Hello, I'm newbie programmer and I need your helpful to resolve one problem in my programmation... I have doing script for user registration and it's completed, but when I upload to host and I try to register user, appear this syntax error: Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/u7/underhabbo/html/index/registrar.php on line 26 the code is: line 26: if(trim($HTTP_POST_VARS["nick"]) != "") line 27: { line 28: $sql = "SELECT id FROM usuarios WHERE nick='".quitar ($HTTP_POST_VARS["nick"])."'"; line 29: $result = mysql_query($sql); line 30: if($row = mysql_fetch_array($result)) line 31: { Please help me to get cool job!
Can you post some lines above this snippet? Seems like the error has occurred before, but PHP doesn't take notice of it until this point.
Code complete: <?php include('db.php'); function quitar($mensaje) { $mensaje = str_replace("<","<",$mensaje); $mensaje = str_replace(">",">",$mensaje); $mensaje = str_replace("'","'",$mensaje); $mensaje = str_replace("\\","\",$mensaje); return $mensaje; } if(trim($HTTP_POST_VARS["nick"]) != "") { $sql = "SELECT id FROM usuarios WHERE nick='".quitar($HTTP_POST_VARS["nick"])."'"; $result = mysql_query($sql); if($row = mysql_fetch_array($result)) { echo "<b>Error!</b> This Nick already exist, choose another!<br><br><a href=javascript:history.back();><i>« Volver Atrás</i></a>"; } else { $sql = "INSERT INTO usuarios (nick,password) VALUES ("; $sql .= "'".quitar($HTTP_POST_VARS["nick"])."'"; $sql .= ",'".quitar($HTTP_POST_VARS["password"])."'"; $sql .= ")"; mysql_query($sql); echo ' Your account has been registered!'; } mysql_free_result($result); } else { echo "<b>Error!</b> Comkplete all"; } mysql_close(); ?> PHP:
Is it just me, or is this the most pointless function ever? According to the rest of the function, there's missing a backslash. But whether you add it or leave it out, it's still pointless. Don't use this function as it does nothing. Use this instead to make it database safe. function quitar($mensaje) { if (get_magic_quotes_gpc()) { $mensaje = stripslashes($mensaje); } $mensaje = htmlspecialchars(trim($mensaje)); return mysql_real_escape_string($mensaje); } PHP:
I don't use MSN, but even if, I would rather not be added for help anyway. You can ask all your questions in this forum, and me and a lot of others will be glad to help.
I have another problem, when I login with one user, appear error below: Warning: Cannot modify header information - headers already sent by (output started at /home/u7/underhabbo/html/index/index.php:12) in /home/u7/underhabbo/html/index/login.php on line 14 Warning: Cannot modify header information - headers already sent by (output started at /home/u7/underhabbo/html/index/index.php:12) in /home/u7/underhabbo/html/index/login.php on line 15 And login.php code is: <?php include('db.php'); $loginCorrecto = false; $idUsuarioL; $nickUsuarioL; if(isset($HTTP_COOKIE_VARS["usNick"]) && isset($HTTP_COOKIE_VARS["usPass"])) { $result = mysql_query("SELECT * FROM usuarios WHERE nick='".$HTTP_COOKIE_VARS["usNick"]."' AND password='".$HTTP_COOKIE_VARS["usPass"]."'"); if($row = mysql_fetch_array($result)) { setcookie("usNick",$HTTP_COOKIE_VARS["usNick"],time()+7776000); setcookie("usPass",$HTTP_COOKIE_VARS["usPass"],time()+7776000); $loginCorrecto = true; $idUsuarioL = $row["id"]; $nickUsuarioL = $row["nick"]; $emailUsuarioL = $row["email"]; $nombreUsuarioL = $row["nombre"]; } else { //Destruimos las cookies. setcookie("usNick","x",time()-3600); setcookie("usPass","x",time()-3600); } mysql_free_result($result); } ?> PHP: I wait for your help as soon as possible, thanks.
This script is trying to send headers to the browser after output has been sent already. Is this script included in another page? Maybe called index.php? No HTML or white spaces can be sent to the browser before you want to send headers. So try to remove all white spaces, and move the include up to the top, before the output is sent. And on another note, this script is really not secure. You would use your "quitar" function on the user defined variables in the query strings.