-3

I don't understand why this doesn't work? It's a register form checking if fields are filled in,password is equal to retype password, and if it doesn't already exist in database.

I get this error: Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/a4550840/public_html/newreg.php on line 32

But I already put a ';' at line 32 ... I don't understand why this error occurs.

Any help is appreciated :).

EDIT: Fixed that error ^ and added the mysql_real_escape_string , but it doesn't register the information to the database for some reason?

EDIT: It works now :), took away the quotations from the query

<?php

include ('connect.php');

if ($_POST['submit']) {

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$repassword = mysql_real_escape_string($_POST['repassword']);
$email = mysql_real_escape_string($_POST['email']);

if ($username && $password && $repassword && $email){


  if ($password == $repassword) {

      $check = mysql_query("SELECT * FROM members WHERE username='$username' ");
      $countrows = mysql_num_rows($check);

      if ($countrows == 0){

          mysql_query("INSERT INTO members ('username','password','email') VALUES      ('$username','$password','$email') ");

      } else {

        echo 'Username already exists';

      }

  } else {

     echo 'Passwords don'\t match';
  }


  } else {

  echo 'Fill in the fields';  
  }

  } else {

  echo 'Register please';   

}

  ?>
user3102740
  • 3
  • 2
  • Could you define "doesn't work"? What actually happens? – lurker Dec 14 '13 at 17:40
  • What errors are you getting? Also, you should think carefully about how you're using untrusted variables in your SQL.http://en.wikipedia.org/wiki/SQL_injection – koosa Dec 14 '13 at 17:40
  • Yeah i know about the sql injection, this is just to learn how to make a register script in php – user3102740 Dec 14 '13 at 17:41
  • I'm going to sarcastically say it doesn't work because you use the `mysql_*` functions... ;) lol – Goldentoa11 Dec 14 '13 at 17:41
  • 1
    @user3102740: I'd advise you to learn the correct way to begin with, and not have the growing pains of `mysql_*`. At the very least, start with `mysqli` and prepared statements, if you aren't ready for PDO yet. – Madara's Ghost Dec 14 '13 at 17:43
  • The lack of prepared statements alone should turn you away from the `mysql_*` api. – Goldentoa11 Dec 14 '13 at 17:53
  • Haha, why does everyone hate mysql_* ? – user3102740 Dec 14 '13 at 17:57
  • @user3102740 Because they are no longer maintained and are officially deprecated. Also prepared statements aren't supported. See [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – user555 Dec 14 '13 at 18:04

2 Answers2

3

You have a problem here:

echo 'Passwords don't match';

You need scape single quote as:

echo 'Passwords don\'t match';

or

echo "Passwords don't match";

NOTE: Your code is vulnerable to sql injection, you should use mysql_real_scape_string() before to pass yours parameters as sql query.

I suggest:

$username = mysql_real_scape_string($_POST['username']);
$password = mysql_real_scape_string($_POST['password']);
$repassword = mysql_real_scape_string($_POST['repassword']);
$email = mysql_real_scape_string($_POST['email']);

TIP: When your are testing (in dev environment) mysql querys, you should combine die(mysql_error()) at the end of line to check if you has a problem like as:

mysql_query('your sql') or die(mysql_error()).

If you have an error, this cause your app die an show the mysql error.

Ignacio Ocampo
  • 2,693
  • 1
  • 20
  • 31
  • Oh wow, Stupid mistake man :P . Now it works but it doesn't insert the information into the database? – user3102740 Dec 14 '13 at 17:46
  • Try change: `INSERT INTO members ('username','password','email')` for `INSERT INTO members (username,password,email)` are you sure that you don't have another field in table that should be filled? – Ignacio Ocampo Dec 14 '13 at 17:48
  • Another tip: When your are testing **mysql** querys, you should combine `die(mysql_error())` at the end to check what's the problem like as: `mysql_query('your sql') or die(mysql_error())`. If you have an error, this cause your app die an show the mysql_error. – Ignacio Ocampo Dec 14 '13 at 17:50
  • Actually he shouldn't be using `mysql_*` functions at all. – user555 Dec 14 '13 at 17:51
  • Thanks man, works now :)) – user3102740 Dec 14 '13 at 17:54
0

See this reference.

This error shows the earliest time it encounters a problem. The problem is on that line, or on a previous line. In this case you didn't escape a quote, so the parser found the rest of your string while it expected a , or ;. If you look at the colouring of your code, you'll see that more easily. The correct line would be

echo 'Passwords don\'t match';
Community
  • 1
  • 1
Sumurai8
  • 20,333
  • 11
  • 66
  • 100