Unexpected T_ELSE

bravo14

Hi guys

I have the following error
Parse error: syntax error, unexpected T_ELSE in /home/sites/yardleyhc.co.uk/public_html/admin/add_user.php on line 26

<?php
include_once('includes/connector.php');
if ($_POST['submit_form'] == 1)  { 
$checkusersql=("SELECT * from `tbl_admin_users` where username='$username'");//check if username has been used
$checkuserresult=mysql_query($checkusersql);
	if(mysql_num_rows($checkuserresult) < 1) 
	{ 
   	  $checkemailsql("SELECT * from `tbl_admin_users` where email='$email'");//if username exists checkif email has been used
	  $checkemailresult=mysql_query($checkusersql);
	 	 if(mysql_num_rows($checkemailresult) < 1) 
     	  {
		  	$adduser=mysql_query("INSERT into `tbl_admin_users` (username,password,email) values($username,$md5(password),$email)");
			$message="User has been added";
			}
			else
			{
			$message="The email address used already exists, please use another one.";
		} 
else //line26
{ 
			$message="The user name used already exists, please use another one.";

  }
}
}
?>

Any help would be much appreciated

Mark

djjjozsi

This schematic example is your problem:
if(a<1)
{
this is when a is smaller then 1
}
else{
this is where a is bigger then 1
}
else {
this option couldn't happens, and a mistake
}

And $md5(password) is a mistake in your code. md5 is a function,
do not use a dollar sign before it.

see this line, variable name is not a function:

   	  $checkemailsql("SELECT * from `tbl_admin_users` where email='$email'");

Another questions: Where did you set the $username and $email ?

You should not use variables in a mysql query directly, lets use mysql_real_escape_string[/utl] to santize the user inputs.

Hello,
jjozsi.

bravo14

The variables are entered later in a form, but set in php earlier in the snippett I added in the post.

I am trying to put something in to check if a username exists and if the username doesn't exist check if an email address exists. A warning message is set at each point.

If neither of them exist the user details will be added to the database.

Have I gone about it the right way or is there an easier way?

bravo14

Just double checked, and realised I hadn't set variables, would this be the correct use of mysql_real_escape_string?

$email=mysql_real_escape_string($_POST[email]);
$username=mysql_real_escape_string($_POST[username]);
$password=mysql_real_escape_string($_POST[password]);

djjjozsi

Always test if the user filled the required fields,

function ise($var){
if(empty( $_POST[$var] ) )	
return "$var need to be filled! <br />";
}

$message="";
$message.=ise("username");
$message.=ise("password");
$message.=ise("email");

if(!empty($message))
die( $message );

In this case the user data goes for the other checks, but a security is important:

		$_POST = array_map( "mysql_real_escape_string", $_POST );
		$username = $_POST["username"];
		$email = $_POST["email"];
		$password=$_POST["email"];

Shematic example:

		if ( mysql_num_rows( $checkuserresult ) < 1 )
		{
			select if the email is in use:
				if ( mysql_num_rows( $checkemailresult ) < 1 )
				{
insert into the database
$message = "User added";
				} 
				else
				{
				The email has already used 
				} 
		} 
		else
		The user name used already exists, please use another one

bravo14

Hi,

I have changed the code to how I have interpreted it and it now looks like

<?php
include_once('includes/connector.php');
if ($_POST['submit_form'] == 1)  {
function ise($var){ 
if(empty( $_POST[$var] ) )     

return "$var need to be filled! <br />"; 
} 

$message=""; 
$message.=ise("username"); 
$message.=ise("password"); 
$message.=ise("email"); 

if(!empty($message)) 
die( $message );

    $_POST = array_map( "mysql_real_escape_string", $_POST ); 
    $username = $_POST["username"]; 
    $email = $_POST["email"]; 
    $password=$_POST["password"];

$checkusersql=("SELECT * from `tbl_admin_users` where username='$username'");//check if username has been used
$checkuserresult=mysql_query($checkusersql);
	if(mysql_num_rows($checkuserresult) < 1) 
	{ 
   	  $checkemailsql("SELECT * from `tbl_admin_users` where email='$email'");//if username does not exist check if email exists
	  $checkemailresult=mysql_query($checkusersql);
	  	 if(mysql_num_rows($checkemailresult) < 1) 
     	  {//if email and user don't exist add user to table
		  	$adduser=mysql_query("INSERT into `tbl_admin_users` (username,password,email) values($username,md5($password),$email)");
			$message="User has been added";
            			}
			else
			{
			$message="The email address used already exists, please use another one.";//Email ass
		} 
else //line 44
{ 
			$message="The user name used already exists, please use another one.";

  }
}
}
?>

I now have an error of Parse error: syntax error, unexpected T_ELSE in /home/sites/yardleyhc.co.uk/public_html/admin/add_user.php on line 44

Any ideas

Mark

djjjozsi

lets indent your code, and put the same statements into the same level.
In your original code, that is not a good idea to determine if the user has used with a "email" query.

In this code lets see the variable name!
(a variable should not placed as a function)
$checkemailsql( "SELECT * from tbl_admin_users where email='$email'" ); //if

Lets use functions to test if the user or email already in the table (i did not test it, but this version should a better way :

<?php
include_once( 'includes/connector.php' );

function ise( $var )
{
		if ( empty( $_POST["$var"] ) )
				return "$var need to be filled! <br />";
} 

function checkdata($var , $msg){
	$checkemailsql=sprintf( "SELECT * from `tbl_admin_users` where %s='%s'",$var , $_POST["$var"] );
				$chk= mysql_query( $checkusersql );
				if ( mysql_num_rows( $chk) > 0 ) // if value exists
				{	
				return "$msg is already exists";
				}
}


if ( $_POST['submit_form'] == 1 )
{
		$message = "";
		$message .= ise( "username" );
		$message .= ise( "password" );
		$message .= ise( "email" );

	$message.=checkdata("username","Username");
	$message.=checkdata("email","Email");

	if ( !empty( $message ) )
			die( $message );

	$_POST = array_map( "mysql_real_escape_string", $_POST );
	$username = $_POST["username"];
	$email = $_POST["email"];
	$password = $_POST["email"];

$reult= mysql_query( "INSERT into `tbl_admin_users` (username,password,email) values($username, md5( $password ) ,$email)" );
$message = "User has been added";

} 

?>

bravo14

Hi djjjozsi

Thanks for your help, i have updated the code and get now get the following

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/sites/yardleyhc.co.uk/public_html/admin/add_user.php on line 20

and the variable $message says User has been added although it hasn't, probably just missing something really simple, but I cannot see it.

<?php 
include_once( 'includes/connector.php' ); 

function ise( $var ) 
{ 
        if ( empty( $_POST["$var"] ) ) 
                return "$var need to be filled! <br />"; 
} 

function checkdata($var , $msg){ 
    $checkemailsql=sprintf( "SELECT * from `tbl_admin_users` where &#37;s='%s'",$var , $_POST["$var"] ); 
                $chk= mysql_query( $checkusersql ); 
                if ( mysql_num_rows( $chk) > 0 ) // Line 20
                {     

                return "$msg is already exists"; 
                } 
} 


if ( $_POST['submit_form'] == 1 ) 
{ 
        $message = ""; 
        $message .= ise( "username" ); 
        $message .= ise( "password" ); 
        $message .= ise( "email" ); 

    $message.=checkdata("username","Username"); 
    $message.=checkdata("email","Email"); 

    if ( !empty( $message ) ) 
            die( $message ); 

    $_POST = array_map( "mysql_real_escape_string", $_POST ); 
    $username = $_POST["username"]; 
    $email = $_POST["email"]; 
    $password = $_POST["email"]; 

$reult= mysql_query( "INSERT into `tbl_admin_users` (username,password,email) values($username, md5( $password ) ,$email)" ); 
$message = "User has been added"; 

} 

?>

Cheers

Mark

djjjozsi

Change the function into this. the variable names was different 🙂

function checkdata($var , $msg){
    $sql=sprintf( "SELECT * from `tbl_admin_users` where %s='%s'",$var , $_POST["$var"] );
                $chk= mysql_query( $sql);
                if ( mysql_num_rows( $chk) > 0 ) 
                {     

                return "$msg is already exists";
                }

bravo14

Thanks for all your help.

It now does all of the checks and produces messages as I wanted, however, is it possible to display the $message above the form, please see attached text file.

Cheers

Mark

djjjozsi

if i'm not mistaken this code displays the $message above your form.

Notice that: never close the if condition's line with a ;

<?php if (isset($message)) ; <-----
echo $message;
?>

bravo14

I have taken out the ;

If you go to URL http://79.170.40.226/yardleyhc.co.uk/admin/add_user.php, and try to fill out the form, but deliberately make a mistake e.g. leave a field blank, you will see that the error message replaces the page.

djjjozsi

this add_user placed in a secure area ,ergo i can't see 🙂

If you want another messages, lets change the functions, where the message variable returned:

You can add pagebrakes

bravo14

Can I email you as I don't want to give out my username etc, email me at mark at bravo14.co.uk