Page 1 of 2 12 LastLast
Results 1 to 15 of 20

MySQL // .php help :S

This is a discussion on MySQL // .php help :S within the Tech Support forums, part of the Knight Online (ko4life.com) category; im using a registration script i found here ---> >LINK< and i am having a bit of a problem with ...
Page: 1


  1. #1
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    im using a registration script i found here ---> >LINK< and i am having a bit of a problem with the login.html and login.php. I successfully connected to the DB i can see user names, m5&#39;ed passwords, emails, and names show up. but... when ever i try to log in at login.php i get this error

    Code:
    Parse error: parse error, unexpected T_STRING in /home/www/forumlinkchecker.com/login.php on line 19
    this is the login.php script ....

    login.php
    Code:
    <?php
    
    //Database Information
    
    $dbhost = "EDITED OUT";
    $dbname = "EDITED OUT";
    $dbuser = "EDITED OUT";
    $dbpass = "EDITED OUT";
    
    //Connect to database
    
    mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
    mysql_select_db($dbname) or die(mysql_error());
    
    session_start();
    $username = $_POST[‘username’];
    $password = md5($_POST[‘password’]);
    
    $query = “select * from users where username=’$username’ and password=’$password’”;
    
    $result = mysql_query($query);
    
    if (mysql_num_rows($result) != 1) {
    $error = “Bad Login”;
    ****include “login.html”;
    
    } else {
    ****$_SESSION[‘username’] = “$username”;
    ****include “memberspage.php”;
    }
    
    ?>
    LINE #19 in login.php
    Code:
    $query = “select * from users where username=’$username’ and password=’$password’”;
    can anyone tell me whats the problem?

  2. #2
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    bump, no php people? =[

  3. #3
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    -,-

  4. #4
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    -,-???

  5. #5
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    gey

  6. #6
    The DON Senior Member Raekpacman's Avatar
    Join Date
    Aug 2006
    Location
    New Jersey
    Posts
    311

    Default

    LINE #19 unexpected T_STRING

    i dont know php, but in most languages quotations = text.

    In line 19 i see quotes, and the error says T_string (text string?)

    So if you haven&#39;t already take a look at that line...
    Sry if this doesn&#39;t help at all =P

  7. #7
    Banned
    Join Date
    Jan 2007
    Posts
    353

    Default

    chmod commands ?

    or
    $query = “select * from users where username=’$username’ and password=’$password’”;

    replace it with

    $query = “SELECT * FROM `users` WHERE `username=’$username’ and password=’$password’”;


    let me know if didnt work

    sometimes one small error could fuck the whole script up

  8. #8
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    nope now i have this error :S

    Code:
    Parse error: parse error, unexpected &#39;`&#39; in /home/www/forumlinkchecker.com/login.php on line 19

  9. #9
    Banned
    Join Date
    Mar 2006
    Posts
    191

    Default

    I&#39;m an idiot. It makes me cry.

  10. #10
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    I&#39;m an idiot. It makes me cry.[/b]
    im suppose to get a better answer here or something o.O? looks like a pretty dead section

    ill sign up tomorrow and post this there, off to work now =O


    EDIT: mod edited the quote -_-"

  11. #11
    grzequ
    Guest

    Default

    chmod commands ?

    or
    $query = “select * from users where username=’$username’ and password=’$password’”;

    replace it with

    $query = “SELECT * FROM `users` WHERE `username=’$username’ and password=’$password’”;
    let me know if didnt work

    sometimes one small error could fuck the whole script up[/b]
    u made same simular string mistake urself ~~ xD
    use
    $query = “SELECT * FROM `users` WHERE username=’$username’ and password=’$password’”;
    or
    $query = “SELECT * FROM `users` WHERE username=’" . $username . "’ and password=’" . $password . "’”;

    dont forget about the security, SQL injections are a pain in the ass

  12. #12
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    u made same simular string mistake urself ~~ xD
    use
    $query = “SELECT * FROM `users` WHERE username=’$username’ and password=’$password’”;
    or
    $query = “SELECT * FROM `users` WHERE username=’" . $username . "’ and password=’" . $password . "’”;

    dont forget about the security, SQL injections are a pain in the ass[/b]
    same error msg as last time =S what would happen if we removed the quotes ?

  13. #13
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    up

  14. #14
    Banned
    Join Date
    Dec 2007
    Posts
    1,195

    Default

    bump for the night <_<

  15. #15
    NosferatuSoldier
    Guest

    Default

    Code:
    <?php
    
    //Database Information
    
    $dbhost = "EDITED OUT";
    $dbname = "EDITED OUT";
    $dbuser = "EDITED OUT";
    $dbpass = "EDITED OUT";
    
    //Connect to database
    
    mysql_connect( $dbhost, $dbuser, $dbpass) or die("Could not connect: ".mysql_error());
    mysql_select_db($dbname) or die(mysql_error());
    
    session_start();
    $username = mysql_real_escape_string(addslashes($_POST[&#39;username&#39;]));
    $password = md5($_POST[&#39;password&#39;]);
    
    $query = "select * from users where username=&#39;$username&#39; and password=&#39;$password&#39;";
    
    $result = mysql_query($query);
    
    if (mysql_num_rows($result) != 1) {
    $error = "Bad Login";
    ****include("login.html");
    
    } else {
    ****$_SESSION[&#39;username&#39;] = "$username";
    ****include("memberspage.php");
    }
    
    ?>
    Should work, haven&#39;t coded PHP in years. Also, please don&#39;t use public scripts, they&#39;re easily bypassed. Notice how I called Mysql_Real_Escape_String for the username? This is because the script in its current state (had it worked) would have been SQL Injectible. Give me a PM if this doesn&#39;t work or if you have any other needs.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •