[RESOLVED] Please help... Parse error: syntax error, unexpected ';', expecting ':' or '{'
Results 1 to 5 of 5

Thread: [RESOLVED] Please help... Parse error: syntax error, unexpected ';', expecting ':' or '{'

  1. #1
    Junior Member
    Join Date
    Dec 2007
    Posts
    2

    resolved [RESOLVED] Please help... Parse error: syntax error, unexpected ';', expecting ':' or '{'

    Hello everyone!

    I am new to PHP and I am trying to build a login for a club website at our school. This is the error I am getting:

    Parse error: syntax error, unexpected ';', expecting ':' or '{' in /data/5/0/74/84/237410/user/241169/htdocs/nhs/nhs/login.php on line 11

    I know its probably a simple fix around line 11 but I cannot seem to identify it. Any help would be greatly appreciated!

    Note* my line numbers include comments so my line 11 is not the real line 11

    Thanks in advance,

    Chris

    PHP Code:
    <?php
    /* Program: Login.php
     * Desc:    Login program for the Members Only section of
     *          the NHS. It provides two options
     *          (1) login using an existing Login Name and 
     *          (2) enter a new login name. Login Names and 
     *          passwords are stored in a MySQL database. 
     */
     
    session_start();                                      # 9
                                                                      # 10
     
    switch (@$_POST['do']);                                #11
     
    {
       case 
    "login":                                       #13
         
    $cxn mysqli_connect("???????","????????","???????????","??????????"
                or die (
    "Couldn't connect to server.");    #15

         
    $sql "SELECT loginName FROM Member 
                 WHERE loginName='
    $_POST[fusername]'";     #18
         
    $result mysqli_query($cxn,$sql)
                   or die(
    "Couldn't execute query.");      #20
         
    $num mysqli_num_rows($result);                  #21
         
    if ($num 0)  // login name was found            #22
         
    {
            
    $sql "SELECT loginName FROM Member 
                    WHERE loginName='
    $_POST[fusername]'
                    AND password=md5('
    $_POST[fpassword]')";
            
    $result2 mysqli_query($cxn,$sql)
                       or die(
    "Couldn't execute query 2.");
            
    $num2 mysqli_num_rows($result2);
            if (
    $num2 0)  // password is correct         #30
            
    {
               
    $_SESSION['auth']="yes";                    #32
               
    $logname=$_POST['fusername']; 
               
    $_SESSION['logname'] = $logname;            #34
               
    $today date("Y-m-d h:i:s");               #35
               
    $sql "INSERT INTO Login (loginName,loginTime)
                       VALUES ('
    $logname','$today')";
               
    $result mysqli_query($cxn,$sql
                         or die(
    "Can't execute insert query.");
               
    header("Location: Member_page.php");        #40
            
    }
            else    
    // password is not correct             #42
            
    {
               
    $message="The Login Name, '$_POST[fusername]
                         exists, but you have not entered the 
                         correct password! Please try again.<br>"
    ;
               include(
    "login_form.inc");                  #47
            

         }                                                 
    #49
         
    elseif ($num == 0)  // login name not found       #50
         
    {   
            
    $message "The Login Name you entered does not 
                        exist! Please try again.<br>"
    ;
            include(
    "login_form.inc");
         }
       break;                                              
    #56

       
    case "new"
          
    /* Check for blanks */                           #59
         
    foreach($_POST as $field => $value)               #60
         
    {
            if (
    $field != "fax")                           #62
            
    {
               if (
    $value == "")                           #64
               
    {
                  
    $blanks[] = $field;
               }
            }
         }
         if(isset(
    $blanks))                                #70
         
    {
            
    $message_new "The following fields are blank.  
                    Please enter the required information:  "
    ;
            foreach(
    $blanks as $value)
            {
               
    $message_new .= "$value, ";
            }
            
    extract($_POST);
            include(
    "login_form.inc");
            exit();
         }

        
    /* Validate data */
         
    foreach($_POST as $field => $value)               #84
         
    {
            if(!empty(
    $value))                             #86
            
    {
               if(
    eregi("name",$field) and
                  !
    eregi("login",$field))
               {
                  if (!
    ereg("^[A-Za-z' -]{1,50}$",$value)) 
                  {
                     
    $errors[]="$value is not a valid name."
                  }
               }
             
    /*  if(eregi("street",$field) or 
              *  eregi("addr",$field) or eregi("city",$field))
              * {
               *   if(!ereg("^[A-Za-z0-9.,' -]{1,50}$",$value))
               *  {
               *     $errors[] = "$value is not a valid 
               *                   address or city.";
               **  }
               ** }
               ** if(eregi("state",$field))
               ** {
                **  if(!ereg("[A-Za-z]{2}",$value))
                **  {
                  **  $errors[]="$value is not a valid state.";
                **  }
              ** }
              */
               
    if(eregi("email",$field))
               {
                  if(!
    ereg("^.+@.+\\..+$",$value))
                  {
                     
    $errors[] = "$value is not a valid 
                                  email address."
    ;
                  }
               }
              
    /* if(eregi("zip",$field))
               {
                  if(!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",
                      $value))
                  {
                    $errors[]="$value is not a valid 
                                zipcode.";
                  }
               }
               */
               
    if(eregi("phone",$field
                  or 
    eregi("fax",$field))
               {
                  if(!
    ereg("^[0-9)(xX -]{7,20}$",$value))
                  {
                     
    $errors[] = "$value is not a valid  
                                  phone number. "
    ;
                  }
               }
            } 
    // end if empty                             #138
         
    // end foreach
         
    if(@is_array($errors))                           #140
         
    {
            
    $message_new "";
            foreach(
    $errors as $value)
            {
              
    $message_new .= $value." Please try 
                                       again<br />"
    ;
            }
            
    extract($_POST);
            include(
    "login_form.inc");
            exit();
         } 

          
    /* clean data */
         
    $cxn mysqli_connect($host,$user,$passwd,$dbname);

         foreach(
    $_POST as $field => $value)              #156
         
    {
            if(
    $field != "Button" and $field != "do")
            {
               if(
    $field == "password")
               {
                  
    $password strip_tags(trim($value));
               }
               else
               {
                  
    $fields[]=$field;
                  
    $value strip_tags(trim($value));
                  
    $values[] = 
                       
    mysqli_real_escape_string($cxn,$value);
                  $
    $field $value;                 
               }
            }
         }

          
    /* check whether user name already exists */
         
    $sql "SELECT loginName FROM Member 
                        WHERE loginName = '
    $loginName'";  #177
         
    $result mysqli_query($cxn,$sql)
                   or die(
    "Couldn't execute select query.");
         
    $num mysqli_num_rows($result);                 #180
         
    if ($num 0)                                    #181
         
    {
            
    $message_new "$loginName already used. 
                             Select another User Name."
    ;
            include(
    "login_form.inc");
            exit();
         }
        
    /* Add new member to database */
         
    else                                             #190
         
    {   
            
    $today date("Y-m-d");
            
    $fields_str implode(",",$fields);
            
    $values_str implode('","',$values);
            
    $fields_str .=",createDate";
            
    $values_str .='"'.",".'"'.$today;
            
    $fields_str .=",password";
            
    $values_str .= '"'.","."md5"."('".$password."')";
            
    $sql "INSERT INTO Member ";
            
    $sql .= "(".$fields_str.")";
            
    $sql .= " VALUES ";
            
    $sql .= "(".'"'.$values_str.")";
            
    $result mysqli_query($cxn,$sql
                    or die(
    "Couldn't execute insert query.");
            
    $_SESSION['auth']="yes";                      #205
            
    $_SESSION['logname'] = $loginName;            #206

            /* send email to new member */                #208
            
    $emess "A new Member Account has been setup for the Deep Run NHS Website. ";
            
    $emess.= "Your new Member ID and password are: ";
            
    $emess.= "\n\n\t$loginName\n\t$password\n\n";
            
    $emess.="You will need to login in order to sign up for service opportunities";
            
    $emess.= " and view your service points \n\n";
            
    $emess.= "If you have any questions or problems,";
            
    $emess.= " email example@example.com";
            
    $ehead="From: example@example.com\r\n";  #216
            
    $subj "Your new Member Account for National Honors Society";
            
    $mailsnd=mail("$email","$subj","$emess","$ehead");
            
    header("Location: New_member.php");           #219
          
    }
        break;                                            
    #221

        
    default:                                          #223
            
    include("login_form.inc");
      }
    ?>

  2. #2
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,886
    The error message pretty much spells it out for you. In line 11...
    PHP Code:
    switch (@$_POST['do']); 
    ...the parser does not expect the semi-colon at the end of that line. The switch syntax is just like an IF or a WHILE loop, where there is no semi-colon after the parenthesized conditional statement.
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because he’s a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  3. #3
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,395
    Couple of other things I noticed:

    1. It appears as though you're vulnerable to SQL injection attacks. User-supplied data should never be placed directly into a SQL query! Instead, sanitize it with a function such as mysql_real_escape_string().
    2. The ereg/eregi() functions have been virtually deprecated in favor of the faster, more fully-featured PCRE functions. I would recommend you switch from ereg() to preg_match() (with the 'i' modifier if you're switching from eregi()) and update your regexp patterns accordingly.

  4. #4
    Junior Member
    Join Date
    Dec 2007
    Posts
    2
    NogDog- Thank you for the fix and the information. I knew it was something pretty obvious I just could not find it.


    Brad- Thank you for the suggestions and I have taken note and made the appropriate changes. I have been following a simple guide to PHP so a lot of the code has come from tutorials etc. but in the real version I am actually going to use does not have the user-supplied data in the code. Also I am not to concerned about hacking as this is just a simple school club website with no personal information being stored just a way to confirm how many members we have, etc.


    Thanks again for the help!

    Chris

  5. #5
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,395
    Quote Originally Posted by ctweber98
    am not to concerned about hacking
    Well, simple things such as single quotes and line breaks could also pose problems. mysql_real_escape_string() doesn't just prevent SQL injections - it also prevents users from accidentally breaking your query.

    Anyway, don't forget to mark this thread resolved (if it is).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •