-2

Can anybody tell me what is wrong with my code? I cant seem to solve this error:

Parse error: syntax error, unexpected 'mytable' (T_STRING) in E:\XAMP server\htdocs\fyp\login.php on line 11

<?php

    $user = ‘minzhe’;
    $pswd = ‘2818327’;
    $db = ‘trial’;
    $conn = mysql_connect(‘localhost’, $user, $pswd);
    mysql_select_db($db, $conn);

    $un = $_POST['username'];
    $pw = $_POST['password'];

    $query = “SELECT * FROM mytable WHERE username = ‘$un’ AND password =  ‘$pw’”;
    $result = mysql_query($query);

    if(mysql_num_rows($result) >0)
        echo 1;
    else
        echo 0;

?>
Rizier123
  • 58,877
  • 16
  • 101
  • 156
beginner
  • 1
  • 3
  • If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 09 '15 at 14:54
  • [Your script is at risk for SQL Injection.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Jun 09 '15 at 14:54
  • [Don't limit passwords](http://jayblanchard.net/security_fail_passwords.html) and [use the proper methods to hash passwords with PHP](http://jayblanchard.net/proper_password_hashing_with_PHP.html). – Jay Blanchard Jun 09 '15 at 14:54
  • 2
    @JayBlanchard: I liked **arse error** better. – AbraCadaver Jun 09 '15 at 14:55

2 Answers2

1

Don't use a word processor to edit your code:

$user = ‘minzhe’;
        ^------^

You've got "smart quotes" everywhere, and they are NOT valid quotes in PHP. They have to be ' or ".

You are also vulnerable to sql injection attacks.

Marc B
  • 356,200
  • 43
  • 426
  • 500
0

your computer is defaulting to curvy quotation marks. which PHP cannot read;

“ should be replaced with "

and ‘ should be replaced with '

Dimi
  • 1,255
  • 11
  • 20