0

I am making a small server with my friend, where you can log in and we want just us to see one tab.

When I tried my code on phptester.net it said:

FATAL ERROR syntax error, unexpected 'is' (T_STRING) on line number 9

I have no clue, how to solve it.

Here is my code:

<?php
    $msg = '';

    $con = new mysqli('server', 'username', 'pwd', 'db');

    $name = $_POST['name'];
    $name = $con->real_escape_string($name);
    $cmd = ' SELECT ID FROM user WHERE user = '$name'';
    $result = $con->query($cmd);

    $rowNumber = $result->num_rows;
    if($rowNumber != 0) {

        $msg = 'some text';

    }

        if($msgn != '') {

            echo '<a id=someid href="somelink">some text</a>';;

        }

    ?>

The only error I got was the one I showed you before.

fen1x
  • 5,616
  • 6
  • 28
  • 39
Kilian
  • 1
  • 1
  • When echoing strings, you need to but the string in quotes. This is PHP 101. – M. Eriksson May 19 '19 at 10:17
  • Can you show us where line 9 in that file is? – M. Eriksson May 19 '19 at 10:21
  • It is at $result = ... – Kilian May 19 '19 at 10:22
  • @Kilian change the query to `"SELECT ID FROM user WHERE user = '$name'";` – Danyal Sandeelo May 19 '19 at 10:24
  • But that line (or any of the posted code) doesn't contain any `is`, which the error message mentions. – M. Eriksson May 19 '19 at 10:25
  • I know, but it was added by PHPTESTER.net – Kilian May 19 '19 at 10:26
  • Can you please copy/paste your actual code? Because in the posted code, line 9 is: `$name = $con->real_escape_string($name);` while you're saying that it's another line. – M. Eriksson May 19 '19 at 10:27
  • `' SELECT ID FROM user WHERE user = '$name'';`. There's your issue. Look at your quotes. You should really use parameterized [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of manually escaping the data and building your queries like that. It would also solve the current quoting issues. – M. Eriksson May 19 '19 at 10:29
  • But what does this mean: FATAL ERROR syntax error, unexpected '$name' (T_VARIABLE) on line number ? – Kilian May 19 '19 at 10:29
  • ` $cmd = ' SELECT ID FROM user WHERE user = '$name''; ` this is not correct...change this to `$cmd = " SELECT ID FROM user WHERE user = '$name'";` – Danyal Sandeelo May 19 '19 at 10:30
  • Now it says: FATAL ERROR syntax error, unexpected 'is' (T_STRING) on line number 9 again – Kilian May 19 '19 at 10:31
  • I would **strongly** recommend that you read the manual about strings, concatenation and variable interpolation: https://www.php.net/manual/en/language.types.string.php That's PHP 101. – M. Eriksson May 19 '19 at 10:34

1 Answers1

0

You have not echoed the message properly. Change

echo <a id=someid href="somelink">some text</a>;

to 

 echo '<a id=someid href="somelink">some text</a>';
Danyal Sandeelo
  • 12,196
  • 10
  • 47
  • 78