Parse error: syntax error, unexpected end of file in.. (HELP)

Hey its my first programming experiences and i really need help, (creating login system), the code:

<?php

if ($_POST['submit']) {

if (!$_POST['email']) $error.="Please enter your email";

else if (!filter_var[$_POST['email']. FILTER_VALIDATE_EMAIL]) $error.="Please enter a valid email address";

if (!$_POST['password']) $error.="<br />Please enter your password";
else {

if (strlen($_POST['password'])<8) $error.="<br />Please enter a password with at least 8 characters";
if (preg_match('`[A-Z]`'.$_POST['password'])) $error.="<br />Please include at least one capital letter in your password";

}

if ($error) echo "There were error(s) in your signup details:".$error;
else {


$link = mysqli_connect("localhost", "usr", "pswrd", "database");

$query="SELECT = FROM users WHERE email='" .$_POST['email'].";

$result = mysqli_query($link, $query);

echo $results = mysqli_num_rows($result);

}

}

?>

 <form method='post'>

 <input type='email' name=email' id='email' />
 <input type='password' name='password' />
 <input type='submit' name='submit' value='Sign up' />

</form>

For starters this

$query="SELECT = FROM users WHERE email='" .$_POST['email'].";

should be

$query="SELECT * FROM users WHERE email=" . $_POST['email'];

Or if you dont wanna select all fields just add the fields instead of the asterix e.g field1, field2

$query="SELECT name, age FROM users WHERE email=" . $_POST['email'];
1 Like

Thanks.

First below line

   else if (!filter_var[$_POST['email']. FILTER_VALIDATE_EMAIL]) $error.="Please enter a valid email address";

should be

else if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) $error.="Please enter a valid email address";

and second

$query="SELECT = FROM users WHERE email='" .$_POST['email'].";

should be

$query="SELECT = FROM users WHERE email= '" .$_POST['email']."'";

i hope this will help you

1 Like

Hey TenDoLLA arleady solved, thanks.

The part that is called first part in the message by pbsonawane should be fixed too. I think it should throw error also if left as it is.

You’re vulnerable to SQL Injection as you’re not escaping the user submitted data. You really should be using prepared statements which eliminate the risk of SQL Injection attacks

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.