php 7 session not working

Question

I am working with PHP version 7.0.4..I wrote the code to store users' sessions.but it shows the below error:

Parse error: syntax error, unexpected 'if' (T_IF) in C:\xampp\htdocs\PCzone\login.php on line 136

The code is:

<?php
    $user_name = $_SESSION['user_name'] = $_POST['user_name'];
    $user_pass = $_POST['user_pass']
if(isset($_POST['login'])){
    $query = "SELECT * FROM `login` WHERE user_name='$user_name' AND user_pass='$user_pass'";
    $run = mysqli_query($con,$query);

    if(mysqli_num_rows($run)>0){
    header("location:view_posts.php");
    }
    else{
        echo "<center><div style='margin-top:8px; width:350px; height:60px; line-height:60px; border:3px solid red; background:rgb(255,145,138); font-family:calibri;'>Login failed, user name or password is incorrect</div></center>";
        exit();
    }
}
?>

**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, May 17 '16 at 17:47
[Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, May 17 '16 at 17:48

score 1 · Answer 1 · answered May 17 '16 at 17:30

1

You didn't end your line after you set user pass:

$user_pass = $_POST['user_pass'];
if(isset($_POST['login'])){

answered May 17 '16 at 17:30

Trey

5,480
4
23
30

php 7 session not working

1 Answers1