Thread: Unexpected eof

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    58
    Rep Power
    9

    Unexpected eof


    PHP Parse error: syntax error, unexpected end of file in /var/www/ET/password/changepassword.php on line 27

    Can someone please tell me what I'm doing wrong in the following code to get the error above?

    PHP Code:
    <?php

    $db 
    = new SQLite3('./users.db'SQLITE3_OPEN_READWRITE);

    if(!
    $db)
    {
            echo 
    "Could not open/access DB";
    }
    else
    {
        
    $userPsswd1 $_POST['psswd1'];
        
    $userpsswd2 $_POST['psswd2'];
        
    $email $_POST['email'];

        if(
    $userPsswd1 == $userPsswd2)
        {
            
    $db->exec("INSERT INTO users VALUES('$email', '$userPsswd1')");
            echo 
    "Your password has been reset.";
        }
        else
        {
            echo 
    "Your passwords do not match.";
        {
    }

    ?>
  2. #2
  3. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,959
    Rep Power
    4035
    The closing brace on your inner else statement is not correct.
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    That's really his least problem.

    You've been doing this since 2006, and you still don't understand that you need to protect your application? SQL injection vulnerabilities and plaintext passwords? C'mon, I've seen school kids do better than that.

    No offense, but I think you've got a lot to learn. It might be a good idea to start with The 6 worst sins of security to get a basic understanding of web application security. Then rewrite your code. Consider using the PDO extension, which provides prepared statements for doing secure dynamic queries. Escaping variables "by hand" requires a good understanding of security risks and a lot of discipline, and you've already failed once.

    Out of curiosity: Is there a reason why you run around with those "exotic" database approaches using SQLite and text files? Most applications today use PostgreSQL or MySQL. I'm not saying that you (or whoever is in charge) made a bad choice. I just wonder why that is.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    58
    Rep Power
    9

    slqite


    SQLite is what I was told to use and the text file is how the data is being stored, not my choice.

    Problem solved.

    Originally Posted by Jacques1
    That's really his least problem.

    You've been doing this since 2006, and you still don't understand that you need to protect your application? SQL injection vulnerabilities and plaintext passwords? C'mon, I've seen school kids do better than that.

    No offense, but I think you've got a lot to learn. It might be a good idea to start with The 6 worst sins of security to get a basic understanding of web application security. Then rewrite your code. Consider using the PDO extension, which provides prepared statements for doing secure dynamic queries. Escaping variables "by hand" requires a good understanding of security risks and a lot of discipline, and you've already failed once.

    Out of curiosity: Is there a reason why you run around with those "exotic" database approaches using SQLite and text files? Most applications today use PostgreSQL or MySQL. I'm not saying that you (or whoever is in charge) made a bad choice. I just wonder why that is.

    Comments on this post

    • Jacques1 disagrees : "Problem solved"? Says who? Or have you "been told" that as well?

IMN logo majestic logo threadwatch logo seochat tools logo