-1

I'm trying to make my login work, the problem is whenever i press Sign Up i get an error, as i see the line 112 is the }else{, so im wondering, is there a work around for the ELSE part on a foreach? Thanks!

Parse error: syntax error, unexpected 'else' (T_ELSE) in F:\xampp\htdocs\SocialMedia\first\index.php on line 112

This is my code:

if(isset($_POST['user_login']) && isset($_POST['password_login'])){
  $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['user_login']);
  $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password_login']);
  $password_login_md5 = md5($password_login);

  $sql = $databaseConnection->prepare('SELECT id,username,password, FROM  users WHERE username = :user_login, password = ":password_login_md5"');
  $sql->bindParam(':user_login', $user_login);
  $sql->bindParam(':password_login_md5', $password_login_md5);
  $sql->execute();
  $userCount = $sql->rowCount();

  foreach($userCount as $row){

    if($row > 0){
      $id = $row['id'];
    }
    $_SESSION["user_login"] = $user_login;
    header("Location: index.php");
    exit();
  }else{
    echo "That information is incorrect, try again";
  }
}
?>

Thanks in advance!

EDIT: this is what i have now:

if(isset($_POST['user_login']) && isset($_POST['password_login'])){
  $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['user_login']);
  $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password_login']);
  $password_login_md5 = md5($password_login);

  $sql = $databaseConnection->prepare('SELECT id,username,password, FROM  users WHERE username = :user_login, password = ":password_login_md5"');
  $sql->bindParam(':user_login', $user_login);
  $sql->bindParam(':password_login_md5', $password_login_md5);
  $sql->execute();
  $userCount = $sql->rowCount();
  if($userCount){
    foreach($userCount as $row){
      if($row > 0){
        $id = $row['id'];
      }
    }
  }else{
    echo "information incorrect";
  }
}

No errors in there, just whenever i press Login i get this error:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in F:\xampp\htdocs\SocialMedia\first\index.php:101 Stack trace: #0 F:\xampp\htdocs\SocialMedia\first\index.php(101): PDOStatement->execute() #1 {main} thrown in F:\xampp\htdocs\SocialMedia\first\index.php on line 101

And i think, im 100% sure that its my query...

Luc Stey
  • 105
  • 1
  • 10
  • No,only `if` blocks can have an else block, but you can use `if (is_array()) {` before the loop (or `empty()`, whichever is better for you), and that statement can have an `else` block. – Qirel Jan 31 '16 at 22:15
  • what are you actually trying to accomplish? 'else' does not really make sense in a foreach since foreach is not a conditional statement. – pvg Jan 31 '16 at 22:15
  • `}else{` need to be last of `if`. As well `}` is extra in your case – Abdulla Nilam Jan 31 '16 at 22:22
  • I changed in too a script someone told me down here, look at my edit – Luc Stey Jan 31 '16 at 22:25
  • Also, `$userCount` isn't an array - it's an integer. This means that you'll get "Invalid argument supplemented in foreach". – Qirel Jan 31 '16 at 22:25
  • Remove the quotes around the second sql parameter. – Charlotte Dunois Jan 31 '16 at 22:40
  • Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' password = '6173354d4e1fd812382752fcb2d0973e'' at line 1' in F:\xampp\htdocs\SocialMedia\first\index.php:101 Stack trace: #0 F:\xampp\htdocs\SocialMedia\first\index.php(101): PDOStatement->execute() #1 {main} thrown in F:\xampp\htdocs\SocialMedia\first\index.php on line 101 It keeps coming haha – Luc Stey Jan 31 '16 at 22:42
  • `SELECT id,username,password, FROM users WHERE username = :user_login AND password = :password_login_md5` – Progrock Jan 31 '16 at 23:11
  • So if my password was `#*(((&&^^"""""`, someone could login with my username and an empty password? That filter weakens password strength. – Progrock Jan 31 '16 at 23:19
  • Yeah well, i already tried without filter, it keeps coming up with new errors – Luc Stey Jan 31 '16 at 23:24
  • Why do you have `password = ":password_login_md5"` in your query? You're using a placeholder, and the quoting will be done for you when you bind the parameters – andrewsi Feb 01 '16 at 00:02

1 Answers1

1

You should do a check on the $userCount variable. There is no foreach else.

if ($userCount) {
    foreach($userCount as $row){
        ...
    }
 }else{
    ...
 }
rath3r
  • 323
  • 1
  • 6
  • 19
  • 1
    Because Luc is calling `exit()` in every execution path of the loop's body (at least in the original snippet), there's no need for the `if` statement. Simply removing the `else` and its brackets in this code would do the same thing. – Emile Pels Jan 31 '16 at 22:31
  • Allright i removed the else and everything, it is working but theres a new small problem which i stumbled on earlier, – Luc Stey Jan 31 '16 at 22:35
  • I think you should re-phrase the question and there are several other questions out there with what look like answers to this - http://stackoverflow.com/questions/20585535/sqlstatehy093-invalid-parameter-number-number-of-bound-variables-does-not-ma – rath3r Jan 31 '16 at 22:40