Getting unexpected end of file error in PHP

Question

I'm learning PHP and I am currently trying to print the contents of a MYSQL table using PHP. I keep getting the following error.

Parse error: syntax error, unexpected end of file in C:\xampp\htdocs\login2.php on line 53

Line 53 is the </html> tag.

Here's my code:

    <html>
<head>
</head>
<body>


<?php

$userName = $_POST["userName"];
$password = $_POST["passwd"];
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];

$db_host = "localhost";
$db_username = "root";
$db_name = "labdb";

$con=@mysqli_connect("localhost","root","","labdb");

if(mysqli_connect_errno())
    {
    echo "Failed MySQL connect" . mysqli_connect_error();   
    }


$sql="INSERT INTO user (username, password, firstName, lastName)
VALUES
('$_POST[userName]','$_POST[passwd]','$_POST[firstName]','$_POST[lastName]')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

$query="SELECT * FROM user";

$result=mysql_query($query);

while($row = mysql_fetch_array($result)){
  echo $row['userID'] . " " .$row['username'] . " " . $row['password'] . " " . 
       $row['firstName'] . " " . $row['lastName'];
  echo "<BR/>";


mysqli_close($con);

?>

</body>
</html>

Can anybody help?

Answer 1

There are a whole bunch of mistakes in this code, beyond just the initial syntax error of a missing }.

1. You're defining a bunch of variables $userName, $db_host, etc, but then not using them later in your code.

2. Make sure your HTML code always begins with a doctype. Add <!DOCTYPE html> as the first line in your code, above the <html> tag.

3. The code for the INSERT query has several separate mistakes:

   » $_POST[passwd]: When using array keys, you must quote the key name. PHP will cope if you don't, but will throw warning messages, and there are cases where it could go wrong. If you're using an array key inside a string like this, you will also need to wrap it in braces to make it valid. The correct syntax looks like this:

   $stringVar = "..... `{$_POST["passwd"]}`....";
   

   » But don't use that syntax here, because there's more: you also should never ever use $_POST variables directly in a SQL query string and you must escape any variables you add to a query string. Failure to do so will result in your code being hacked.

   There's too much here to go into the detail required (I don't have time to write an entire tutorial), but please google for things like "SQL injection attacks" and how to avoid them. You could escape your strings using mysqli_real_escape_string(), or you could use "prepared statements". I recommend the latter, but as I said google it.

4. Another item with the passwords: You should never store a password as plain text in a database. Always use a good quality hashing algorithm to hide the password from hackers. This is also a very big topic, and too big for me to describe in detail here, but is vital for the security of your users.

5. Half way through the program you switch from using mysqli functions to mysql functions. Please note that these two sets of functions are not compatible with each other. You opened the DB using mysqli, which means that mysql_query will not see that, and will complain about the DB not being opened.

   Make sure you always use the same set of DB functions throughout your code. The mysql functions are obsolete, so I suggest sticking with mysqli throughout.

6. Your while loop does not have a closing } at the end of it.

   This is what is causing the actual error that PHP is complaining about, but if you just fix that you'll still have the other issues, and PHP may not actually complain about all of them; some of them will result in you code running okay, but being wrong.

[EDIT]
By the way, since you state that you're just learning PHP, please don't feel bad about most of these mistakes; they're all the kind of mistakes a beginner might be expected to make.

However, I do recommend making sure that you're using good quality tutorial sites to learn from. There are a lot of sites out there with PHP code examples, but a large percentage of them have poor quality examples and bad advice. Most of that is just because they're badly out of date.

Do your research on which sites to learn from. Here are a few pointers:

• If a site suggests using the mysql_xxx() functions, they're out of date. Up-to-date sites should talk about mysqli and PDO for DB access instead.
• If a site suggests saving a password without hasing it, then you should ignore everything they say. Security is important.
• If a site suggests hashing a password using the md5() function, then they're out of date. MD5 is obsolete. Look for sites recommending the new password_hash() and password_verify() functions.
• Look for sites that are respected in the PHP community and have been kept up to date. Try starting with http://www.phptherightway.com/, https://phpbestpractices.org/, http://www.phpdeveloper.org/
• If you use a book to learn from, the same applies: Make sure it's up-to-date. If it was published more than a few years ago it probably isn't.

Answer 2

Just close while loop with }.

Replace your while with
while($row = mysql_fetch_array($result)){
  echo $row['userID'] . " " .$row['username'] . " " . $row['password'] . " " . 
       $row['firstName'] . " " . $row['lastName'];
  echo "<BR/>";
}

Hope it will help you :)