0

I'm a beginner at PHP, I'm attempting a website to sign up and etc. I keep in getting an error "unexpected 'catch' (T_CATCH) in C:\wamp\www\ass\signup.php on line 67" whenever I click submit on my sign up form (It's in a different html form). The following is the code for my php file that's called when I hit submit on the html form. Please help and very sorry if there are a lot of rookie mistakes here. As I said, I'm a beginner.

    <?php

include('connect.php');

$username =$_POST['username'];
$firstname = $_Post['firstName'];
$lastname = $_Post['lastName'];
$emailadd = $_POST['emailAdd'];
$gender = $_POST['gender'];
$userpassword = $_Post['userPassword'];
$dayofbirth = $_POST['dayOfBirth'];
$monthofbirth = $_POST['monthOfBirth'];
$yearofbirth = $_POST['yearOfBirth'];
$profiledesc = $_POST['profileDesc'];

$date = $_POST['yearOfBirth'] . '-' . $_POST['monthOfBirth'] . '-' . $_POST['dayOfBirth'];


    try {
    $host = "localhost";
    $username = "root";
    $password = "";
    $database = "users";
    $dsn = "mysql:host=$host;dbname=$database";

    $conn = new PDO( $dsn, $username, $password );
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql = "INSERT INTO userProfile("
    . "username, firstName, lastName, emailAdd, gender, userPassword, birthday, profileDesc" 
    . " ) VALUES (" 
    . "'" . $lastname . "',"
    . "'" . $firstname . "',"
    . "'" . $emailadd . "',"
    . "'" . $gender ."';"
    . "'" . $userpassword ."';"
    . "'" . $date ."';"
    . "'" . $profiledesc ."';";


    $conn->query($sql);

    $sql = "SELECT * FROM users";
    $users = $conn-query($sql);
    echo '<table>';
    echo '<tr>';
    echo '<th>First Name</th>
          <th>Last Name</th>
          <th>Email Address</th>
          <th>Gender</th>';
    echo '<tr>';
    foreach ($users as $users) {
    echo '<tr>';
    echo '  <td>' . $users['firstName'] . '</td>';
    echo '  <td>' . $users['lastName'] . '</td>';
    echo '  <td>' . $users['emailAdd'] . '</td>';
    echo '  <td>' . $users['gender'] . '</td>';
    echo '  </tr> ';

}

echo '</table>';

        $conn = null;

    catch (PDOException $e) {
        $conn = null;
        exit("Connection failed: " . $e->getMessage());
    }
?>
koffery
  • 53
  • 1
  • 1
  • 5
  • You have a SQL injection vulnerability. – SLaks May 04 '14 at 13:52
  • **Do not store passwords in plain text**! – SLaks May 04 '14 at 13:53
  • SO I've fixed a lot of syntax errors, especially the insert values part. I'm currently getting an error that says "unexpected '$conn' (T_VARIABLE) etc". Could anyone tell me how is this error happening? I will fix the code myself, if someone could at least tell me how this error happens. thank you – koffery May 04 '14 at 14:02
  • Missing closing `)` for your VALUES, being one of the problems here. – Funk Forty Niner May 04 '14 at 14:29
  • 1
    I find it particularly odd that I've outlined one (and more) of the problems with OP's code, while nobody else caught two (or more) very important errors, and I'm the one who gets downvoted. Classic. Annoyed, damn straight. – Funk Forty Niner May 04 '14 at 14:31

3 Answers3

5

You are missing the closing brace of try block

$conn = null;
}// this brace
catch (PDOException $e) {
    $conn = null;
    exit("Connection failed: " . $e->getMessage());
}

You also have syntax errors in your INSERT Command (missing parenthesis, extra semi colon) and is vunerable to SQL injection. I don't want to lecture you about security but you are using PDO so you might as well prepare your query at least:

$sql = "INSERT INTO userProfile
        (username, firstName, lastName, emailAdd, gender, userPassword, birthday, profileDesc) 
        VALUES (:lastname, :firstname, :emailadd, :gender, :userpassword, :date, :profiledesc)";


$conn->prepare($sql);
$conn->execute(array(
                ':lastname' => $lastname ,
                ':firstname' => $firstname,
                ':emailadd' => $emailadd,
                ':gender' => $gender,
                ':userpassword' => $userpassword,
                ':date' => $date,
                ':profiledesc' => $profiledesc
));
meda
  • 45,103
  • 14
  • 92
  • 122
  • I see. Don't mind your lecture since I'm learning after all. Thank you, kind sir. I'll update the INSERT part and shall use prepared statements later. – koffery May 04 '14 at 14:18
  • @user3601444 yeah get it to work, then refactor, secure, eat your vegetables etc... `:D` – meda May 04 '14 at 14:20
1

Formatting the code will help you resolve the issue. I guess it's syntax error, but however, if you still cannot find why it comes. catch block requires try to be closed like

try { smth } catch {

However, you do not have closing brace into your try block.

It might need to be after $conn = null; I guess

Royal Bg
  • 6,988
  • 1
  • 18
  • 24
0

You need to close the try block before calling catch:

$conn = null;

} catch (PDOException $e) {
Mureinik
  • 297,002
  • 52
  • 306
  • 350