Unexpected elseif in simple form validation

0
votes

I just made a signup form and I encountered a problem when I added the final validations (the MySQL ones).

This is the error that I get: Parse error: syntax error, unexpected 'elseif' (T_ELSEIF) in C:\xampp\htdocs\Signup\includes\signup.php on line 72

Row 72 has been marked to help you figure it out.

else
        {
            require_once("db_connect.php");

            // Email validation
            $query_email="SELECT email FROM users WHERE email='$email'";
            $result_email=mysql_query($query_email) or die (mysql_error());
            if (mysql_num_rows($result_email)>0)
            {
                echo "You already have an account registered on this email.";
            }

            // Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            elseif (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

            // Add new user to database
            else
            {
                $query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
                mysql_query($query) or die (mysql_error());
                echo "User created!";
            }

        }

If I comment everything between // Username validation and // Add new user to database everything works OK (except for the fact that I don't have a username validation).

In case you wonder what $username is:

$username = mysql_real_escape_string($_POST['username']);

I've read some of the questions on SO about unexpected elseif but I just don't get it in my case. The brackets seem alright and elseif is supplied with a condition. Please let me know before downrating so I can edit my question. Thanks!

1
phpif-statement
you can't have code in between your if statement and your elseif statement - XaxD
$query_username="SELECT username FROM users WHERE username='$username'"; $result_username=mysql_query($query_username) or die (mysql_error()); these 2 lines need to be moved - XaxD
PSA: The mysql_* functions are deprecated in PHP 5.5. It is not recommended for writing new code as it will prevent you from upgrading in the future. Instead, use either MySQLi or PDO and be a better PHP Developer. - Jason McCreary
Yeah, I know that I should use MySQLi. I'm doing this just for practice, I'll jump to it if I ever use this form on the web. Thank you very much for the "be a better PHP developer link". I had a look and it's really informative. - SporeDev

1 Answers

1
votes

change this:

// Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            elseif (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

to this:

// Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            if (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

It is unexpected because else if is an else conditional to an initial if conditional, sequentially joined by the curly braces in standard format. Your example code here has no initial if conditional.

Your last else statement will need some other kind of check to determine if insert is necessary.

Here is an alternative:

// Email validation
            $query_email="SELECT * FROM users WHERE email='$email' OR username='$username'";
            $result_email=mysql_query($query_email) or die (mysql_error());
            if (mysql_num_rows($result_email)>0)
            {
                echo "There is already an account registered on this email or that username is already taken.";
            }
            else
            {
                // Add new user to database
                $query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
                mysql_query($query) or die (mysql_error());
                echo "User created!";
            }

Also, please note that you need to sanitize this input. I don't know what you're currently doing to ensure $username or $email are not hijack attempts. In addition, mysql_ functions are deprecated. Switch to PDO or mysqli and use prepared statements to sanitize input.