Click here to Skip to main content
15,885,941 members
Search within:


How to fix this error:parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE) in C:\wamp64\www\luana\PHP\profile.php on line 34
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
hey I am doing this assignment in the wamp server but i came across this error. it is a syntx error but i am trying to see where the syntax error is i cant seem to find it at all

this is where the error originate, on this line in the code: 

$sql ="SELECT * FROM uname ='"$_SESSION['users']"'";


and this is what the error says: 
Parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE) in C:\wamp64\www\luana\php\profile.php on line 34


What I have tried:

trying looking for the error. have been going back and forth searching to see where the error is but cant find it
Posted
Updated 22-Sep-19 16:10pm
Add a Solution

2 solutions

Try
PHP
$sql ="SELECT * FROM uname ='".$_SESSION['users']."'";


Your code is vulnerable to SQL injection.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
 
Share this answer
 
Posted
Parse error: syntax error, unexpected ')' in C:\wamp\www\Admin\insert.php on line 4
 
Share this answer
 
Posted
Comments
Richard Deeming 23-Sep-19 10:33am    
If you want to ask a question, then ASK A QUESTION[^]. DO NOT post your question as a "solution" to someone else's question.

But be warned, you're going to have to provide a lot more than a random error message if you want anyone to be able to help you.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Parse error: syntax error, unexpected '' (T_ENCAPSED_and_WHITESPACE), expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\wamp64\www\...
Parse error: syntax error, unexpected '[' in C:\wamp\www\online-attendance-system-in-PHP-master\attendance-system-master\PHP\node_class.php on line $obj = $obj->fetch_assoc()['object'];
Parse error: syntax error, unexpected '$files' (T_VARIABLE), expecting '(' in C:\wamp64\www\johnsite\downloadfile\index.php on line 28
Syntax error, unexpected '$item_count' (T_VARIABLE)
Parse error: syntax error, unexpected '' (T_ENCAPSED_and_WHITESPACE), expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in
Parse error: syntax error, unexpected '' (T_ENCAPSED_and_WHITESPACE), expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)
Parse error: syntax error, unexpected '? ' tell me ans
( ! ) Parse error: syntax error, unexpected end of file in C:\wamp64\www\simulare_aeroport\PHP\adg.php on line 59
Error | parse error: syntax error, unexpected '$password' (T_VARIABLE), expecting identifier (T_STRING) in
What is wrong with the code? I got error (parse error: syntax error, unexpected end of file in C:\wamp64\www\trycrud\update.php on line 158)

Advertise
Privacy
Cookies
Terms of Use
Last Updated 22 Sep 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900