0

Check my code, everytime I press submit it tells me...

Parse error: syntax error, unexpected T_STRING in /1111111111/2222222222222222222/33333333/444444444444444444444444444 on line 21

Its frustrating. I thought I had everthing right. Here's my php file:

<?php
    $email = $_POST['email'];
    if ($username == null ||$email == null ||$password == null ) 
{ 
die("You must fill out everything on the form!"); 
} 
else 
{ 
//continue...

}  
$conn = mysql_connect("$############", "$############","$#############") or                die(mysql_error());
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 
else 
{ 
mysql_select_db("xxxxxxxxx_xxxxx", $conn);

$alreadyexists = mysql_query(SELECT password FROM login WHERE email = $email); 

if ($alreadyexists != null) 
{ 
die('This email has already been registered. Please use a different email.'); 
}  
$alreadyexists = mysql_query(SELECT password FROM login WHERE username exist =     $username); 

if ($alreadyexists != null)  
{ 
die('This username has already been registered. Please use a different email.'); 
}  
mysql_query("INSERT INTO Persons (username,email,password) 
VALUES ($username,$email,$password)");
}  
?>

Do you find anything wrong, if so plz state and help me fix it, or provide an alternative registration form. Im using 000webhost, should I switch to another hosting provider because there connections are to hard to use.

Riong Riong
  • 9
  • 1

3 Answers3

2

You're missing quotes around your query:

$alreadyexists = mysql_query(SELECT password FROM login WHERE email = $email);

should be

$alreadyexists = mysql_query("SELECT password FROM login WHERE email = $email");
John Conde
  • 217,595
  • 99
  • 455
  • 496
0

Your SQL queries should be quoted:

<?php
    $email = $_POST['email'];
    if ($username == null ||$email == null ||$password == null ) 
{ 
die("You must fill out everything on the form!"); 
} 
else 
{ 
//continue...

}  
$conn = mysql_connect("$############", "$############","$#############") or                die(mysql_error());
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 
else 
{ 
mysql_select_db("xxxxxxxxx_xxxxx", $conn);

$alreadyexists = mysql_query("SELECT password FROM login WHERE email = $email"); 

if ($alreadyexists != null) 
{ 
die('This email has already been registered. Please use a different email.'); 
}  
$alreadyexists = mysql_query("SELECT password FROM login WHERE username exist =     $username"); 

if ($alreadyexists != null)  
{ 
die('This username has already been registered. Please use a different email.'); 
}  
mysql_query("INSERT INTO Persons (username,email,password) 
VALUES ($username,$email,$password)");
}  
?>

But be aware that your code is opened for sql injection attacks, as you are not processing data coming from client.

Also mysql extension is deprecated as of PHP 5.5.0, and will be removed in the future. I suggest you to use PDO_MySQL.

Timur K.
  • 36
  • 3
0

What version of PHP are you using? Mysql_ is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Having said that, it will still work, but if you're starting out now, use Mysqli or PDO. When should I use MySQLi instead of MySQL?

Read up on validating and sanitising input too. Have you learnt how to indent properly yet?

You've got $conn and $con being used. Use consistent variable names; it will never return that error.

$conn = mysql_connect("$############", "$############","$#############") or                die(mysql_error());
if (!$con) { 
    die('Could not connect: ' . mysql_error()); 
}

So, are you sure its connecting to the database successfully? If it is, make sure your queries are surrounded by " ". Which is probably your problem. You looked at what the error was telling you right? Line 21? Don't be afraid to have a play around, use examples and take note of the small things they do (providing its a good example). If you don't understand some code, read up on it using the php manual

Community
  • 1
  • 1
Impulss
  • 271
  • 4
  • 19
  • if I use mysqli, do I simply change my current mysql to mysqli – Riong Riong Sep 25 '13 at 14:32
  • Mysqli is definitely a lot simpler to upgrade to from mysql_ than PDO. Unfortunately its not as simple as replacing mysql with mysqli. If you go through the php manual for mysql you can see the corresponding mysqli functions to help you rewrite it. You can replace mysql_connect and mysql_select_db with: $mysqli = new mysqli("localhost", "user", "password", "database"); which will do both. Then use $mysqli->query("DROP TABLE IF EXISTS test") to execute queries, preparing them first. Read up on that too! – Impulss Sep 25 '13 at 21:45
  • where should I add the "mysql_select_db" because as you can see I currently do not have it, I fixed the quotes and everything so the error went away, thanks. But now when I press submit, it tells me "You must fill out everything on the form", which was a DIE attribute in the beginning if everything was blank on the sign up, well even when I do put the info I need it still wont work. Is it because I havent connected it to a database table? – Riong Riong Sep 26 '13 at 02:40
  • You do have mysql_select_db though? In your php you aren't using POST or GET to retrieve $username or $password, only the $email. As its not getting a value it would assume its null and be throwing that error. – Impulss Sep 26 '13 at 04:15
  • I am selecting a database, it's just that I haven't selected the actual table that has these criteria's. Does it add the user info to a table with "email", "username", "password" in the table rows, or where is the info stored in the database. – Riong Riong Sep 26 '13 at 11:14
  • Yeah you are :P You have "mysql_query(SELECT password FROM login WHERE email = $email);" Database query broken down "SELECT fields FROM table WHERE condition" So as long as you have a table called login with those fields in it and they match datatype ie you're not storing text in an int, it will be fine. – Impulss Sep 26 '13 at 22:43