abdelrahman_mohamed Posted November 13, 2022 Share Posted November 13, 2022 iam using php an xampp to make login form but there is a problem when itry to log in i get this : Parse error: syntax error, unexpected '$result' (T_VARIABLE) in C:\xampp\htdocs\test\login1.php on line 6 here is my php code <?php if($_SERVER['REQUAST_METHOD']=='POST'){ include 'connect.php'; $sql="SELECT * FROM `users` where email='$email' and password='$password';" $result=mysqli_query($sql); if($result){ $num=mysqli_num_rows($con,$result); if($num>0){ echo "login successful"; }else{ echo "invaild"; } } } ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted November 13, 2022 Share Posted November 13, 2022 Missing semicolon at end of line 5. You have it inside the string instead of after it. Quote Link to comment Share on other sites More sharing options...
dodgeitorelse3 Posted November 13, 2022 Share Posted November 13, 2022 are you sure of your spelling in REQUAST_METHOD? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 13, 2022 Share Posted November 13, 2022 Here is a cleaner looking copy of your code. if($_SERVER['REQUAST_METHOD']=='POST') { include 'connect.php'; $sql = "SELECT * FROM users where email='$email' and password='$password'"; $result = mysqli_query($sql); if($result) { $num = mysqli_num_rows($con,$result); if($num > 0) echo "login successful"; else echo "invaild"; } Now if you just clean up your spelling it just may work. Quote Link to comment Share on other sites More sharing options...
Barand Posted November 13, 2022 Share Posted November 13, 2022 While you are fixing the spelling, there are one or two other things you might want to consider. Don't use SELECT *. The more data you fetch from the server, the slower the query and you don't need every column. In this case you would want the user's id to store in your session variables as evidence of logging in. Don't put user-provided variable directly ito your query. It makes it vulnerable to an SQL injection attack. Use prepared statements instead. Don't store passwords as plain text, it's insecure. Use password_hash() when storing and password_verify() when checking. Check the manual for the correct parameters to us with mysql_query(). If you follow the above you should end up with somethng like $res = $con->prepare("SELECT user_id , password FROM users WHERE email = ? "); $res->bind_param('s', $email); $res->execute(); $res->bind_result($user_id, $hash); if ($row = $res->fetch()) { if (password_verify($password, $hash)) { $_SESSION['user_id'] = $user_id; echo "login successful"; } else { echo "invaild"; } } else echo "invalid"; A final piece of advice. As you haven't invvested a great deal of time into learning mysqli, now is a good time tme to switch to the better PDO interface. In which case the code becomes $res = $con->prepare("SELECT user_id , password FROM users WHERE email = ? "); $res->execute([ $email ]); if ($row = $res->fetch()) { if (password_verify($password, $row['password'])) { $_SESSION['user_id'] = $row['user_id']; echo "login successful"; } else { echo "invaild"; } } else echo "invalid"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.