views:

136

answers:

3

I'm trying to have a login form in php. But my current code doesnt work. Here is the form:

<form name="form1" method="post" action="loginverify.php">
<td><font size="3">Username:</td>
<td></td>
<td><input type="text" name="uname" value=""  maxlength="15"/><br/></td>
<td><font size="3">Password:</td>
<td></td>
<td><input type="text" name="pword" value=""  maxlength="15"/><br/></td>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login" /></td>
</form>

And the verify.php

<?php
session_start();
 ?>
<?php
$host="localhost";
$username="root";
$password="n%^";
$db_name="login";
$tbl="users";

$connection=mysql_connect($host, $username, $password) or die("cannot connect");
mysql_select_db($db_name, $connection) or die("cannot select db");

$user=$_POST['uname']
$pass=$_POST['pword']

$sql="SELECT Username, Password from users where Username='$user' and Password='$pass'";
$result=mysql_query[$sql];

$count=mysql_num_rows($result);
if($count==1){
    $SESSION['Username']=$user;
    echo"<a href='searchmain.php'> CONTINUE</a>";
}
else{
    echo"wrong username or password";
    echo"<a href='loginform.php'>Back</a>";
}
?>

Is there something wrong with my code. I get this parse error at line 15, which is this: $pass=$_POST['pword']

But when I try to remove it.It goes to line 16 or line 17 again. What do I do

+14  A: 

You are missing semicolon at the end of these lines:

$user=$_POST['uname']
$pass=$_POST['pword']

should be:

$user=$_POST['uname'];
$pass=$_POST['pword'];

The semicolon signifies the end of a PHP statement and should never be forgotten.

Lets take a simple program:

<?php
$user=$_POST['uname']
$pass=$_POST['pword']
?>

Now the error thrown by php is: Parse error: syntax error, unexpected T_VARIABLE on line 3.

After parsing line 2 php is expecting a statement terminator, a semi-colon, which it can find even on the next line as:

<?php
$user=$_POST['uname']
; $pass=....

But since it finds a variable ($pass), which in PHP's terminology is T_VARIABLE, instead of a statement terminator it gets upset and spits the error. So even though the error was in line 2 it got reported in line 3.

There is one important exception of the above mentioned rule:

The closing tag of a block of PHP code automatically implies a semicolon; you do not need to have a semicolon terminating the last line of a PHP block.

So the following is absolutely correct:

<?php
$user=$_POST['uname']; 
$pass=$_POST['pword'] // ; is optional here !!!
?>
codaddict
The ?> is optional, too (and, in fact, leaving it out is the recommended coding practice of the Zend Foundation).
Brock Batsell
+1 clear and simple explanation. I would add that the last example, though correct is a (little) bad practice. If you add code to the program you have to add the semicolon too, it is too easy to forgot it. Consider the semicolon as a statement *terminator* and not as a statement *separator* (it remember me the c vs pascal diatribe).
Eineki
+1 for the Explanation that the last ; is optional
Tokk
+3  A: 

Add semicolons to terminate these lines:

$user=$_POST['uname'];
$pass=$_POST['pword'];
Brock Batsell
+6  A: 

Apart from the missing semi-colons, this is also wrong :

$result=mysql_query[$sql];

You are making a function call, not accessing an array so it should be

$result=mysql_query($sql);

On a side note :

If you are going to use the code in the real world, watch out for SQL injection. You are placing submitted form values directly into an SQL query without first sanitising them.

$sql="SELECT Username, Password from users where Username='$user' and Password='$pass'";

Someone could submit values for username and password such that you send a query to the database that you had not intended. It would be possible to log in without knowing a valid username/password combination.

Stephen Curran