ERROR: *Parse error: syntax error, unexpected T_VARIABLE on line 9* <– still giving me same error..
PHP
<?php
#connect mysql
require_once "dbcred.php";
$dbh = testdb_connect ();
session_start();
$username = $_POST['regduser'];
$userpass = md5($_POST['regdpass']);
$sql = $pdo->prepare("SELECT * from Students WHERE regduser=:username and regdpass=:pass");
$sql->bindParam(':username', $username)
$sql->bindParam(':pass', $userpass)
$sql->execute();
$result = mysql_query($sql);
if (mysql_num_rows($result)!= 1) {
$error = "Login failed";
#include "loginform.php";
} else {
echo "<h1>exists</h1>";
#$_SESSION['regduser'] = "$username";
#$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// any other data needed to navigate the site or
// to authenticate the user can be added here
#include "membersection.php";
}
?>
dbcred.php
<?php
# pdo_testdb_connect.php - function for connecting to the "test" database
function testdb_connect ()
{
$dbh = new PDO("mysql:host=localhost;dbname=#", "root", "");
return ($dbh);
}
?>
HTML:
<form action="inc/check_regUsr.php" method="post" id="userLogon">
<div class="field required">
Username: <input type="text" name="regduser" tabindex="1" /><br />
</div>
<div class="field required">
Password: <input type="text" name="regdpass" tabindex="2" /><br />
</div>
<input type="submit" name="submitUser" />
</form>
Bobby-Tables PHP.
If you already use PDO, then use a parameterized query to take advantage of escaping.
Also, you are using single quotes in the query and to enclose the string. Use double quotes for the string and single quotes IN the query, because the way it is now, you are already terminating the string after the first single quote.