parsing error

**Markus** · Jan 6 '10, 06:21 PM

In future please provide the error text when posting a problem.

Anyway, the reason is you've missed the dot-concatenation-operator in line 9 just before you pass in that first variable.

**punk86** · Jan 6 '10, 06:28 PM

ic... manage to solve it. Thanks alot...
But now i bump into another error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM stars WHERE username=''AND password = SHA1 ('')' at line 1"

I did some editing to my codes already.
So this is the latest

Code:

<?php
session_start ();
			$HOST = 'localhost';
			$USERNAME = 'root';
			$PASSWORD = '';
			$DB = 'c203';
			$username = $_POST['username'];
			$password = $_POST['password'];

		$link = mysqli_connect ($HOST,$USERNAME,$PASSWORD,$DB)or die(mysqli_connect_error());
		$sql = "SELECT id,username, FROM stars WHERE username='".$username."'AND password = SHA1 ('".$password."')";
		$result = mysqli_query($link,$sql) or die (mysqli_error($link));

		if (mysqli_num_rows($result) == 1) {
		$row = mysqli_fetch_array($result);
		$_SESSION['user_id'] = $row['id'];
		$_SESSION['username'] = $row['username'];
		$msg = '<p><i>You are logged in as '.$SESSION['username'].'<br/><a href="index.php">Home</p>';

}		else {
		$msg = '<p class ="error"> Sorry, you must enter a valid username and password to log in. <a href ="login.html">Back</a></p>';
}

?>

Really appreciate if you could guide me, cause i cant get the meaning of this.

**Atli** · Jan 6 '10, 07:33 PM

There is an extra comma in your column list.
[code=sql]
// This
SELECT id,username, FROM ...

// Should be
SELECT id, username FROM ...
[/code]

**punk86** · Jan 6 '10, 08:01 PM

Now the error msg is "FUNCTION c203.SHA1 does not exist".

My database is c203... and SHA1 is a correct function...

How come?

**Atli** · Jan 6 '10, 08:12 PM

Try removing the space between the function call and the parenthesis.
[code=sql]
SHA1 ('".$password." ') // BAD
SHA1('".$passwo rd."') // Good
[/code]
The space can cause problems under certain circumstances.

Also, I would recommend that you hash the data using PHP, rather than in your SQL query. MySQL can be set up to log raw queries, which would mean that those logs would contain the un-hashed passwords.

It's better to do something like this.
[code=php]
$password_hash = sha1($password) ;
$sql = "SELECT ... AND password = '{$password_has h}'";
[/code]

parsing error

parsing error

Comment

Comment

Comment

Comment

Comment