PDA

View Full Version : simple php error



ravi951
08-12-2011, 10:08 AM
hi all,
i am getting error on the following php program.it is displaying the error as "Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\newlogin.php on line 12"
not getting what is the problem with it..
below is my login.php code...


<?php
if(isset($_POST['sub']))
{
mysql_connect("localhost","root","");
mysql_select_db("test");
$uname=$_POST['txtuname'];
$pwd=$_POST['txtpwd'];
$sqlstt="select * from users where uid='$uname' and pwd='$pwd';
$data=mysql_query($sqlstt);
if(mysql_num_rows($data)==1)
{
header("Location:welcome.php?un=$uname");
}
else
{
echo "invalid";
}
}
?>
<form method="post" action="">
username:<input type='text' name='txtuser'>
<br>
password:<input type='text' name='txtpwd'>
<br>
<input type='submit' name='sub' value='login'>
</form>

also is the welcome.php


<?php
$user=$_REQUEST['un'];
echo "welcome to ".$user;
?>

bluewalrus
08-12-2011, 02:31 PM
You never end this string


$sqlstt="select * from users where uid='$uname' and pwd='$pwd';

should be


$sqlstt="select * from users where uid='$uname' and pwd='$pwd'";

bluewalrus
08-12-2011, 06:15 PM
You also should escape your strings because that code is open to a sql injection.

http://php.net/manual/en/function.mysql-real-escape-string.php
http://www.php.net/manual/en/security.database.sql-injection.php