Can't find a 'syntax error' in my PHP code

Question

I'm writing a function to authenticate a user. I create a connection with a database, then prepare a query, bind the parameter, execute the query, bind the result to a variable,check if the query returned a result.

If it did I compare the result (bound to the variable), close the statement, close the connection, and then return the appropriate value. Well, that's what I think I am doing, but I keep getting a syntax error and I can't figure out what I am doing wrong:

Syntax error: expected: exit, if, identifier, variable, echo, do, while, for, foreach, declare, switch, break, continue, function, return, try, throw, use, global, unset, isset, empty, class, interface, array, {, }, include, include_once, eval, require, require_once, print, ';', +, -, !, ~, ++, --, @, [, new, static, abstract, final, (, $

My code:

/**
     * Authenticates a user. 
     * @param type $email - String value
     * @param type $hashedPassword - String value
     * @return true if user is authenticated or false otherwise - Boolean value
     */
    function isValidUser($email, $hashedPassword)
    {
        //This variable will hold the value returned from the query to the database.
        var $rPassword = NULL;

        //Establish a connection
        $mysqli = new mysqli($GLOBALS['dbServer'], $GLOBALS['dbUserName'], $GLOBALS['dbPassword'], $GLOBALS['dbName']);

        //Check if connection failed
        if($mysqli->connect_error)
        {
            die('Connect Error (' . $mysqli->connect_errno . ') ' 
                    . $mysqli->connect_error);
        }

        $stmt = $mysqli->prepare("SELECT password FROM user_info WHERE email=?");
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->bind_result($rPassword);
        if($stmt->fetch())
        {
            if(($rPassword != null) && ($rPassword == $hashedPassword))
            {
                $stmt->close();
                $mysqli->close();
                return true;
            } 
        }           
        $stmt->close();
        $mysqli->close();
        return false;           
    }

I was doing this without using prepared statements and the code worked fine, but then I did some research and found out that prepared statements is the way to go because they help prevent SQL injections.

well, it was the last return statement that was getting the error but I did what cryptic recommended and removed the var infront of var $rPassword = NULL; and the error went away. Next I will test it to see if it works. — PAujla03, Jan 27 '13 at 22:26
If removing he var removed he error don't forget to up vote the answers and choose an accepted on. — Peter Wooster, Jan 27 '13 at 22:29
Unfortunately, I can't up the vote yet since I am new member. But I will choose an an accepted answer once I test it works. Thanks. — PAujla03, Jan 27 '13 at 22:32
It got rid of he syntax error, that was your question. The code could have lots of other problems, but that's not relevant to ths question. SO is not a debugging service. — Peter Wooster, Jan 27 '13 at 22:38

score 3 · Accepted Answer · answered Jan 27 '13 at 22:17

3

var $rPassword = NULL;

should be:

$rPassword = NULL;

var is for initializing properties in classes. See documentation. If you are using a class you need to initialize it outside of the method (function) and then access the property through $this->rPassword.

answered Jan 27 '13 at 22:17

kittycat

14,983
9
55
80

Thanks that did get rid of the syntax error but is rest of logic correct? – PAujla03 Jan 27 '13 at 22:28
@PAujla03 did you re-test code to see if it authenticates? What you are asking is a completely different question than the original post which was about a syntax error. Test the code to see if it works now, and if it doesn't then we can go from there. Your method is correct just so you know. – kittycat Jan 27 '13 at 22:33
Just a minor clarification: class attributes don't _have_ to be initialised prior to use, though they will default to `public` if you don't declare them (and you don't want that). It is good practice to declare them, and you probably want to declare them as `protected`. – halfer Jan 27 '13 at 22:36
Gordon: haha thanks. @crypticツ I did retest it but it is not working. So I will have to re-evaluate my logic. As someone pointed out that my question has already been answered and that this is not a debugging service lol. So I'd like to thank you for getting rid of my syntax error. And I'll continue to work on it on my own. – PAujla03 Jan 27 '13 at 23:16
@PAujla03 if question was answered then please mark it as answered by choosing an answer by clicking the checkmark next to it. – kittycat Jan 27 '13 at 23:34
@crypticツ Thanks I did and I the problem was $mysqli = new mysqli($GLOBALS['dbServer'], $GLOBALS['dbUserName'], $GLOBALS['dbPassword'], $GLOBALS['dbName']); and I replaced it with $mysqli = new mysqli("127.0.0.1", "myUserName", "myPassword", "myDBname"); – PAujla03 Jan 28 '13 at 00:15

score 2 · Answer 2 · answered Jan 27 '13 at 22:25

The var keyword is deprecated from PHP 5.0 on...

It was for declaring class member variables in PHP4, and is no longer needed. It will work in PHP5, but will raise an E_STRICT warning in PHP from version 5.0.0 up to version 5.1.2, as of which it has been deprecated.

score 0 · Answer 3 · answered Jan 27 '13 at 22:19

you have tow mistakes

one do not reboot rPassword as NULL just make it like this $rPassword = 0; or make tow NULL and null the same NULL both with caps! second the rPassword not getting the resualt you neet to it like this you need to pass the right verbails look here

http://php.net/manual/en/mysqli-stmt.bind-result.php

 $stmt->bind_result($rPassword);
        if($stmt->fetch())
        {
            if(($rPassword == null) || ($rPassword != $hashedPassword))
            {
                $stmt->close();
                $mysqli->close();
                return false;
            } 
        }

Can't find a 'syntax error' in my PHP code

3 Answers3