2"; $conn = mysqli_connect($servername, $username, $password, $database); if (!$conn) { die("Database connection failed: ".mysqli_connect_error()); } if (isset($_POST['login'])) { $user = $_POST['username']; $pass = $_POST['password']; $phash = sha1(sha1($pass."salt")."salt"); $sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';" $result = mysqli_query($conn, $sql); $count = mysqli_num_rows($result); if ($count == 1) { $cookie_value = $user; setcookie($cookie_name, $cookie_value, time() + (180), "/"); header("Location: personal.php"); } else { echo "Username or Password is incorrect!"; } } else if (isset($_POST['register'])) { $user = $_POST['username']; $pass = $_POST['password']; $phash = sha1(sha1($pass."salt")."salt"); $sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$phash');" $result = mysqli_query($conn, $sql); } ?> Link to comment Share on other sites More sharing options...
requinix Posted October 14, 2017 Share Posted October 14, 2017 Take a good, hard look at the line before it. It has a problem. If you don't see it at first, step away from the computer for a bit and come back to it later. Which is not to say the rest of the code is good. It is not. Wherever you learned to do all that, forget everything and try learning anew from a better place. Link to comment Share on other sites More sharing options...
NotionCommotion Posted October 14, 2017 Share Posted October 14, 2017 Your missing your trailing semicolon. Ps. You don’t need one in your query. Link to comment Share on other sites More sharing options...
mig_29 Posted October 14, 2017 Author Share Posted October 14, 2017 Thank you, I was just about to take this down because I saw the semicolon. I've been working on it for a while so I DO need to step away and refresh. Thanks again! Link to comment Share on other sites More sharing options...
cyberRobot Posted October 16, 2017 Share Posted October 16, 2017 In case you're not aware, the PHP manual talks about safe password hashing here: http://php.net/manual/en/faq.passwords.php You'll also want to look into prepared statements to protect yourself from SQL injection attacks. Or, if you need time to wrap your mind around prepared statements, you could use the following function: http://php.net/manual/en/mysqli.real-escape-string.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.