Can anyone spot the error here on line 47

Question

1.00/5 (1 vote)

See more:

I am doing an update and i keep hitting a snag on line 47 in my update script, there is an error there but cannot spot it, been looking for it whole day

maybe a third eye will see what i cannot, any help will be much appreciated.

What I have tried:

PHP

<pre><?php		
		
		
		if(isset($_POST['edit']))
		{
		//Capture values from form and store in php variables
		 $title=$_POST['title'];
		 $fname=$_POST['fname'];
		 $address=$_POST['address']; 
		 $sex=$_POST['gender'];
		 $hobbies=join(" ,", $_POST['hobby']);
		 $uname=$_POST['uname'];
		 $pword=$_POST['currentpword'];
		 
		 include'db_config.php';
		 
		 
		$sql = "SELECT uname,pword FROM member WHERE uname='$uname' AND pword=md5('$pword')";
		
		if($result=mysqli_query($con,$sql))
		{
			$rowcount=mysqli_num_rows($result);
		
			if($rowcount==1)
			{
				$sql="UPDATE member 
				SET title='$title', name='$fname', address='$address', sex='$sex', hobby='$hobby', uname='$uname',
				WHERE pword=md5('$pword')";
			
				if(mysqli_query($con,$sql))
				{
					mysqli_close($con);
					
					echo "<script type=\"text/javascript\">
						  alert('your information has been updated $title $name');
						  window.location\view.php\";
						  </script>";
				}
				
				else
				{
					echo"<script type\"text/javascript\">
						alert('error');
						window.location/edit.php\";
						</script>";
				}
				else<--- the arrow point to where the error is. 
				{
					echo mysqli_error($con);
				}
			}
			
		}
		
		
		
?>

Posted 21-Apr-19 11:38am

divinity02

Updated 21-Apr-19 12:11pm

v2

Add a Solution

Comments

Bryian Tan 21-Apr-19 18:39pm

Can't have two consecutive else statement, that not a correct syntax.
What is the error here that I am not seeing?[^]

2 solutions

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Peter_in_2780 · Answer 1 · 2019-04-21T11:50:00

Solution 1

You've got

if ()
 ...
else
 ...
else  <<<<<<<<<<<<
 ...

I'm guessing you should have

if ()
 ...
elseif () 
 ...
else
 ...

Posted 21-Apr-19 11:50am

Peter_in_2780

Patrice T · Answer 2 · 2019-04-21T12:11:00

Quote:
Can anyone spot the error here on line 47

You have already asked this question and got an answer.

PHP

if ... else ... else ...

does not exist.

PHP

$sql="UPDATE member SET title='$title', name='$fname', address='$address', sex='$sex', hobby='$hobby', uname='$uname', WHERE pword=md5('$pword')";

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]

Can anyone spot the error here on line 47

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Can anyone spot the error here on line 47

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Existing Members

...or Join us