Parse error: syntax error, unexpected T_ELSE

whathappenswhen53

New Member
Messages
2
Reaction score
0
Points
0
Hi everyone,
I have a tiny problem that I need experienced help with.
I searched the net for hours but I couldn't find a solution to this problem.
so consider this as my last ditch effort for a solution.

I get this error message.
Code:
Parse error: syntax error, unexpected T_ELSE in /www/htdocs/login.php on line 26
Seems simple enough to solve.
However I checked the syntax through and through and no solution.

Here's my PHP coding:
PHP:
<?php

$username = $_POST["username"];
$password = $_POST["password"];

if ($username&&$password)
{
    $connect = mysql_connect("localhost","username","password") or die ("Couldn't connect!");
    mysql_select_db("DB_name") or die ("Couldn't find DB");
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
    while ($row = mysql_fetch_assoc($query))
    {
        $dbusername = $row["username"];
        $dbpassword = $row["password"];
    }
    
    // check to see if they match!
    if ($username==$dbusername&&$password==$dbpassword);
    {
        echo "Your're in!";    
    }
    else
    echo "Wrong Password!";
}
else
die("That user doesn't exist!");


    }
else
die ("Please enter a username and a password!");
?>
Please, a solution to this problem will give you good karma :redface:.
 
Last edited:

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Line 22 is your problem:

Code:
    if ($username==$dbusername&&$password==$dbpassword);

Remove the ; - the ; is telling php that there actually isn't anything to do if the "if" condition matches. If you remove that it'll either start working, or give a different error for us to look at :)
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
There are other problems with your code you need to address.

PHP:
$connect = mysql_connect("localhost","username","password") or die ("Couldn't connect!");
    mysql_select_db("DB_name") or die ("Couldn't find DB");
Don't use die if you're outputting HTML.

Don't use SELECT *; select only the columns you need.

PHP:
<?php
$username = $_POST["username"];
$password = $_POST["password"];
[...]
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
This is vulnerable to SQL injection. The safest, easiest way of fixing this is to switch from the outdated mysql driver to PDO and make use of prepared statements. If you want a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO".


PHP:
    while ($row = mysql_fetch_assoc($query))
There should be at most one user with a given name, so there should be at most one row returned, so there's no need for a loop. To simplify this whole section, all you need to do is fetch a row from the query result without a loop. If you get FALSE, there were no matching rows; if you get a row, the username exists.

PHP:
    // check to see if they match!
    if ($username==$dbusername&&$password==$dbpassword);
You don't need to check that $username==$dbusername, since the SQL statement ensures this will always be true when that particular if statement is executed.

Don't store plain text passwords, which is very insecure. Store salted, hashed passwords.

PHP:
    echo "Wrong Password!";
Informing a visitor that the username is correct but the password is wrong may reveal too much information, as crackers must otherwise figure out both the username and password. On the other hand, username checkers are a common feature of registration forms, so if your site has this, you might as well have separate errors for an incorrect username and for a password.
 
Top