Unexpected catch error in code [closed]

Question

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.

---

This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.

Closed 9 years ago.

Improve this question

I'm doing registration in PHP and I am stuck on an unexpected catch, can you help me please?

if (isset($_POST['nick']) && isset($_POST['heslo']) && 
    isset($_POST['email']) && isset($_POST['datnar']))
{
  try
    {
        $email = ($_POST['email']);
        $datnar = ($_POST['datnar']);        
        $nick = ($_POST['nick']);
        $heslo = md5($_POST['heslo']);
        $db->query("INSERT INTO tblosoba(`nick`, `heslo`, `email`, `datnar`) VALUES ($nick, '$heslo', $email, $datnar)");
        echo "Registrace dokončena.";
    catch( PDOException $Exception ) {
        echo "Uživatel existuje";
    }
}

Answer 1

You need to close the try block.

{
    try
    {
        $email = ($_POST['email']);
        $datnar = ($_POST['datnar']);
        $nick = ($_POST['nick']);
        $heslo = md5($_POST['heslo']);
        $db->query("INSERT INTO tblosoba(`nick`, `heslo`, `email`, `datnar`) VALUES ($nick, '$heslo', $email, $datnar)");
        echo "Registrace dokončena.";
    } //<-------------------------------------------- Here
    catch(PDOException $Exception ) {
        echo "Uživatel existuje";
    }
}

Warning : Your code is vulnerable to SQL Injection. You need to filter the $_POST values before passing it to your query.

Use Prepared Statements (Parametrized Queries) to ward off SQL Injection attacks as you are already using PDO.

Answer 2

Add a closing curly bracket (}) before the catch

Answer 3

Here is how to fix your code

if (isset($_POST['nick']) && isset($_POST['heslo']) && 
    isset($_POST['email']) && isset($_POST['datnar']))

{
    $sql = "INSERT INTO tblosoba(`nick`, `heslo`, `email`, `datnar`) VALUES (?,?,?,?)";
    $data = [$_POST['nick'],$_POST['heslo'],$_POST['email'],$_POST['datnar']];
    $db->prepare($sql)->execute($data);
    echo "Registrace dokončena.";
}

Note that you should not use try-catch here but should use prepared statement instead