September 23rd, 2013, 02:15 AM
PHP Parse error: syntax error, unexpected end of file in /var/www/ET/password/changepassword.php on line 27
Can someone please tell me what I'm doing wrong in the following code to get the error above?
$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);
echo "Could not open/access DB";
$userPsswd1 = $_POST['psswd1'];
$userpsswd2 = $_POST['psswd2'];
$email = $_POST['email'];
if($userPsswd1 == $userPsswd2)
$db->exec("INSERT INTO users VALUES('$email', '$userPsswd1')");
echo "Your password has been reset.";
echo "Your passwords do not match.";
September 23rd, 2013, 02:47 AM
The closing brace on your inner else statement is not correct.
Recycle your old CD's, don't just trash them
If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
September 23rd, 2013, 07:23 AM
That's really his least problem.
You've been doing this since 2006, and you still don't understand that you need to protect your application? SQL injection vulnerabilities and plaintext passwords? C'mon, I've seen school kids do better than that.
No offense, but I think you've got a lot to learn. It might be a good idea to start with The 6 worst sins of security to get a basic understanding of web application security. Then rewrite your code. Consider using the PDO extension, which provides prepared statements for doing secure dynamic queries. Escaping variables "by hand" requires a good understanding of security risks and a lot of discipline, and you've already failed once.
Out of curiosity: Is there a reason why you run around with those "exotic" database approaches using SQLite and text files? Most applications today use PostgreSQL or MySQL. I'm not saying that you (or whoever is in charge) made a bad choice. I just wonder why that is.
September 23rd, 2013, 10:41 AM
SQLite is what I was told to use and the text file is how the data is being stored, not my choice.
Originally Posted by Jacques1
Comments on this post