Parse error, help appreciated

PLaT

This is a simple script that members can login etc. The db is working fine, but when a user tries to login the script included in the login.php file has the following code in which gives me an error:

my script in login.php statement:

$sql = "SELECT ID FROM " . $Table . " WHERE Name='" . addslashes($POST['Name']) . "' AND Password='" . md5($POST['Password']) . "' LIMIT 1";
if(!($result = mysql_query($sql))) die(mysql_error());

the erroe is the following:

Parse error: parse error in /home/xxxx/login.php on line 25

Also, I have a question:

Q1. SELECT ID FROM "Do i specify the table here?"
Q2. Do i have to assign the variables to the following:

WHERE Name='" .
Password='" .

I would appreciate the help to a NEWBIE!!!!!!!..lol

cyas on the rebound.

PLAT

cgraz

Try this:

$Name = addslashes($_POST['Name']);
$Password = md5($_POST['Password']);

$sql = "SELECT ID FROM $Table WHERE Name='$Name' AND Password='$Password' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());

. SELECT ID FROM "Do i specify the table here?"

Yes. http://www.mysql.com/doc/en/SELECT.html

Q2. Do i have to assign the variables to the following:

WHERE Name='" .
Password='" .

You have to have some kind of value, not variables.

SELECT * FROM your_table WHERE Name='Bob' and Password='test123'

is perfectly valid.

So is

SELECT * FROM your_table WHERE Name='$Name' and Password='$Password'

If you don't want to specify any values
SELECT * FROM your_table

(* means everything)

Have a look around www.mysql.com

Hope this helps.

Cgraz

PLaT

thanks for your prompt reply, the info given works...however, im getting a slight error:

error is:

Warning: Cannot add header information - headers already sent by (output started at /home/xxx/public_html/xxx/common.php:13) in /home/xxxx-/public_html/xxxx/login.php on line 23

this is the header:

echo "Continue to the <a href=members.php>Members</a> page.";

} else {
echo "Login failure";
}

i cant understand the error.

thanks again

cgraz

http://www.php.net/manual/en/function.header.php

Check out that link. Are you using the header() function? You can't use header if information has already either been sent out to the visitor, or if you have any spaces


// will work

<?

header("Location: yoururl.php");

?>

the one below will not work

<? [imaginary space]

header("Location: yoururl.php");

?>

Post your code and maybe I can help better.

Cgraz

PLaT

hey there (again)..🙂

<?php

include("common.php");

if(!($link_id = mysql_connect($Host, $User, $Pass))) die(mysql_erorr());
mysql_select_db($D😎;

$Name = addslashes($POST['Name']);
$Password = md5($POST['Password']);

//SELECT * FROM your_table WHERE Name='$Name' and Password='$Password'

$sql = "SELECT ID FROM user $Table WHERE Name='$Name' AND Password='$Password' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());

//This is were we check the result.

if(mysql_num_rows($result) == 1) {
/Here we set a cookie that tells if the user has logged in and set it to last for a day. The cookie is used on the members page to check
If they cookie is there they can see the page, if not they can't./

setcookie("LoggedIn", "TRUE", time()+(3600 * 24));


/*You could also do the header() here just like I explained before.*/

echo "Continue to the <a href=members.php>Members</a> page.";

} else {
echo "Login failure";
}

cgraz

what's in common.php? Here are a few things I noticed

You could change your db connection to :
mysql_connect($Host, $user, $Pass) or die(mysql_error());
mysql_select_db($D😎;

then

$sql = "SELECT ID FROM user $Table WHERE Name='$Name' AND Password='$Password' LIMIT 1";

is your table called user, or is your table name held in $table? should be either one or the other

You have a comment in your code regarding using the header() function, but I don't see it used anywhere? What's in common.php?

Cgraz

PLaT

Cgraz,

thanks for the help, I managed to get it going.....

I realy appreciate the feedback, cheers!