session management in php

Question

Possible Duplicate:
Syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in PHP

Hello I am trying to design a web page in php to implement session and concept like login and logout.Below is my basic code.

<?php    
session_start();    
$host = "localhost";    
$username = "USERNAME";    
$password = "PASSWORD";    
$db = "test";    
@mysql_connect($host,$username,$password) or die ("error");    
@mysql_select_db($db) or die("error");    
?>

I am getting an error as unexpected_T_CONSTANT_ENCAPSED_STRING on line 3.Please help to remove this error.Is it anything wrong with SOL injection ?

Look at this question: http://stackoverflow.com/questions/2719350/syntax-error-unexpected-t-constant-encapsed-string-in-php — kpotehin, Dec 16 '12 at 11:11
have you tried using a framework? you shouldn't write your own login code; the security risk is too great — Thunder Rabbit, Dec 16 '12 at 11:11
You should also use `mysqli` functions instead of the old deprecated `mysql`. — Cyclonecode, Dec 16 '12 at 11:13
@prakash_d22: No, you should use prepared statements, for example with PDO. — hakre, Dec 16 '12 at 11:37

score 0 · Answer 1 · answered Dec 16 '12 at 11:24

First of all you should stop using MYSQL extension as it is going to be deprecated soon. Instead you should be looking into other alternatives which are rich and safer such as MySQLi or PDO_MySQL.

Check mysql_real_escape_string

As found in above page:

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be
used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
    mysqli_real_escape_string()
    PDO::quote()

session management in php

1 Answers1