Solved

Problem to echo

Posted on 2016-09-28
6
115 Views
Last Modified: 2016-09-29
Hi,
I get
Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 14

due to
echo "'$username'"

Open in new window


what to adjust?
0
Comment
Question by:HuaMinChen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Terry Woods earned 500 total points
ID: 41821072
It just needs a semicolon on the end:
echo "'$username'";

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821108
Many thanks.
Sorry, I see there are correct values inside $username and $passwd but it does get into 'else' part below. What can be the reason?
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
    ...      

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

  // check if username is unique

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 500 total points
ID: 41821115
Have the values for username and password been sanitised by code not visible above? If not, then you're vulnerable to SQL injection attack (highly dangerous), and it also would break the login if a user puts a single quote in their username or password, and get into the "else" section you're asking about.

A minor side point: Why is the query labelled as checking "if username is unique" getting the top 10000 records? Surely 2 would be enough to indicate that... besides, despite the comment, it just seems to be checking if one user exists with the given credentials.
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821121
Please leave the comments in above (which is confusing).
There is a record matching to values of $username and $passwd but I do not know why it does get into 'else' part in above.
0
 
LVL 9

Expert Comment

by:Brian Tao
ID: 41821197
Is your password stored in the DB as plain text?  
If yes, it must be something else (but it's extremely dangerous) and we need to see other part of your code.  
If not, your sql won't return any row, and the result of login() will be 0 (or false).
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821205
Thanks for accepting my answer. Not sure why you dropped the grade to a B on the solution though...
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question