Parse error: syntax error, unexpected '$query' (T_VARIABLE) in c

Question

I am trying to upload information to a database. The page I created is a registration page where users can type in their email username and password. The below code is the database connection and upload code I have written. But I keep getting the above error. Can someone tell me what I am missing, please?

<?php 

 $db_host=
 $db_username=
 $db_pass=
 $db_name=
 
 $connectToServer =mysqli_query($host,$db_username,$db_pass) or die("server problem");
 $selectDb =mysqli_select_db($connectToServer,$db_name) or die("database not found");

if(isset($_POST['submit'])) {
 $username=$_POST['username'];
 $email=$_POST['eml'];
 $password =$_POST['password'];
 
 if(!empty($username)&&!empty($email)&&!empty($password)) {
  $username = striplashes($username);
  $email=striplashes($email);
  $password=striplashes($password);
  $username = mysql_real_escape_string($connectToServer,$username);

  $selectTable = "SELECT * FROM user_info WHERE username='$username'"
  $query = mysqli_query($connectToServer,$selectTable);
  $insert = "INSERT INTO user_info (username, email, password) VALUES ($username, $eml, $password)"
  $mquery = mysqli_query($connectToServer,,$insert);
  if ($mquery) {
  session_start();
  $_SESSION['login_user'] =$username ; 
  header("Location ; profile.php");
  }
  
 }
 else {
  echo <script>('please enter details')</script>;
  header("Location: register.html");
 }
}


?>

Another relevant post: [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/q/17498216/354577) — ChrisGPT was on strike, Aug 20 '18 at 00:17
And [Best way to defend against mysql injection and cross site scripting](https://stackoverflow.com/q/568995/354577) — ChrisGPT was on strike, Aug 20 '18 at 00:18
Please don't _ever_ store plaintext passwords! Passwords need to be properly hashed: use [`password_hash()`](https://secure.php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://secure.php.net/manual/en/function.password-verify.php) instead. — ChrisGPT was on strike, Aug 20 '18 at 00:20
That isn't the only wrong with your code. Once you've fixed *that* one, you'll see more and about your query. — Funk Forty Niner, Aug 20 '18 at 00:34
Oh and mixing mysql apis won't work. Edit: as @Chris mentioned. — Funk Forty Niner, Aug 20 '18 at 00:35
@Chris I added that one in the dupe list and another for the string literals not being quoted. — Funk Forty Niner, Aug 20 '18 at 00:37

score -1 · Answer 1 · answered Aug 19 '18 at 23:56

-1

You are missing a semi-colon on line 22:

$selectTable = "SELECT * FROM user_info WHERE username='$username'"; // <- here

Same for line 24.

You have an extra comma on line 25... And you are missing double-quotes on line 34...

answered Aug 19 '18 at 23:56

Guillaume Boudreau

2,676
29
27

1

...then we have the proverbial *sql injection* bit. *blah blah blah* You know the drill ;-) – Funk Forty Niner Aug 20 '18 at 00:34
you missed something btw. Look at their code again and very carefully ;-) – Funk Forty Niner Aug 20 '18 at 00:36

Parse error: syntax error, unexpected '$query' (T_VARIABLE) in c

1 Answers1