A Few Technical Difficulties

Minecraft_iPod

Hi again,

I've fixed some of the big problems with my work, but I would like to ask how to solve a few problems. (:bemused: but also 😃)

First, when I submit a "Change Password" form, I get this error:

"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /*/**/_*/changed.php on line 16"

Here's the code for the form:

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	<head>

<body>
	<center>
		<h1> Lego Comic </h1>
		<h2> To change your password, fill in the form below. </h2>

		<form action="changed.php" method="post" />
		<p> Username: </p> <input name="username" />
		<p> New Password: </p> <input type="password" name="newpassword" />
		<p> <input type="submit" value="Change My Password" /> </p>
		</form>
	</center>
</body>
<html>

Here's the code for the handling page:

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	</head>

<body>
	<center>
		<h1> Your password has been changed! </h1>
		<h2> If you are not immediately redirected to the main site, click <a href="mainsite.php" title="Main Site"> HERE. </a> </h2>

	<?php
	include "dbconfig.php";

	$strSQL = "Update Members set ";
	$strSQL = $strSQL . "password = '(.$_POST['newpassword'].)'";

	$strSQL = $strSQL . "Where username = ( . $_POST['username'] . )";

	mysql_query($strSQL);

	mysql_close();

	Header("Location: mainsite.php");
	?>

	</center>
</body>
</html>

Second, when I submit a "Delete Account" form, I get this error:

"Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /*/**/_*/deleted.php on line 15"

Here's the code for the form:

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	</head>

<body>
	<center>
		<h1> Lego Comic </h1>
		<h2> To delete your account, enter your username and password below. </h2>

		<form action="deleted.php" method="post" />
		<p> Username: </p> <input name="username" />
		<p> Password: </p> <input type="password" name="password" />
		<p> <input type="submit" value="Delte My Account" /> </p>
		</form>

		<h2> WARNING: Be sure you want to do this! If you have second thoughts, click <a href="mainsite.php" title="Don't Delete"> HERE </a> </h2>
	</center>
</body>
</html>

Here's the code for the handing page:

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	</head>

<body>
	<center>
		<h1> Your account has been deleted... :( </h1>
		<h2> If you are not immediately redirected to the home page, click <a href="index.php" title="Home Page"> HERE. </a> </h2>

	<?php
	include "dbconfig.php";
	//The part below deletes the record
	$strSQL = "DELETE FROM Members WHERE username = '( . $_POST["username"] . )' AND password = '( . $_POST["password"] . )'";
	mysql_query($strSQL);

	mysql_close();

	Header("Location: index.php");
	?>

	</center>
</body>
</html>

I will address other issues as they come along.

Thank you all for your help in the past! 😃

NogDog

You are trying to combine "complex" variable notation within a string and string concatenation, it appears. Use one or the other:

$text = "foo {$var['key']} bar";
// or
$text = "foo " . $var['key'] . " bar";

Minecraft_iPod

So, like this?

<?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: index.php");
}

?>

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	</head>

<body>
	<center>
		<h1> Your password has been changed! </h1>
		<h2> If you are not immediately redirected to the main site, click <a href="mainsite.php" title="Main Site"> HERE. </a> </h2>

	<?php
	include "dbconfig.php";

	$strSQL = "Update Members set ";
	$strSQL = $strSQL . "password = " . $_POST['newpassword'] . "";

	$strSQL = $strSQL . "Where username =" . $_POST['username'] . "";

	mysql_query($strSQL);

	mysql_close();

	Header("Location: mainsite.php");
	?>

	</center>
</body>
</html>

bradgrafelman

Few things wrong with this:

        $strSQL = "Update Members set ";
        $strSQL = $strSQL . "password = " . $_POST['newpassword'] . "";

    $strSQL = $strSQL . "Where username =" . $_POST['username'] . "";

    mysql_query($strSQL);

    mysql_close();

    Header("Location: mainsite.php");

User-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize it such as with a function like [man]mysql_real_escape_string/man (for string data) or by using prepared queries.
String values in SQL queries must be delimited with single quotes.
You've got no space between the end of the value for the password column and the 'Where' keyword in your query.
You never check the return value of [man]mysql_query/man to see if the SQL query was successful or not (and, if it wasn't, output/log the error message returned by MySQL and perhaps the SQL query string itself to aid in debugging).
You can't call [man]header/man after sending output (unless output_buffering is enabled by default... which, IMHO, it should not be).

Minecraft_iPod

I changed my "Change Password" page to match the format of my "Register" page, that I made using another tutorial. Now I'm getting and "unexpected T_IF on line 79". Here's the new code:

<?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: index.php");
}

?>

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
		<style type="text/css">
#Menu ul
{
list-style-type:none;
margin-left: 100px;
margin-right: 100px;
padding:0;
overflow:hidden;
}
#Menu li
{
float:left;
}
#Menu a:link, #Menu a:visited
{
display:block;
width:204px;
font-weight:bold;
color:#FFFFFF;
background-color:#06799f;
text-align:center;
padding:4px;
text-decoration:none;
text-transform:uppercase;
border-width: medium
border-style: ridge
border-color: red
}
#Menu a:hover,a:active
{
background-color: red;
}

</style>
	</head>

<body>
	<center>

	<?php
	include "dbconfig.php";
	?>

		<div id="Menu">
		<ul>
		<li><a href="mainsite.php" title="Home">Home</a></li>
		<li><a href="currentcomic.php" title="Current Comic">Current Comic</a></li>
		<li><a href="othercomics.php" title="Other Comics">Other Comics</a></li>
		<li><a href="games.php" title="Games">Games</a></li>
		<li><a href="members.php" title="Members">Members</a></li>
		</ul>
		</div>

<?php

//Set up Username query
$u = "SELECT * FROM `Members` "
."WHERE `username`='".$_POST["username"]."' "
."LIMIT 1";
//Execute Username query
$f = mysql_query($u)

//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
	{
	$bInputFlag = false;
	foreach ( $_POST as $field )
 		{
 		if ($field == "")
 			{
			$bInputFlag = false;
  			 }
 		else
  			{
			$bInputFlag = true;
   			}
 		}
	// If we had problems with the input, exit with error
 	if ($bInputFlag == false)
 		{
 		die("Uh Oh. Problemo. There was a problem with your new password. Please go back and try again.");
 		}

else
	{
	//If Username is correct
	if (".$_POST['password']." == $u)
		{
		//Set up Password query
		$q = "Update `Members` set"
		."VALUES ('".$_POST["password"]."')";
		//Execute Password query
		$r = mysql_query($q);
		}
	//If Username is incorrect
	else
		{
		die("Uh Oh. Problemo. You entered your Username incorrectly. Please go back and try again.")
		}
	} 
	// Make sure query inserted user successfully
	if ( !mysql_insert_id() )
		{
		die("Uh Oh. Problemo. Please send the details of the problem to the programmer using the Comments page. Thanks! Please go back and try again.");
		}
	else
		{
		// Redirect to thank you page.
		Header("Location: register.php?op=thanks");
		}
	} // end else

//The thank you page
elseif ( $_GET["op"] == "reg" )
	{
 	echo "<h2> Thanks for registering! Click <a href='index.php' title='Login'> HERE </a> to go back to the home page! </h2>";
 	}

//The web form for input ability
else
	{
	echo "<form action=\"?op=pass\" method=\"POST\">\n";
	echo "<p> Username: </p>";
	echo "<p> <input name=\"username\" MAXLENGTH=\"16\"><br />\n </p>";
	echo "<p> New Password: </p>";
	echo "<p> <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n </p>";
	echo "<p> <input type=\"submit\">\n </p>";
	echo "</form>\n";
	}

?>

	<?php
	echo "<p> This page was last edited: " . date("r", filemtime("changepassword.php"));
	//This shows when the page was last edited
	?>

	</center>
</body>
 </html>

Can you see why this "If" is unexpected? Thanks. 🙂

bradgrafelman

The preceding statement is missing a terminating semicolon at the end.

Minecraft_iPod

Now I'm getting:

"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /*/**/_*/changed.php on line 102"

???

Derokorian

Problem is this line:

        if (".$_POST['password']." == $u)

Are you attempting to put periods around the password on purpose? If not then remove the periods and the double quotes. Otherwise remove the single qoutes around the key. See http://us3.php.net/manual/en/language.types.array.php#language.types.array.donts for more information.

Minecraft_iPod

Still nothing... 🙁

Minecraft_iPod

Wait, sorry wasn't thinking. Trying to respond to my other forum. :embarrassed:

Minecraft_iPod

Now it has this error:

"Parse error: syntax error, unexpected '}' in /*/**/_*/changed.php on line 114"

This should be simple to solve, but don't I need it for the "else" statement?

Derokorian

Its the same problem you had on another like that was addressed earlier in this thread. I'll leave it to you to find it this time, you need to be able to debug your own code if you are going to be writing code. We will not debug every single parse error for you.

Minecraft_iPod

Okay, found it, I've fixed a few problems as they came, but I can't figure this one out. No matter what I enter, I get my error "Uh Oh. Problemo. You've entered your username incorrectly. Please go back and try again."

<?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: index.php");
}

?>

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
		<style type="text/css">
#Menu ul
{
list-style-type:none;
margin-left: 100px;
margin-right: 100px;
padding:0;
overflow:hidden;
}
#Menu li
{
float:left;
}
#Menu a:link, #Menu a:visited
{
display:block;
width:204px;
font-weight:bold;
color:#FFFFFF;
background-color:#06799f;
text-align:center;
padding:4px;
text-decoration:none;
text-transform:uppercase;
border-width: medium
border-style: ridge
border-color: red
}
#Menu a:hover,a:active
{
background-color: red;
}

</style>
	</head>

<body>
	<center>

	<?php
	include "dbconfig.php";
	?>

		<div id="Menu">
		<ul>
		<li><a href="mainsite.php" title="Home">Home</a></li>
		<li><a href="currentcomic.php" title="Current Comic">Current Comic</a></li>
		<li><a href="othercomics.php" title="Other Comics">Other Comics</a></li>
		<li><a href="games.php" title="Games">Games</a></li>
		<li><a href="members.php" title="Members">Members</a></li>
		</ul>
		</div>

<?php

//Set up Username query
$u = "SELECT * FROM Members "
."WHERE username=".$_POST['username']." "
."LIMIT 1";
//Execute Username query
$f = mysql_query($u);

//Input vaildation and the dbase code
if ( $_GET["op"] == "pass" )
	{
	$bInputFlag = false;
	foreach ( $_POST as $field )
 		{
 		if ($field == "")
 			{
			$bInputFlag = false;
  			 }
 		else
  			{
			$bInputFlag = true;
   			}
 		}
	// If we had problems with the input, exit with error
 	if ($bInputFlag == false)
 		{
 		die("Uh Oh. Problemo. There was a problem with your new password. Please go back and try again.");
 		}

else
	{
	//If Username is correct
	if ($_POST['password'] == $f)
		{
		//Set up Password query
		$q = "Update `Members` set"
		."VALUES ('".$_POST["password"]."')";
		//Execute Password query
		$r = mysql_query($q);
		}
	//If Username is incorrect
	else
		{
		die("Uh Oh. Problemo. You entered your username incorrectly. Please go back and try again.");
		}
	} 
	// Make sure query inserted user successfully
	if ( !mysql_insert_id() )
		{
		die("Uh Oh. Problemo. Please send the details of the problem to our programmers using the Comments page. Thanks! Please go back and try again.");
		}
	else
		{
		// Redirect to thank you page.
		Header("Location: changed.php?op=pass");
		}
	} // end else

//The thank you page
elseif ( $_GET["op"] == "pass" )
	{
 	echo "<h2> Your password has been changed! Click <a href='mainsite.php' title='Main Site'> HERE </a> to go back to the main site! </h2>";
 	}

//The web form for input ability
else
	{
	echo "<form action=\"?op=pass\" method=\"POST\">\n";
	echo "<p> Username: </p>";
	echo "<p> <input name=\"username\" MAXLENGTH=\"50\"><br />\n </p>";
	echo "<p> New Password: </p>";
	echo "<p> <input type=\"password\" name=\"password\" MAXLENGTH=\"50\"><br />\n </p>";
	echo "<p> <input type=\"submit\">\n </p>";
	echo "</form>\n";
	}

?>

	<?php
	echo "<p> This page was last edited: " . date("r", filemtime("changed.php"));
	//This shows when the page was last edited
	?>

	</center>
</body>
 </html>

I've tried a few things, but no luck so far. 😕

Weedpacket

Parse errors are the easiest ones to find and correct - even PHP can do it without even running the script (which is a good thing, because it can't even parse the script).

They're the equivalent of typos in English, only much more obvious because the language is so much simpler and better-defined.

Minecraft_iPod

Yep, parse errors are easier to find, now that I'm getting used to them. But how can I get around this problem?

Weedpacket

Oh, now another problem....that certainly makes things easier for other users who are searching the forums - almost as much as the thread title does. Well:

item 1 of bradgrafelman's post #4 still applies.

Also, you're trying to compare a string ($_POST['password']) against a resource ($f).

Also, all this

    $bInputFlag = false;
    foreach ( $_POST as $field )
        {
        if ($field == "")
            {
            $bInputFlag = false;
               }
        else
              {
            $bInputFlag = true;
               }
        }
    // If we had problems with the input, exit with error
    if ($bInputFlag == false)
        {
        die("Uh Oh. Problemo. There was a problem with your new password. Please go back and try again.");
        }

is a roundabout way of saying

if(in_array("", $_POST))
{
	die("Uh Oh. Problemo. There was a problem with your new password. Please go back and try again.");
}

Also, handling user errors by writing a message with [man]die[/man] is like screaming at the user to get out, bundling them out the door, slamming it in their face, and sticking up a "CLOSED" sign. I've seen it called Soup Nazi style.

Minecraft_iPod

So, what do you think is the best way to check if the user's username matches the one in the database?

Weedpacket

Look at the username supplied by the user, look at the value in the database. If they're the same, then they match..... 😕

Ashley_Sheridan

It just takes a little bit pf practice, very soon you'll be making less and less mistakes. One thing I find very helpful is an editor with syntax highlighting, so something like Notepad++ or Kate are very good, and they support multiple languages.

Derokorian

Speaking of editors - Komodo Edit is free and provides lint in the software. No need to save, switch to browser / cli and run it to get parse errors. You'll get them right in the editor.