Page 1 of 1

syntax error

Posted: Tue Jan 31, 2012 12:26 pm
by digrev01
could you please say what is wrong here the error message says syntax error on line 26

<?php
$username=$_POST['username'];
$pass=$_POST['password'];
if($username && $pass)
{

$connect=mysql_connect("localhost","root","") or die("error");
mysql_select_db("phplogin") or die("db error");
$query=mysql_query("select * from users where username='$username'");
$numrows=mysql_num_rows($query);
echo $numrows;
if($numrows!=0)
{

while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpasswords=$row['password'];
}

if($username==$dbusername&& $pass==$dbpasswords)


echo "you are in";

?>

Re: syntax error

Posted: Tue Jan 31, 2012 1:23 pm
by Celauran

Code: Select all

if ($username && $pass)
{
and

Code: Select all

    if ($numrows != 0)
    {
are never closed.

There's also a space missing before the && here:

Code: Select all

if($username==$dbusername&& $pass==$dbpasswords)
While we're at it, you're passing user data directly into a query, which can end in tears. Also looks like you're storing passwords in plain text.

Re: syntax error

Posted: Tue Jan 31, 2012 1:57 pm
by digrev01
hi again , i am sorry my poor english .i think its done but this time i am getting another error messages

"Notice: Use of undefined constant dbpasswords - assumed 'dbpasswords' in C:\wamp\www\loginsession\login.php on line 19"

Re: syntax error

Posted: Tue Jan 31, 2012 2:19 pm
by Celauran
Probably missing a $ before a variable name.

Re: syntax error

Posted: Wed Feb 01, 2012 7:46 am
by digrev01
hi celauran ,you are probably right but i couldnt find any mistakes
<html>
<form action="login.php" method="post">
Username:<input name="username" type="text"><br>
Pssword:<input name="password" type="password"><br>
<input name="submit" type="submit" value=" login">

</form>



</html>
<?php
$username=$_POST['username'];
$pass=$_POST['password'];
if($username && $pass)
{

$connect=mysql_connect("localhost","root","") or die("error");
mysql_select_db("phplogin") or die("db error");
$query=mysql_query("select * from users where username='$username'");
$numrows=mysql_num_rows($query);
echo $numrows;


while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpasswords=$row['password'];
}
if($username==$dbusername&&$pass==dbpasswords)
{
echo "log in";
}



}

?>

Re: syntax error

Posted: Wed Feb 01, 2012 8:06 am
by Celauran
Two mistakes right here:

Code: Select all

if($username==$dbusername&&$pass==dbpasswords)
Corrected:

Code: Select all

if($username == $dbusername && $pass == $dbpasswords)

Re: syntax error

Posted: Wed Feb 01, 2012 9:14 am
by digrev01
thank you Celauran saved me again