Syntax Error unexepected $end

[RedNeckRabbit93]

I have spent hours setting this code up along with the other parts of my site only to have a frustrating error keep populating. I have debugged all other errors but this one eludes me. Any chance ya'll could take a look and help me out? I appreciate it. Here is the code:

 

<?php 

/* I have intentionally removed these details for my own security */

$host="";
$user="";
$password="";
$db="";

mysql_connect($host,$user,$password);
mysql_select_db($db);

if(isset($_POST['username'])){
	$uname=$_POST['username'];
	$password=$_POST['password'];
	
}
	$sql="select * from auth where user='.$uname'AND Pass='.$password.' limit 1;
	
	$result=mysql_query($sql);
	
/*This if statement is the section that states I have an unexpected $end syntax error */
	if(mysql_num_rows($result)==1){
	header('Location: pay.php');
	exit();
	
	else{
		echo 'Username or Password is incorrect! Please try again.';
		exit();
	}
}

?>

 

[menator01]

From code displayed, you are missing a closing " in $sql="select * from auth where user='.$uname'AND Pass='.$password.' limit 1;

and your  } in the if statement is in the wrong place

[dodgeitorelse3]

you are also missing a dot in your where user='.$uname

Edited March 19, 2023 by dodgeitorelse3
typo

[Strider64]

Personally I would throw that script into file 13 and use PDO as it is more versatile and it isn't obsolete like mysql is.

A good reference on PDO is this https://phpdelusions.net/pdo

I would come up with a script something like the following ->

<?php
// Start the session
session_start();

// Connect to the database
$dsn = 'mysql:host=localhost;dbname=mydatabase';
$username = 'myusername';
$password = 'mypassword';
$options = array(
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
try {
    $pdo = new PDO($dsn, $username, $password, $options);
} catch (PDOException $e) {
    die('Database connection failed: ' . $e->getMessage());
}

// Check if the login form was submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  // Retrieve the submitted form data
  $username = $_POST['username'];
  $password = $_POST['password'];
  
  // Validate the form data
  if (empty($username) || empty($password)) {
    echo 'Please enter your username and password.';
    exit();
  }
  
  // Query the database to verify the username and password
  $sql = "SELECT * FROM users WHERE username = :username LIMIT 1";
  $stmt = $pdo->prepare($sql);
  $stmt->bindParam(':username', $username);
  $stmt->execute();
  $user = $stmt->fetch();
  
  if ($user && password_verify($password, $user['password'])) {
    // Set session variables to indicate that the user is logged in
    $_SESSION['loggedin'] = true;
    $_SESSION['username'] = $user['username'];
    
    // Redirect the user to a protected page
    header('Location: protected.php');
    exit();
  } else {
    echo 'Incorrect username or password.';
    exit();
  }
}
?>

Just my opinion and I think it would save you a lot of headaches in the long run.

[RedNeckRabbit93]

@menator01 Your suggestions helped me find the exact errors I was having trouble with. I appreciate the help. I guess once you spend hours looking at code that you tend to miss things, especially when something should work right and it doesn't. Now the only error I get is 

Quote

Fatal error: Uncaught Error: Call to undefined function mysql_connect() in 

@dodgeitorelse3 I have no clue how I missed that. I'm glad one of us had a sharp eye. Thank you.

 

@Strider64 I have not taken the time to familiarize myself with PDO though I have heard of it. I never bothered to learn to use it, relying instead on older methods that I was more familiar with. I guess it is time to start evolving with the times and getting myself familiar with newer methods. I will research PDO and see if I can start using it instead. Thank you for the suggestion! 

[ginerjm]

Definitely switch to PDO and NOT MysqlI   The PDO interface is much easier to use .   The latter may seem to be the simple choice but there would be much more to learning to use it than simply adding the "I" character to it.