Unexpected } on line 20

General PHP Help
#1

I am having the error as defined in the title with the code below.

[php]<?php
include("…/database/config.php"); //config file for the database
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
$check = (“SELECT * FROM accounts WHERE user=’.$user.’ AND pass=’.$pass’”);
$rows = mysqli_num_rows($query);

    if($rows !=0)
    {
        while ($row = mysqli_fetch_assoc($query))
        {
            $checkuser = $row['username'];
            $checkpass = $row['password'];
        }
        if ($user == $checkuser && $pass == $checkpass)
        {
           session_start();
            $_SESSION['sess_user']=$user;
            header("Location:../")
        }
        else
        {
            echo"The username or password you used was incorrect. Please go back and try again!";
        }
    }

?>[/php]

#2

You are missing a semicolon on line 19. You have many other problems with this code.

  1. NEVER EVER put variables in a query. You need to use prepared statements
  2. Do not create variables for nothing.
  3. Do not SELECT *. Specify the column names you want
  4. You are not killing the script after the header redirect.
  5. The else should be outside if the first if
  6. The second if is reduntant
    7. DO NOT EVER USE PLAIN TEXT PASSWORDS
#3

I’m new to this PHP stuff :frowning: does it show through?

I intend to hash once this is working!

#4

That’s almost like saying I will use real gasoline until I will use water to run my car. For some strange reason it never seems to work. ::slight_smile:

I from the school learn it right the first time, so you don’t have to do double the work when you want to really use it.

Setting up a secure password takes one line of extra code ->
[php] /* Secure the Password by hashing the user’s password. */
$data[‘password’] = password_hash($data[‘password’], PASSWORD_BCRYPT, array(“cost” => 15));[/php]

and retrieving the password word isn’t that much harder ->
[php] $this->user = $this->stmt->fetch();

    /*
     * If password matches database table then login user otherwise send back false.
     */
    if (password_verify($password, $this->user->password)) {[/php]

This is just my opinion and one reason I responded to this thread is that these forums haven’t been getting much traffic lately. :frowning:

BTW I recommend PDO over mysqli for I think once you learn PDO it’s easier and more versatile than mysqli.

Sponsor our Newsletter | Privacy Policy | Terms of Service