Threaded Mode | Linear Mode

Cameron · 07-07-2010, 08:56 AM,

Hey guys, looking for a little help with a PHP script of mine.

Here's the code: http://niftyhost.pastebin.com/mDHdrqxg

When I visit the URL I get this error:

Parse error: syntax error, unexpected $end in /home/cameron/public_html/beta/register.php on line 97

The page handles both the registration and the HTML doc. Can't seem to figure out why this is happening, I tried a bunch of different things but nothing worked.

**Zach** · 07-07-2010, 09:38 AM,

You put {} at the end not }}.

Cameron · (This post was last modified: 07-07-2010, 09:55 AM by Cameron.)

I tried that too, nothing works

Still that 'Unexpected $end' .

Okay, I was able to clear the errors. But now the page only displays the header and not the table I had to organize the inputs. D:

**RichardGv** · (This post was last modified: 07-07-2010, 08:12 PM by RichardGv.)

The reason that the form don't appear is so... Minor.
Line 78:

Code:
<input type='password' name='password' value='>

Pay attention that you forgot a single-quote after "value". I think that's the reason why it did not work on my Firefox.

Also, tidy format and clean indentations are important programming habits because they can save much time when debugging parsing errors, and accelerate the process of reading codes.

strip_tags does nothing to SQL injection, so you need to be a bit careful and make sure magic_quotes_gpc are enabled. Or you are probably going to have great fun:
[Image: exploits_of_a_mom.png]

(A comic about SQL Injection, from xkcd.com)

Your script lacks proper isset() / empty() tests to input variable, and that's going to cause a huge amount of annoying PHP warnings (Notice: Undefined index: XXX).

Give me a minute. I'm writing a refined version. I will update this post soon.

A refined version I wrote:
(Attention: I don't know that much about PHP and I cannot guarantee anything about this version.)

PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

<head>
    <title>Registration</title>
    
    <meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
    <meta name="robots" content="noindex, nofollow" />
</head>

<body>
<?php
define('FULLNAME_MAX', 25);
define('FULLNAME_MIN', 3);
define('USERNAME_MAX', 25);
define('USERNAME_MIN', 3);
define('PASSWORD_MAX', 25);
define('PASSWORD_MIN', 6);

if(empty($_POST['submit'])
        || empty($_POST['fullname'])
        || empty($_POST['username'])
        || empty($_POST['password'])
        || empty($_POST['repeatpwd'])
        || !($fullname = trim($_POST['fullname']))
        || !($username = trim($_POST['username']))
        || !($password = trim($_POST['password']))
        || !($repeatpwd = trim($_POST['repeatpwd']))
        || $password != $repeatpwd
        || strlen($fullname) >= FULLNAME_MAX
        || strlen($fullname) <= FULLNAME_MIN
        || strlen($username) >= USERNAME_MAX
        || strlen($username) <= USERNAME_MIN
        || strlen($password) >= PASSWORD_MAX
        || strlen($password) <= PASSWORD_MIN
        ) {
?>
    <h2>Registration</h2>
    <form action='register.php' method='POST'>
        <table>
            <tr>
                <td>Full Name:</td>
                <td>
                    <input type='text' name='fullname' value='' />
                </td>
            </tr>
            <tr>
                <td>Username:</td>
                <td>
                    <input type='text' name='username' value='' />
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type='password' name='password' value='' />
                </td>
            </tr>
            <tr>
                <td>Repeat Password:</td>
                <td>
                    <input type='password' name='repeatpwd' />
                </td>
            </tr>
        </table>
        <p><input type='submit' name='submit' value='Register' /></p>
    </form>
<?php
}
else {
    if(!get_magic_quotes_gpc()) {
        $username = addslashes(strip_tags($username));
        $fullname = addslashes(strip_tags($fullname));
    }
    $date = date ("Y-m-d");
    $password = md5($password);
    
    $connect = mysqli_connect ("localhost","cameron_cameron","MYPASSHERE", 'cameron_user');
    if(mysqli_connect_errno()) {
        // Connection error handling
    }
    $result = mysqli_query ($db,
    "INSERT INTO users VALUES ('','$fullname','$username','$password','$date')"
    );
    echo "<p>Congrats! You've been registered! You may now <a href='index.php'>login</a></p>";
}

?>
</body>

</html> 

Cameron · 07-07-2010, 01:46 PM,

I use MySQL not MySQLi. Dunno if there the same thing or not O.o

**RichardGv** · (This post was last modified: 07-07-2010, 02:06 PM by RichardGv.)

(07-07-2010, 01:46 PM)Cameron Wrote: I use MySQL not MySQLi. Dunno if there the same thing or not O.o

Duh, please ask Wikipedia if you don't know.
https://secure.wikimedia.org/wikipedia/en/wiki/MySQLi
MySQLi is an improved version of MySQL PHP interface. It allows users to access the newly introduced functionalities since MySQL 4.1. It should work on most servers. I'm not sure about the differences, but they should be mostly the same. MySQLi is currently recommended by PHP developers, and the old MySQL PHP extension will no longer be supported in the future.
http://www.php.net/manual/en/book.mysqli.php
http://forge.mysql.com/wiki/Converting_to_MySQLi

Cameron · 07-07-2010, 03:47 PM,

Anyway your code was bust, got some syntax errors. I moved on to a different script I recieved from a friend. Thanks for the help though!

**RichardGv** · (This post was last modified: 07-07-2010, 11:35 PM by RichardGv.)

(07-07-2010, 03:47 PM)Cameron Wrote: Anyway your code was bust, got some syntax errors. I moved on to a different script I recieved from a friend. Thanks for the help though!

Sorry, somehow I added an extra "(". The error has been corrected.

PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

<head>
    <title>Registration</title>
    
    <meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
    <meta name="robots" content="noindex, nofollow" />
</head>

<body>
<?php
define('FULLNAME_MAX', 25);
define('FULLNAME_MIN', 3);
define('USERNAME_MAX', 25);
define('USERNAME_MIN', 3);
define('PASSWORD_MAX', 25);
define('PASSWORD_MIN', 6);

if(empty($_POST['submit'])
        || empty($_POST['fullname'])
        || empty($_POST['username'])
        || empty($_POST['password'])
        || empty($_POST['repeatpwd'])
        || !($fullname = trim($_POST['fullname']))
        || !($username = trim($_POST['username']))
        || !($password = trim($_POST['password']))
        || !($repeatpwd = trim($_POST['repeatpwd']))
        || $password != $repeatpwd
        || strlen($fullname) >= FULLNAME_MAX
        || strlen($fullname) <= FULLNAME_MIN
        || strlen($username) >= USERNAME_MAX
        || strlen($username) <= USERNAME_MIN
        || strlen($password) >= PASSWORD_MAX
        || strlen($password) <= PASSWORD_MIN
        ) {
?>
    <h2>Registration</h2>
    <form action='register.php' method='POST'>
        <table>
            <tr>
                <td>Full Name:</td>
                <td>
                    <input type='text' name='fullname' value='' />
                </td>
            </tr>
            <tr>
                <td>Username:</td>
                <td>
                    <input type='text' name='username' value='' />
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type='password' name='password' value='' />
                </td>
            </tr>
            <tr>
                <td>Repeat Password:</td>
                <td>
                    <input type='password' name='repeatpwd' />
                </td>
            </tr>
        </table>
        <p><input type='submit' name='submit' value='Register' /></p>
    </form>
<?php
}
else {
    if(!get_magic_quotes_gpc()) {
        $username = addslashes(strip_tags($username));
        $fullname = addslashes(strip_tags($fullname));
    }
    $date = date ("Y-m-d");
    $password = md5($password);
    
    $connect = mysqli_connect ("localhost","cameron_cameron","MYPASSHERE", 'cameron_user');
    if(mysqli_connect_errno()) {
        // Connection error handling
    }
    $result = mysqli_query ($db,
    "INSERT INTO users VALUES ('','$fullname','$username','$password','$date')"
    );
    echo "<p>Congrats! You've been registered! You may now <a href='index.php'>login</a></p>";
}

?>
</body>

</html> 

It's absolutely a problem that you can fix easily, though, that every person knowing a bit about PHP can fix easily.

**Matt** · 07-07-2010, 11:00 PM,

Richard, I love your little PHP comic there ;)

Cameron · 07-10-2010, 02:11 PM,

Sorry I am like a week into PHP and was just looking for a little support.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[SOLV'D] PHP Login/Register Tutorial	Soldier	9	2,704	12-04-2010, 02:31 AM Last Post: Vanilla