-3

I am trying to make a Login System for my Website.

I have tried/looked at a few videos to solve my problem but I am still unsure of what I am doing wrong.

For a better Look at my code please view this Link: http://prntscr.com/2jeye5

Parse error: syntax error, unexpected '$myusername' (T_VARIABLE) in C:\xampp\htdocs\login.php on line 10

Line 10 starts with $myusername = $_POST['user']; in the code listed below.

<?php
    $dbhandle = mysql_connect($hostname, $password) or die("Could not connect to database");

    $selected = mysql_select_db("login", $dbhandle)

    $myusername = $_POST['user'];
    $mypassword = $_POST['pass'];

    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);

    $query = "SELECT * FROM users WHERE Username='$myusername' and Password=$mypassword'";
    $result = mysql_query($query);
    $count = mysql_num_rows($result);

    if($count==1){
        echo 'It worked';
    }
?>
Cœur
  • 37,241
  • 25
  • 195
  • 267
Finny
  • 1
  • 4
  • 2
    There's something missing on the preceding line. Look at it. -- Your SQL also lacks quotes around the second string value. – mario Jan 15 '14 at 00:02
  • stripslashes() dose **not** sanitise db inputs. you shouldn't be using un hashed passwords –  Jan 15 '14 at 00:02
  • Do you have any form or first page where the user can input he's/her username and password before this page? – Aljie Jan 15 '14 at 00:03
  • Please learn about [SQL injection defense](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and [proper password hashing](http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html). – Bill Karwin Jan 15 '14 at 00:07

3 Answers3

1

Terminate line 8, and you're missing a single-quote before $mypassword.

bearfriend
  • 10,322
  • 3
  • 22
  • 28
1

Missing semi colon

$selected = mysql_select_db("login", $dbhandle)

should be

$selected = mysql_select_db("login", $dbhandle);

Since username and password are probably strings, it should be enclosed in quotes

$query = "SELECT * FROM users WHERE Username='$myusername' and Password=$mypassword'";

should be

$query = "SELECT * FROM users WHERE Username='$myusername' and Password='$mypassword'";
0

Just try this:

$dbhandle = mysql_connect($hostname, $password) or die("Could not connect to database");

$selected = mysql_select_db("login", $dbhandle);

if(isset($POST['user']) && isset($POST['pass']))
{
  $myusername = stripslashes($POST['user']);
  $mypassword = stripslashes($POST['pass']);

   $query = "SELECT * FROM users WHERE Username='$myusername' and Password='$mypassword'";
   $result = mysql_query($query);
   $count = mysql_num_rows($result);

   if($count==1){
   echo 'It worked';
}
else
{
    echo 'Not worked';
}
Aljie
  • 190
  • 1
  • 4
  • 15