I don't understand why this doesn't work? It's a register form checking if fields are filled in,password is equal to retype password, and if it doesn't already exist in database.
I get this error: Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/a4550840/public_html/newreg.php on line 32
But I already put a ';' at line 32 ... I don't understand why this error occurs.
Any help is appreciated :).
EDIT: Fixed that error ^ and added the mysql_real_escape_string , but it doesn't register the information to the database for some reason?
EDIT: It works now :), took away the quotations from the query
<?php
include ('connect.php');
if ($_POST['submit']) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$repassword = mysql_real_escape_string($_POST['repassword']);
$email = mysql_real_escape_string($_POST['email']);
if ($username && $password && $repassword && $email){
if ($password == $repassword) {
$check = mysql_query("SELECT * FROM members WHERE username='$username' ");
$countrows = mysql_num_rows($check);
if ($countrows == 0){
mysql_query("INSERT INTO members ('username','password','email') VALUES ('$username','$password','$email') ");
} else {
echo 'Username already exists';
}
} else {
echo 'Passwords don'\t match';
}
} else {
echo 'Fill in the fields';
}
} else {
echo 'Register please';
}
?>
You have a problem here:
echo 'Passwords don't match';
You need scape single quote as:
echo 'Passwords don\'t match';
or
echo "Passwords don't match";
NOTE: Your code is vulnerable to sql injection, you should use mysql_real_scape_string() before to pass yours parameters as sql query.
I suggest:
$username = mysql_real_scape_string($_POST['username']);
$password = mysql_real_scape_string($_POST['password']);
$repassword = mysql_real_scape_string($_POST['repassword']);
$email = mysql_real_scape_string($_POST['email']);
TIP: When your are testing (in dev environment) mysql querys, you should combine die(mysql_error()) at the end of line to check if you has a problem like as:
mysql_query('your sql') or die(mysql_error()).
If you have an error, this cause your app die an show the mysql error.
See this reference.
This error shows the earliest time it encounters a problem. The problem is on that line, or on a previous line. In this case you didn't escape a quote, so the parser found the rest of your string while it expected a , or ;. If you look at the colouring of your code, you'll see that more easily. The correct line would be
echo 'Passwords don\'t match';