Login Process Parse Error: Syntax Error

Question

hello guys please help me with my code in login process there's an error message

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

in line $_SESSION['userid'] = $row['userid'];

Here's my complete code of loginprocess:

session_start(); 
$message = "";

if(count($_POST) > 0){
    $conn = mysql_connect("localhost", "root", "");
    mysql_select_db("etransmittal", $conn);
    $result = mysql_query("SELECT * FROM tbl_userlist WHERE username = '" . $_POST["username"] . "' AND user_password = '" . $_POST["password"] . "');
    $row = mysql_fetch_array($result);

    if(is_array($row)){
        $_SESSION['userid'] = $row['userid'];
        $_SESSION['username'] = $row['username'];
    }
    else{
        $message = "Invalid username or password";
    }
}

if(isset($_SESSION['userid'])){
    header("location: userhomepage.php");
}

Do you haven a editor with syntax highlighting? Even Stack Overflow code formatter clearly shows the error. — Álvaro González, Dec 02 '15 at 09:25
BTW, you don't need a password if you type `' or 1=1 -- ` as user. Is it a bug or a feature? ;-P — Álvaro González, Dec 02 '15 at 09:26

score 1 · Accepted Answer · answered Dec 02 '15 at 07:11

1

You had one double quote missing, I have fixed it :

$result = mysql_query("SELECT * FROM tbl_userlist WHERE username = '" . $_POST["username"] . "' AND user_password = '" . $_POST["password"] . "'");

answered Dec 02 '15 at 07:11

thepiyush13

1,321
1
8
9

score 0 · Answer 2 · answered Dec 02 '15 at 09:22

<?php
    if( $_POST['submit_button']=='Login'  ) {

                        $userdata = "select * from usertbl WHERE username = '".$_POST['username']."'  ";
                        $res = mysql_query($userdata);
                        $userdata = mysql_fetch_array($res);
                        $userDetail = $userdata[0];

                        if(  ( $userDetail['username'] == $_POST['username'] )  &&  ( $userDetail['password'] == md5($_POST['password']) ) ){

                                $_SESSION['userid'] = $userDetail['id'];
                                $_SESSION['username'] = $userDetail['username'];
                                $_SESSION['useremail'] = $userDetail['email'];


                                header("Location:Dashboard.php");

                        }   else {
                                header("Location:index.php");
                        }
                }
?>

<form action="" method="POST">
    <input type="text" name="username" > 
    <input type="text" name="password" > 
    <input type="submit" name="submit_button" value="login"> 
</form>

Login Process Parse Error: Syntax Error

2 Answers2