Click here to Skip to main content
15,068,929 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
hey I am doing this assignment in the wamp server but i came across this error. it is a syntx error but i am trying to see where the syntax error is i cant seem to find it at all

this is where the error originate, on this line in the code:

$sql ="SELECT * FROM uname ='"$_SESSION['users']"'";


and this is what the error says:
Parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE) in C:\wamp64\www\luana\php\profile.php on line 34


What I have tried:

trying looking for the error. have been going back and forth searching to see where the error is but cant find it
Posted
Updated 22-Sep-19 16:10pm

Parse error: syntax error, unexpected ')' in C:\wamp\www\Admin\insert.php on line 4
   
Comments
Richard Deeming 23-Sep-19 10:33am
   
If you want to ask a question, then ASK A QUESTION[^]. DO NOT post your question as a "solution" to someone else's question.

But be warned, you're going to have to provide a lot more than a random error message if you want anyone to be able to help you.
Try
PHP
$sql ="SELECT * FROM uname ='".$_SESSION['users']."'";


Your code is vulnerable to SQL injection.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900