-1

I made a database called login with a table called users. Now it says parse error, line 68

Here's my code:

<?php

$host ='localhost';
$user = 'root';
$pass ='' ;
$db = 'login';


mysql_connect($host, $user, $pass);
mysql_select_db($db);



if(isset($_POST ['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];



$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1) {

    echo "You are now logged in";

    exit();

} else {

    echo "Password or Username is wrong. Please try again";

exit();
}

?>





<html>
<head>
<title> Login </title>
</head>


<body>
<form method='post' action='login.php'>
<input type='text' name='Username' value="" />
<input type='password' name='password' value=''/>
<input type='submit' name='submit ' value='Log In' / >

</form>

    <?php
$username = "TheAsher";
$password = "TheAsher";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) 
  or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
?>

</body>

</html>
baao
  • 71,625
  • 17
  • 143
  • 203
E S
  • 358
  • 4
  • 15
  • 2
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. – Jay Blanchard Oct 28 '14 at 17:16
  • You should research what SQL Injection attacks are. Consider what would happen if there was a user with the username "bob" and I wanted to access his account. I could sign into his account by using the username `bob'--` because the query would then be `"SELECT * FROM users WHERE username='bob'--'....` where -- is a SQL comment and would comment out the password segment. – DampeS8N Oct 28 '14 at 17:17
  • Bobby Tables: http://xkcd.com/327/ – Sonny Oct 28 '14 at 17:26

2 Answers2

0

You do not close your if (isset($_POST ['username'])) { condition with }

<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'login';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST ['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $sql = "SELECT * FROM users WHERE username='" . $username . "' AND password='" . $password . "' LIMIT 1";
    $res = mysql_query($sql);
    if (mysql_num_rows($res) == 1) {
        echo "You are now logged in";
        exit();
    } else {
        echo "Password or Username is wrong. Please try again";
        exit();
    }
}
?>
<html>
    <head>
        <title> Login </title>
    </head>
    <body>
        <form method='post' action='login.php'>
            <input type='text' name='Username' value="" />
            <input type='password' name='password' value=''/>
            <input type='submit' name='submit ' value='Log In' / >
        </form>
        <?php
        $username = "TheAsher";
        $password = "TheAsher";
        $hostname = "localhost";
//connection to the database
        $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
        echo "Connected to MySQL<br>";
        ?>
    </body>
</html>
vaso123
  • 12,347
  • 4
  • 34
  • 64
  • 2
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. – Jay Blanchard Oct 28 '14 at 17:17
  • I've just fixed and updated the OP code. I do not know, why i've got 3 downvotes. – vaso123 Oct 28 '14 at 17:18
  • 1
    There isn't three down-votes here, if I click on the votes I see one up and one down negating each other. If I would guess it is because a) you continued with `mysql_` functions and 2) did not correct for the possibility of SQL injection. – Jay Blanchard Oct 28 '14 at 17:20
  • ok, maybe i saw something else. i saw 2 up / 2 down, and 1 up / 1 down. doesn't matter. next time will fix those issues. – vaso123 Oct 28 '14 at 19:33
0

This is injection safe method with PDO, and I recommend you to use it:

<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'login';
//PDO database connection - I do not prefer to use variables with pdo connection 
$dbc = new PDO('mysql:dbname=login;host=localhost', 'root', '');
if(isset($_POST['username'])) {
//if username is not empty your code starts here
$connect=$dbc->prepare("SELECT * FROM users WHERE username=:username LIMIT 1");
//code above suppose that username can not have duplicate
$connect->execute(array('username'=>$_POST['username']));
$connectfetch=$connect->fetch();
if(count($connectfetch)==1) {
//this control if there is user with username that was entered if does we will control the password if not we will output no user error
if($connectfetch[password]==$_POST['password']) {
echo "You are now logged in."; }
else { "Password you entered is wrong."; }
} else { echo "User you have entered does not exist."; }
} else { echo "Username can not be empty"; }

This is what can help you, and method you can follow.

mandza
  • 330
  • 9
  • 24