T string

[fileupload]

I am following login tutorials on the internet and it comes up with this error code:
Parse error: syntax error, unexpected T_STRING in /home/file1234/public_html/do_login.php on line 35
and here is the code could you help me out:
<html>
<head>
<title>Login</title>
<body bgcolor="#009933">
</head>
<body>
<br><br>
<font color="white"><center><h1>FileFlame.Pcriot.Com</center></font></h1>
<br><br>
<DIV ALIGN=LEFT>
<FORM>
<INPUT TYPE="BUTTON" VALUE="Home" ONCLICK="window.location.href='index.php'">
<INPUT TYPE="BUTTON" VALUE="Register" ONCLICK="window.location.href='register.php'">
<INPUT TYPE="BUTTON" VALUE="Login" ONCLICK="window.location.href='login.php'">
<INPUT TYPE="BUTTON" VALUE="Search" ONCLICK="window.location.href='browse.php'">
<INPUT TYPE="BUTTON" VALUE="News" ONCLICK="window.location.href='news.php'">
</FORM>
<br><br>
<?php

$connection = mysql_connect(localhost, prefix_user, password);
$db = mysql_select_db(prefix_dbname, $connection);

$sql = "SELECT id FROM user
WHERE username='$_POST[username]'
AND PASSWORD='$_POST[password]'";

$result = mysql_query ($sql);
$num = mysql_num_rows($result);

if ($num > 0) (
//USER AND PASS ARE CORRECT
$id = mysql_fetch_assoc($result))

header("Location: main.php");
} else {
header ("Location: incorrect.php");
};

?>
Successful Login, click <INPUT TYPE="BUTTON" VALUE="here" ONCLICK="window.location.href='index.php'"> to go back home
<font color="#ffffff"><font size='+1'><strong><br><center>Copyright &copy; 2010-2014 FileRiver. All Rights Reserved.</font>
</body>
</html>

 

[Zubair]

Wrong Section

***Moved to Programming Help***

 

[vishal]

I think this is the error

if ($num > 0) (
//USER AND PASS ARE CORRECT
$id = mysql_fetch_assoc($result))

It should be " { "

Replace that part with this.

if ($num > 0) {
//USER AND PASS ARE CORRECT
$id = mysql_fetch_assoc($result);
header("Location: main.php");
}


 else {
header ("Location: incorrect.php");
}
?>

 

[includes]

looks this http://www.youtube.com/watch?v=4oSCuEtxRK8

 

[misson]

• When posting code, use the

  , [html] or [code] tags (as appropriate) to separate the code from the rest of the post and format it.
  [*]Mark which lines are referred to in error messages. Even if posting doesn't alter the line count, we shouldn't have to pour over the code to find the appropriate lines.
  [*]Your script is vulnerable to [url=http://unixwiz.net/techtips/sql-injection.html]SQL injection[/url] (see also "[URL=http://www.securiteam.com/securityreviews/5DP0N1P76E.html]SQL Injection Walkthrough[/URL]"). Instead of the outdated mysql driver, use [URL="http://www.kitebird.com/articles/php-pdo.html"]PDO[/URL] and [URL="http://www.php.net/pdo.prepared-statements"]prepared statements[/URL]. Search the web for more information.
  [*]Don't store plain passwords. Passwords should be [URL="http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html"]salted and hashed[/URL], giving each password its own salt.
  [*]Make sure you test for error conditions on any functions that might fail. With PDO, you can [URL="http://php.net/PDO.setAttribute"]set[/URL] the error mode to [FONT="Courier New"]PDO::ERRMODE_EXCEPTION[/FONT] and catch [URL="http://php.net/PDOException"][FONT="Courier New"]PDOException[/FONT][/URL]s. Make your [URL="http://msdn.microsoft.com/en-us/library/ms995351.aspx"]error messages useful but not too revealing[/URL].
  [*]Don't use [URL="http://stackoverflow.com/questions/321299/what-is-the-reason-not-to-use-select"]SELECT *[/URL].
  [*][URL="http://validator.w3.org/"]Validate[/URL] your HTML and fix the errors.
  [*]Don't use <font>, <center>, align=, bgcolor= or any other [URL="http://htmldog.com/guides/htmlintermediate/badtags/"]presentational element or attribute[/URL] (except potentially the [URL="http://css.dzone.com/news/why-inline-css-and-javascript-"]style attribute[/URL], and that only in very limited circumstances). Use CSS for presentation instead. Keep [URL="http://www.google.com/search?q=semantic+HTML"]HTML semantic[/URL].
  [*]All elements should be closed (except <meta>, <link> and <base> in HTML 4 docs). For example, use "<br/>", not "<br>". Actually, you shouldn't be using <br/> at all the way you are (see previous point).
  [*]Add a [URL="http://www.w3.org/QA/Tips/Doctype"]doctype[/URL] to your document.
  [*]Follow the instructions in my sig.
  [*]Lastly, but most importantly, file hosting breaks the [URL="http://x10hosting.com/tos.php"]terms of service[/URL]. It will get your site shut down [URL="http://x10hosting.com/forums/free-hosting/114005-free-hosting-faq-s-read-before-posting-new-thread.html#post649298"]permanently[/URL] (it's covered under "severe misuse of server resources"), with no chance to recover anything. Immediately download anything you don't want to lose, then remove the file hosting scripts.
  [/LIST]
  
  [quote="includes, post: 679362"]looks this [url]http://www.youtube.com/watch?v=4oSCuEtxRK8[/url][/QUOTE]
  That tutorial has some error checking, but otherwise is full of bad practices, including [FONT="Courier New"]SELECT *[/FONT], [URL="http://www.phpfreaks.com/blog/or-die-must-die"][FONT="Courier New"]or die[/FONT][/URL], [URL="http://msdn.microsoft.com/en-us/library/ms995351.aspx#securityerrormessages_topic2"]outputting [FONT="Courier New"]mysql_error[/FONT] to visitors[/URL], SQL injection vulnerabilities... In short, avoid.