What On Earth Is This Outlandish Error?

Programming Buddies,

Here’s my latest script. It is a member reg-login script.
It registers you and gets you to activate your account confirming your email and then auto logs you into your account. It uses cookies to remember your user details. It was working fine until I added the feature for you to make posts to your friends or the public.
I get error:

PHP Parse error: syntax error, unexpected ‘"’, expecting ‘-’ or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /home/sn/public_html/sn/home.php on line 168

On many lines, I changed from:

$query = “SELECT * FROM users WHERE Username = '”.$user.“'”;

to:

$query = "SELECT * FROM users WHERE Username = ‘$user’;

but no luck in getting rid of the error. You will see line 168 doesn’t have any ".
I use notepad++. Error mssg seems irrelevant.

And so, looking at the error and my script, what do you think the problem is ? Best to c
heck my code on your wamp/xampp to really understand the problem.

Thank You!

PPS - Script in next post.

This line is already wrong. Aside from the legacy code, you start the query with a double quote, but end it with a single quote. I would say use prepared statements, but I doubt that would make any difference if one keeps stuffing raw variable in the query string.

1 Like

register.php

<!DOCTYPE html>
<html>
<head>
<title>Signup Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<center><h2>Signup Form</h2></center>
<form method="post" action="">
<div class="form-group">
<center><label for="username">Username:</label>
<input type="text" class="form-control" id="user" placeholder="Enter a unique Username" name="member_registration_username"></center>
</div>
<div class="form-group">
<center><label for="password">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter new Password" name="member_registration_password"></center>
</div>
<div class="form-group">
<center><label for="password">Repeat Password:</label>
<input type="password" class="form-control" id="member_registration_repeat_pwd" placeholder="Repeat new Password" name="member_registration_password_confirmation"></center>
</div>
<div class="form-group">
<center><label for="forename">First Name:</label>
<input type="text" class="form-control" id="member_registration_first_name" placeholder="Enter your First Name" name="member_registration_forename"></center>
</div>
<div class="form-group">
<center><label for="surname">Surname:</label>
<input type="text" class="form-control" id="member_registration_last_name" placeholder="Enter your Surname" name="member_registration_surname"></center>
</div>
<div class="form-group">
<center><label for="email">Email:</label>
<input type="email" class="form-control" id="member_registration_email" placeholder="Enter your Email" name="member_registration_email"></center>
</div>
<div class="form-group">
<center><label for="email">Repeat Email:</label>
<input type="email" class="form-control" id="member_registration_repeat_email" placeholder="Repeat your Email" name="member_registration_email_confirmation"></center>
</div>
<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
</form>
</div>
</body>
</html>
<?php
require "conn.php";
if (isset($_POST['submit']))
{
if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_password_confirmation"])&& !empty($_POST["member_registration_email"])&& !empty($_POST["member_registration_email_confirmation"])&& !empty($_POST["member_registration_forename"])&& !empty($_POST["member_registration_surname"]))
{
$member_registration_account_activation = 0;
$member_registration_random_numbers = random_int(0, 9999999999);

$member_registration_username = trim($_POST["member_registration_username"]);
$member_registration_forename = trim($_POST["member_registration_forename"]);
$member_registration_surname = trim($_POST["member_registration_surname"]);
$member_registration_password = trim($_POST["member_registration_password"]);
$member_registration_password_confirmation = trim($_POST["member_registration_password_confirmation"]);
$member_registration_email = trim($_POST["member_registration_email"]);
$member_registration_email_confirmation = trim($_POST["member_registration_email_confirmation"]);
$member_registration_account_activation_code = trim("$member_registration_random_numbers");

$member_registration_username = mysqli_real_escape_string($conn,$_POST["member_registration_username"]);
$member_registration_forename = mysqli_real_escape_string($conn,$_POST["member_registration_forename"]);
$member_registration_surname = mysqli_real_escape_string($conn,$_POST["member_registration_surname"]);
$member_registration_password = mysqli_real_escape_string($conn,$_POST["member_registration_password"]);
$member_registration_password_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_password_confirmation"]);
$member_registration_email = mysqli_real_escape_string($conn,$_POST["member_registration_email"]);
$member_registration_email_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_email_confirmation"]);
$member_registration_account_activation_code = mysqli_real_escape_string($conn,$member_registrati on_account_activation_code);

if($member_registration_email != $member_registration_email_confirmation)
{
echo "<center>Your email inputs do not match! Try inputting again and then re-submit.</center>";
$conn->close();
exit();
}
else
{
}
if($member_registration_password != $member_registration_password_confirmation)
{
echo "<center>Your password inputs do not match! Try inputting again and then re-submit.</center>";
$conn->close();
exit();
}
else
{
}

$sql_check_username_in_pending_users = "SELECT * FROM pending_users WHERE Username='".$member_registration_username."'";
$result_username_in_pending_users = mysqli_query($conn,$sql_check_username_in_pending_ users);
if(mysqli_num_rows($result_username_in_pending_use rs)>0)
{
echo "<script>alert('That Username $member_registration_username is pending registration!')</script>";
exit();
}

$sql_check_username_in_users = "SELECT * FROM users WHERE Username='".$member_registration_username."'";
$result_username_in_users = mysqli_query($conn,$sql_check_username_in_users);
if(mysqli_num_rows($result_username_in_users)>0)
{
echo "<script>alert('That Username $member_registration_username is already registered!')</script>";
exit();
}

$sql_check_email_in_pending_users = "SELECT * FROM pending_users WHERE Email='".$member_registration_email."'";
$result_email_in_pending_users = mysqli_query($conn,$sql_check_email_in_pending_use rs);
if(mysqli_num_rows($result_email_in_pending_users) >0)
{
echo "<script>alert('That Email $member_registration_email is pending registration!')</script>";
exit();
}

$sql_check_email_in_users = "SELECT * FROM users WHERE Email='".$member_registration_email."'";
$result_email_in_users = mysqli_query($conn,$sql_check_email_in_users);
if(mysqli_num_rows($result_email_in_users)>0)
{
echo "<script>alert('That Email $member_registration_email is already registered!')</script>";
exit();
}

$sql = "INSERT INTO pending_users(Username,Password,Email,Forename,Sur name,Account_Activation_Code,Account_Activation) VALUES('".$member_registration_username."','".$mem ber_registration_password."','".$member_registrati on_email."','".$member_registration_forename."','" .$member_registration_surname."','".$member_regist ration_account_activation_code."','".$member_regis tration_account_activation."')";
if($conn->query($sql)===TRUE)
{
echo "Data insertion into table success!";
}
else
{
echo "Data insertion into table failure!";
$conn->close();
exit();
}

$to = "$member_registration_email";
$subject = "Account Activation!";
$body = "$member_registration_forename $member_registration_surname,\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
http://www.yourdomain.com/activate_account.php?email=$member_registration_em ail&&member_registration_account_activation_code=$ member_registration_account_activation_code";
$from = "YOUR EMAIL GO HERE";
$message = "from: $from";

mail($to,$subject,$body,$message);
echo "<script>alert('Check your email for further instructions!')</script>";
$conn->close();
}
else
{
echo "<script>alert('You must fill-in all input fields!')</script>";
$conn->close();
}
}

?>

activate_account.php

<?php
session_start();
require "conn.php";


    //Grab User's (account activator's) email and account activation code from account activation link's url. Check for email and account activation code details in the account activation link's url.
    
if(!isset($_GET["email"], $_GET["member_registration_account_activation_code"]) === TRUE)
{
    echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account!')</script>";
    echo "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href="register.php">Register here!</a>";
    $conn->close();
    exit();
}
else
{
    $confirmed_email = trim($_GET["email"]);
    $member_registration_account_activation_code = trim($_GET["member_registration_account_activation_code"]);
    
    $confirmed_email = mysqli_real_escape_string($conn,$confirmed_email);
    $member_registration_account_activation_code = mysqli_real_escape_string($conn,$member_registration_account_activation_code);
    
    
    //Check User's Username against "users" tbl to see if it has already been taken or not whilst the User was in midst of activating his/her account. Give error message if already taken.
    
    $query = "SELECT * FROM users WHERE Email = '".$confirmed_email."'";
    $result = mysqli_query($conn,$query);
    $numrows = mysqli_num_rows($result);
    if($numrows != 0)
    {    
        echo "<script>alert('That email '".$confirmed_email."' is already registered! So, just login!')</script>";
        echo "That email '".$confirmed_email."' is already registered! So, just <a href="login.php">login here!</a>";
        $conn->close();
        exit();
    }
    else
    {
        //Grab User's details from "pending_users" table. Search for User's data with his/her confirmed Email Address.
            
        $query = "SELECT * FROM pending_users WHERE Email = '".$confirmed_email."'";
        $result = mysqli_query($conn,$query);
        $numrows = mysqli_num_rows($result);
        if($numrows = 0)
        {        
            echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account!')</script>";
            echo "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href="register.php">Register here!</a>";
            $conn->close();
            exit();
        }
        else
        {
            while($row = mysqli_fetch_assoc($result))
            {      
                $db_id = $row["Id"];
                $db_username = $row["Username"];
                $db_password = $row["Password"];
                $db_email = $row["Email"];
                $db_forename = $row["Forename"];
                $db_surname = $row["Surname"];
                $db_account_activation_code = $row["Account_Activation_Code"];
                $db_account_activation = $row["Account_Activation"];            
        
                if($db_account_activation != 0)    
                {
                    echo "<script>alert('Since your account is already activated, why are you trying to activate it again ? Just login!')</script>";
                    echo "Since your account is already activated, why are you trying to activate it again ? Just <a href="login.php">login here!</a>";
                    $conn->close();
                    exit();
                }
                else
                {
                    $conn->query("UPDATE pending_users SET Account_Activation 1 WHERE Email = '".$confirmed_email."'");
                    
                    
                    //Create table under $username to hold User's account activity data.

                    $sql = "CREATE TABLE $db_username (
                    Id INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
                    Date_&_Time TIMESTAMP NOT NULL ON UPDATE CURRENT_TIMESTAMP,
                    Account_Activation_Code varchar(10) NOT NULL,
                    Username varchar(30) NOT NULL,
                    Password varchar(32) NOT NULL,
                    Email varchar(50) NOT NULL,
                    Forename varchar(30) NOT NULL,
                    Surname varchar(30) NOT NULL,
                    Profile_Pic longblob NULL,
                    Bio varchar(250) NOT NULL,
                    Status_To_Friends varchar(180) NOT NULL)
                    Status_To_Public varchar(180) NOT NULL)";
    
                    if ($conn->query($sql) != TRUE)
                    {
                        echo "Error creating table under $username to hold User's account activity data!: " . mysqli_error($conn);
                        $conn->close();
                    }
                    else
                    {
                        //Copy $user's registration data from "pending_users" table to "$username" table.
    
                        $sql = "INSERT INTO $db_username (Username,Password,Email,Forename,Surname,Account_Activation_Code) VALUES('$db_username','$db_password','$db_email','$db_forename','$db_surname','$db_account_activation_code')";

                        if($conn->query($sql) != TRUE)
                        {
                            echo "inserting data into $db_username table failed! " . mysqli_error($conn);
                            $conn->close();
                            
                        }
                        else
                        {    
                            //Copy $user's registration data from table "pending_users" to table "users".
    
                            $sql = "INSERT INTO users (Username,Password,Email,Forename,Surname,Account_Activation_Code) VALUES('$db_username','$db_password','$db_email','$db_forename','$db_surname','$db_account_activation_code')";

                            if($conn->query($sql) != TRUE)
                            {
                                echo "inserting data into table users failed! " . mysqli_error($conn);
                                $conn->close();
                                
                            }
                            else
                            {    
                                $user = $db_username;
                                $userid = $db_id;
                                $_SESSION["user"] = $user;
                        
                        
                                //Redirect newly activated user to his/her account homepage.
                                
                                header("location:home.php");    
                            }
                        }    
                    }    
                }
            }
        }
    }
}

?>

login.php

<?php
session_start();
require "conn.php";
if(isset($_POST["member_login_submit"]))
{
    if(!empty($_POST["member_login_username_or_email"]) && !empty($_POST["member_login_password"]))
    {
        $member_login_username_or_email = trim($_POST["member_login_username_or_email"]);
        $member_login_password = trim($_POST["member_login_password"]);
        
        $member_login_username_or_email = mysqli_real_escape_string($conn,$_POST["member_login_username_or_email"]);
        $member_login_password = mysqli_real_escape_string($conn,$_POST["member_login_password"]);
        
        $sql = "SELECT * FROM users WHERE Username='".$member_login_username_or_email."' OR Email='".$member_login_username_or_email."' AND Password='".$member_login_password."'";
        $result = mysqli_query($conn,$sql);
        $numrows = mysqli_num_rows($result);        
        if($numrows != 0)
        {
            while ($row = mysqli_fetch_assoc($result))
            {
                $db_id = $row["Id"];
                $db_username = $row["Username"];
                $db_password = $row["Password"];
                $db_email = $row["Email"];                                        
                if  ($member_login_username_or_email == $db_username && $member_login_password == $db_password || $member_login_username_or_email == $db_email && $member_login_password == $db_password)            
                {
                    $user = $db_username;
                    $userid = $db_id;
                    $_SESSION["user"] = $user;
                    if(!empty($_POST["member_login_remember"]))
                    {
                        setcookie("member_login_username_or_email", $member_login_username_or_email, time()+ (10 * 365 * 24 * 60 * 60));
                        setcookie("member_login_password", $member_login_password, time()+ (10 * 365 * 24 * 60 * 60));                        
                    }
                    else
                    {
                        if(isset($_COOKIE["member_login_username_or_email"]))
                        {
                            setcookie("member_login_username_or_email", "", "");
                        }
                        if(isset($_COOKIE["member_login_password"]))
                        {
                            setcookie("member_login_password", "", "");
                        }
                    }    
                header("location:home.php");
                }
                else
                {
                    echo "<script>alert('Incorrect account details!')</script>";
                    $conn->close();
                }
            }
        }
        else
        {
            echo "<script>alert('Incorrect User details!')</script>";
            $conn->close();
        }
    }
    else
    {
        echo "<script>alert('You must type in your account Username or Email and then the Password!')</script>";
        $conn->close();
    }
}

?>
<!DOCTYPE html>
<html>
<head>
<title>Member Login Page</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3>Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label for="member-login-username-or-email">Username/Email:</label>
<input type="text" class="form-control" placeholder="Enter Username or Email" name="member_login_username_or_email" value="<?php if(isset($_COOKIE["member_login_username_or_email"])) echo $_COOKIE["member_login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label for="member-login-password">Password:</label>
<input type="password" class="form-control" placeholder="Enter password" name="member_login_password" value="<?php if(isset($_COOKIE["member_login_password"])) echo $_COOKIE["member_login_password"] ;?>"></center>
</div>
<div class="form-group">
<center><label for="member-login-remember">Remember Login Details:</label>
<input type="checkbox" name="member_login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="member_login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="member_login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="member_register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>

home.php

<html>
<head>
<title>
$user Home Page
</title>
</head>
<body>
<body background=".png">

<?php
session_start();
require "conn.php";

/*Check if user is logged-in or not by checking if session is set or not.
If user is not logged-in then redirect to login page. Else, show user's account's homepage.php.*/

if(!isset($_SESSION["user"]))
{
    header("location:login.php");
}
else
{
    $user = $_SESSION["user"];
    $query = "SELECT * FROM users WHERE Username = '".$user."'";
    $result = mysqli_query($conn,$query);
    while($row = mysqli_fetch_assoc($result))
    {
        $db_id = $row["Id"];
        $db_username = $row["Username"];
        $db_forename = $row["Forename"];
        $db_surname = $row["Surname"];
        $db_email = $row["Email"];
        $db_bio = $row["Bio"];
        $db_status = $row["Status"];
    
    
        //Welcome user by name.
        echo "<center>Welcome <b><h2>$db_forename $db_surname!</center>"?></h2></b>|

        <?php
        //Display log-out link.
        echo "<p align='right'><a href='logout.php'>$user Log Out</a>";?>|</p><br>
    
        <form method="post" action="">    
        <div class="form-group">
        <center><label for="post_status_to_friends">Post Status To Friends:</label>
        <input type="text" class="form-control" id="post_status_to_friends" placeholder="Post Status To Friends" name="post_status_to_friends"></center><br>
        <center><button type="submit" class="btn btn-default" name="post_status_to_friends">Post Status To Friends!</button></center>
        </div>

        <form method="post" action="">
        <div class="form-group">
        <center><label for="post_status_to_public">Post Status To Public:</label>
        <input type="text" class="form-control" id="post_status_to_public" placeholder="Post Status To Public" name="post_status_to_public"></center><br>
        <center><button type="submit" class="btn btn-default" name="post_status_to_public">Post Status To Public!</button></center>
        </div>
    
        <?php
        //Post User Status To Friends in $user table.
    
        if  (isset($_POST['post_status_to_friends']))
        {
            $status_to_friends = trim($_POST["post_status_to_friends"]);
            $status_to_friends = mysqli_real_escape_string($conn,$status_to_friends);
        
            $conn->query("UPDATE $user SET Status_To_Friends $status_to_friends WHERE Username = '".$user."'");
            if($conn->query($sql)===TRUE)
            {
            echo "posted status for friends to $user table!";
            $conn->close();
            exit();
            }
        else    
        {
            echo "posting status for friends to $user table failed!";
            $conn->close();
            exit();
        }
    
        //Post User Status To Friends in users table.
        $conn->query("UPDATE users SET Status_To_Friends $status_to_friends WHERE Username = '".$user."'");
        if($conn->query($sql)===TRUE)
        {
            echo "posted status for friends to users table!";
            $conn->close();
            exit();
        }
        else    
        {
            echo "posting status for friends to users table failed!";
            $conn->close();
            exit();
        }
        
        //Display User Status To Friends. Search for User's data with $user.
            
        $query = "SELECT * FROM $user WHERE Username = '".$user."'";
        $result = mysqli_query($conn,$query);
        $numrows = mysqli_num_rows($result);
        if($numrows = 0)
        {        
        echo "No data!";
        $conn->close();
        exit();
        }
        else
        {
            while($row = mysqli_fetch_assoc($result))
            {      
                $db_status_to_friends = $row["Status_To_Friends"];
            }
            echo "<br><b>$user Status To Friends:</b><br>
            $db_status_to_friends";?><br>
            <br>
    
        <?php
        //Post User Status To Public in $user table.
    
        if  (isset($_POST['post_status_to_public']))
        {
            $status_to_public = trim($_POST["post_status_to_public"]);
            $status_to_public = mysqli_real_escape_string($conn,$status_to_public);
        
            $conn->query("UPDATE $user SET Status_To_Public $status_to_public WHERE Username = '".$user."'");
            if($conn->query($sql)===TRUE)
            {
                echo "posted status for public to $user table!";
                $conn->close();
                exit();`
            }
            else    
            {
                echo "posting status for public to $user table failed!";
                $conn->close();
                exit();
            }
    
        //Post User Status To Public in users table.
        $conn->query("UPDATE users SET Status_To_Public $status_to_public WHERE Username = '".$user."'");
        if($conn->query($sql)===TRUE)
        {
            echo "posted status for public to users table!";
            $conn->close();
            exit();
        }
        else    
        {
            echo "posting status for public to users table failed!";
            $conn->close();
            exit();
        }
    
        //Display User Status To Public. Search for User's data with $user.
            
        $query = "SELECT * FROM $user WHERE Username = '".$user."'";
        $result = mysqli_query($conn,$query);
        $numrows = mysqli_num_rows($result);
        if($numrows = 0)
        {        
            echo "No data!";
            $conn->close();
            exit();
        }
        else
        {
            while($row = mysqli_fetch_assoc($result))
            {      
                $db_status_to_public = $row["Status_To_Public"];
            }
            echo "<br><b>$user Status To Public:</b><br>
            $db_status_to_public";?><br>
            <br>
      
        <?php
        //Display User Bio.  
        echo "<br><b>Bio:</b><br>
        $db_bio";?><br>
        <br>

        <?php
        //Display iFrame.?>
        <iframe src="https://www.w3schools.com"></iframe>
        <?php
        }    
    }
}
?>

</body>
</html>

I prefer using single quotations for text and concatenation to append the variable instead of embedding the variable inside double quotes because if the variable is missing, an error is generated.

$query = 'SELECT * FROM users WHERE USERNAME ="' . $user .'"';

1 Like

Yeah, from my honest opinion, I would say trash it and start over fresh. That isn’t even PHP 7 qualified. That’s more like PHP 5.2 qualified.

2 Likes

You are mistaken here. A missed variable is a missed variable, no matter how it’s written. And actually the initial error for the OP is the exact consequence of this messy syntax, as one can be easily confused with all these quotes, while inline syntax is plain and simple.

Nevertheless, adding a variable into a query directly is wrong anyway and someday inevitably will lead to SQL injection.

Looking through home.php, it seems to me that line 168 reads:

$db_status_to_public = $row["Status_To_Public"];

which doesn’t really tally with the error message you are showing. Is that really line 168, or did I miscount?

There are one or two other things I spot in that code, for example you output a load of HTML code before you go into PHP, but then if the session variable isn’t set, you then try to do a header redirect, which would just give “headers already sent”. You’ve got a few other typos, for example:

$numrows = mysqli_num_rows($result);
if($numrows = 0)

probably isn’t what you meant.

There’s also a lot of inconsistency, for example some of your queries are called using the procedural

$result = mysqli_query($conn,$query);

but some are called using the OO method

$conn->query("UPDATE users SET Status_To_Public $status_to_public WHERE Username = '".$user."'");

and while I think it possibly doesn’t make any difference, I just think it’d be easier to debug if you did things the same way all the way through. Similarly:

$query = "SELECT * FROM $user WHERE Username = '".$user."'";

In this code you’re happy to use the default PHP string-handling to substitute the value of $user for your table name at the start of the query string, but towards the end you feel the need to split the string and handle the concatenation yourself. I personally prefer the latter method, though I’d using bound parameters in this case anyway, but pick one and stick to it. Makes things so much easier to read.

It also doesn’t (on first glance, it’s a bit hard to follow) look as if it’ll get to line 168 in any case. Just before this line

//Post User Status To Public in users table.

you check

 if  (isset($_POST['post_status_to_public']))

and then run a query to set status_to_public, but whether that query runs or not, you close $conn and exit.

2 Likes

on line 129 you have an extraneous backtick…

exit();`
1 Like

Good spot, that won’t help the parsing at all.

I usually do it like this but the video youtube tut showed to do it like the following. Might be due to it was mysql_real_escaped earlier on.

Thank you for pointing it out that it is php 5 code. I have no learnt how to spot php 5 code and php 7.
Php 7 usually uses the → while php 5 and earlier use ().

EG.

Php 7:
$sql = “SELECT * FROM users WHERE Username = '”.$user.“'”;
$result = $mysqli->query($sql);
while($row = $result->fetch_assoc())
{

Php 5:
$sql = “SELECT * FROM users WHERE Username='”.$member_login_username_or_email.“’ OR Email='”.$member_login_username_or_email.“’ AND Password='”.$member_login_password.“'”;

$result = mysqli_query($conn,$sql);
$numrows = mysqli_num_rows($result);
if($numrows != 0)
{
while ($row = mysqli_fetch_assoc($result))
{

This was the code:

//Display User Status To Public. Search for User’s data with $user.

		$query = "SELECT * FROM $user WHERE Username = '".$user."'";
		$result = mysqli_query($conn,$query);
		$numrows = mysqli_num_rows($result);
		if($numrows = 0)
		{		
			echo "No data!";
			$conn->close();
			exit();
		}
		else 
		{
			while($row = mysqli_fetch_assoc($result)) 
			{	  
				$db_status_to_public = $row["Status_To_Public"];
			}
		echo "<br><b>$user Status To Public:</b><br>
		$db_status_to_public";?><br>
		<br>
		}

Line 168 starts with the WHILE.

Frankly, I do not know the difference between the procedural and oop.
I got the codes from youtube tuts. I thought just a min ago maybe one was php 5 and the other php 7.
Browse above what I replied to SpaceShipTrooper.

I said before, I’m a complete newbie who managed to read up upto ARRAYS chapter from php.net and got confused and so switched to tuts on youtube. I didn’t know they were each coding differently.
I am now gonna stick to 1 or 2 channels and not mix and match codes from 10 anymore. That way I do not mix styles (if you get what I mean).
Anyway, from my mistakes I am learning a lot of things from you guys.

No, there was no typo here:

$numrows = mysqli_num_rows($result);
if($numrows = 0)

The youtube tut showed to check if theere is a match on any row. Showed to do it like that. I think it was from the “Geeky Vivek” channel. Check his channel for the member login-reg series.
Anyway, how would you yourself code it ?

I fixed that when a lot of programmers spotted it.
But thanks for spotting it too.

Still PHP 5.2 qualified. Using -> means nothing. You’re using OOP mysqli_* and “classifying” it as PHP 7. Nothing PHP 7 related at all. If you want PHP 7, the space ship operator IS PHP 7 because it WAS introduced in PHP 7.

I would stop “classifying” things as PHP 7 or PHP 5 at this point. I would just classify it as PHP because like I have said, PHP 7 IS NOT an entirely new language.


Hint: You are still stuffing raw data into the query string hence PHP 5.2 qualifed. Well, I would say mysql_* era.

If you are programming locally then try these three lines at the top of each page because they will immediately show the majority of errors.

<?php
  declare(strict_types=1); // PHP 7 specific and FILE WIDE
  error_reporting(-1); // MAXIMUM ERRORS - also for includes and requires
  ini_set('display_errors','true'); // also for includes includes/requires
  ini_set('display_startup_errors', '1'); // MAYBE NOT NECESSARY

// the remaining script

I copied, pasted and ran “register.php” and found numerous syntax errors.

Also it is far better not to use the closing ?> tag to prevent elusive errors. Try Googling “PHP White Space errors”.

1 Like

I guess that’s the problem with on-line tutorials - there’s no-one checking the quality and accuracy of the stuff they post, and anyone can post anything. As you noted in your next post, it’s clearly wrong because of the single equal-sign, a common typo, but something you’d think anyone posting tutorials might check before they start giving advice to others.

In terms of how it’s coded, the -> in something like $conn->query() generally indicates that you’re using OOP methods, where the native functions such as mysqli_query() are procedural. If you look on php.net for documentation on a specific function, it will generally spell this out.

In terms of what is “better” and why you should pick one over the other, neither do I. I just think it’s “better” to be consistent, pick one way and stick to it. As you get more familiar with PHP, you’ll see how to “convert” a sample bi of code from one method to another if it’s not the way you want it to be.

Yeah, I figured the → was not from php 7 but OOP (on another thread).
As for stuffing raw data onto query, I won;t understand what you mean unless I get a bot more experienced in php. returning back to php.net tomorrow or so and so I look forward to understanding you guys a bit more better in the future!
I kno mysql_ is deprecated on php 5. Now, it is mysqli_ which is probably about to go extinct at the hands of pdo.

SpacehipTrooper. Nice name. Tried registering a domain name under names like that or building an SN related to ET stuffs ? Once php is out of my way, heading towards python and game programming (android). Let me see if I can build a space ship type game for android. Lol!

And has been removed entirely from PHP 7.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.