0

I'm using 000webhost to run my code and phpmyadmin for my database. I'm trying to make it so when I seach a name it will give me the name and password under that name in the database.

This is the error:

Parse error: syntax error, unexpected '>' in /storage/h11/920/1783920/public_html/search.php on line 51

This is my html: 

<!DOCTYPE html>
<html>
<head>
    <title>Search</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
    <form action="search.php" method="GET">
        <input type="text" name="query" />
        <input type="submit" value="Search" />
    </form>
</body>
</html>

and this is my php: 

<?php
    mysql_connect("localhost", "id1783920_123456", "") or die("Error connecting to database: ".mysql_error());
/* The Third "" is the password spot and I don't want to put it. It's not the problem*/ 
     // LINE 10
    mysql_select_db("id1783920_mydb") or die(mysql_error());

?>

<!DOCTYPE html>
<html>
<head>
    <title>Search results</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  

</head>
<body>
<?php
    $query = $_GET['query']; 


    $min_length = 1;

     // LINE 30
    if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then

        $query = htmlspecialchars($query); 


        $query = mysql_real_escape_string($query);
        // makes sure nobody uses SQL injection

        $raw_results = mysql_query("SELECT * FROM Signup
            WHERE (`username`='$query') OR (`password`='$query') or die(mysql_error()); 



 // LINE 45

        if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following

            while($results = mysql_fetch_array($raw_results)){


                echo "<p><h3>".$results['username']."</h3>".$results['password']."</p>";

            }

        }
        else{ // if there is no matching rows do following
            echo "No results";
        }

    }
    else{ // if query length is less than minimum
        echo "Minimum length is ".$min_length;
    }
?>
</body>
</html>

Any help would be greatly appreceated. Thanks

(Another error showed up: Fatal error: Uncaught Error: Call to undefined function mysql_query() in /storage/h11/920/1783920/public_html/search.php:37 Stack trace: #0 {main} thrown in /storage/h11/920/1783920/public_html/search.php on line 37

Matthew Smith
  • 45
  • 3
  • 10
  • What is the error? – mighTY May 29 '17 at 19:57
  • You're missing a closing quote in your query string that you're sending to `mysql_query()`. – RToyo May 29 '17 at 19:57
  • Please write down the error – lloiacono May 29 '17 at 19:58
  • I wrote the error @mighTY – Matthew Smith May 29 '17 at 19:58
  • I wrote the error @lloiacono – Matthew Smith May 29 '17 at 20:02
  • I got another error: Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /storage/h11/920/1783920/public_html/search.php:34 Stack trace: #0 {main} thrown in /storage/h11/920/1783920/public_html/search.php on line 34 – Matthew Smith May 29 '17 at 20:04
  • If you're using PHP version 7 or higher, these mysql_* functions have been removed from PHP altogether. They've been deprecated for years before that. You should be using PDO or mysqli for your queries. You should also be relying on prepared statements, rather than only relying on sanitizing your input strings to protect against injections. – RToyo May 29 '17 at 20:08

2 Answers2

1

You should replace

        $raw_results = mysql_query("SELECT * FROM Signup
        WHERE (`username`='$query') OR (`password`='$query') or die(mysql_error());

with

        $raw_results = mysql_query("SELECT * FROM Signup
        WHERE (`username`='$query') OR (`password`='$query')") or die(mysql_error());

As you are using PHP7, you should get rid of the mysql_ functions. They are deprecated since v 5.5 and removed in PHP7. Use mysqli instead.

mighTY
  • 188
  • 8
  • Thanks, that solved one problem but now I got this error: Fatal error: Uncaught Error: Call to undefined function mysql_query() in /storage/h11/920/1783920/public_html/search.php:37 Stack trace: #0 {main} thrown in /storage/h11/920/1783920/public_html/search.php on line 37 – Matthew Smith May 29 '17 at 20:08
  • Are you using PHP7? – mighTY May 29 '17 at 20:09
  • I'm pretty sure...it's with 000webhost and I think that's what they use. – Matthew Smith May 29 '17 at 20:11
  • Then you shouldn't be using mysql_ functions, they are deprecated in PHP7. Use mysqli_ instead. – mighTY May 29 '17 at 20:12
  • @mighTY slight correction: They've been deprecated since 5.5, and _removed_ completely in 7. – RToyo May 29 '17 at 20:13
  • Ok thanks, is there a way to do what I want to do here without a mysql_ function? – Matthew Smith May 29 '17 at 20:13
  • @RobbieToyota That's correct, adding it to the answer. – mighTY May 29 '17 at 20:13
  • There are a lot of options, you could use mysqli, You can use PDO as well. – mighTY May 29 '17 at 20:16
  • And of course since this is coding, that solved one problem but lead to this...Fatal error: Uncaught Error: Non-static method mysqli::query() cannot be called statically in /storage/h11/920/1783920/public_html/search.php:37 Stack trace: #0 {main} thrown in /storage/h11/920/1783920/public_html/search.php on line 37 – Matthew Smith May 29 '17 at 20:17
  • You should see the examples in the link I've given you. You should first make an instance of the mysqli class, then use query in a non static context($obj = new mysqli(),$obj->query()). How are you expecting mysqli to know which connection to bind the query to? – mighTY May 29 '17 at 20:21
  • ...well...I...I haven't gotten that far yet...P.S I just started php 3 weeks ago...and mysql 5 days ago...This is probably much to hard for my level of coding but I REALLY want to make a signup/login interphase, I got the signup I'm just trying to get the login. – Matthew Smith May 29 '17 at 20:23
  • @MatthewSmis mysqli will bring you into the object oriented world of PHP. But don't let that intimidate you! If you're not familiar with object oriented programming concepts, it might help to think of mysqli as a seperate program, which you call on to do your database functions. You instantiate a mysqli object ("start the program"), and then tell it to do or remember different things. [continued] – RToyo May 29 '17 at 21:34
  • If you look at Example #1 of PHP documentation that @mighTY provided, the first line instantiates mysqli into a variable called `$mysqli`, with the database credentials. This is like mysql_connect. It then continues on to references $mysqli followed by `->`, and then a "variable" or function name. For example, the next line calls `$mysqli->connect_errno`, which is like telling mysqli to return `$connect_errno`. [continued] – RToyo May 29 '17 at 21:35
  • Further down it executes `$mysqli->query("...")`, which is the same as a mysql_query(). Except that instead of just calling mysql_query(), you're telling your instance of mysqli (as referenced by `$mysqli`) to execute the query. It's really as simple as replacing mysql_connect() and mysql_query() with an instantiation of mysqli, and calling the query() method from mysqli. – RToyo May 29 '17 at 21:35
  • I would suggest that you look up some tutorials on it. The mysql_* functions are dead. And in pre-PHP7 versions, they are insecure and should not be used. It's also a simple introduction to PHP's object oriented programming. You can continue on to learn about prepared statements as well, which are also important. Prepared statements basically allow you to pass variables to your DB server without having to insert the raw values into your query string (where injections and such can wreak havoc) – RToyo May 29 '17 at 21:35
0

The querystring must be in quotes and there is no end quote. Change it like this:

$raw_results = mysql_query("SELECT * FROM Signup
    WHERE (`username`='$query') OR (`password`='$query')") or die(mysql_error();
Bernd Buffen
  • 14,525
  • 2
  • 24
  • 39