• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

PHP Error

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
ZxC
Just Arrived
Just Arrived


Joined: 25 Sep 2004
Posts: 0


Offline

PostPosted: Wed May 18, 2005 11:50 pm    Post subject: PHP Error Reply with quote

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/zxc/public_html/makethread1.php on line 8

I keep getting this error, can anyone help me identify what it means?
Back to top
View user's profile Send private message
darkcreature
Just Arrived
Just Arrived


Joined: 07 Mar 2005
Posts: 0


Offline

PostPosted: Wed May 18, 2005 11:52 pm    Post subject: Reply with quote

You may have an extra semi colon

What you need to do is copy-paste your source code (or atleast that section, maybe 3-5 lines prior to that line, and 3-5 lines after aswell so we can analyze)

Smile

DC
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
ZxC
Just Arrived
Just Arrived


Joined: 25 Sep 2004
Posts: 0


Offline

PostPosted: Wed May 18, 2005 11:57 pm    Post subject: Reply with quote

Code:
if($_SESSION['username']) {

   $dateposted = date("Y-m-d H:i:s");
   $insertthread = "INSERT INTO threads (forum_id,name,title,content,date_posted) values ('$_POST['forum_id']','$_SESSION['username']','$_POST['threadtitle']','$_POST['content']','$dateposted')";
   
   mysql_query($insertthread,$link);
   
   echo('Thread added. Click <a href="board.php?forum_id="');
   echo($_POST['forum_id']);
   echo('">here</a> to continue.');
   
} else {

   echo('Error: You are not logged in, or your session has timed out. Please log in.');

}
Back to top
View user's profile Send private message
darkcreature
Just Arrived
Just Arrived


Joined: 07 Mar 2005
Posts: 0


Offline

PostPosted: Thu May 19, 2005 12:05 am    Post subject: Reply with quote

Is this the line that's giving you trouble?
Code:
$insertthread = "INSERT INTO threads (forum_id,name,title,content,date_posted) values ('$_POST['forum_id']','$_SESSION['username']','$_POST['threadtitle']','$_POST['content']','$dateposted')";
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
ZxC
Just Arrived
Just Arrived


Joined: 25 Sep 2004
Posts: 0


Offline

PostPosted: Thu May 19, 2005 12:07 am    Post subject: Reply with quote

Yes. >_<
Back to top
View user's profile Send private message
darkcreature
Just Arrived
Just Arrived


Joined: 07 Mar 2005
Posts: 0


Offline

PostPosted: Thu May 19, 2005 12:15 am    Post subject: Reply with quote

Try this line:
Code:
$insertthread = 'INSERT INTO `threads` (`forum_id`,`name`,`title`,`content`,`date_posted`) values (\''.$_POST['forum_id'].'\',\''.$_SESSION['username'].'\',\''.$_POST['threadtitle'].'\',\''.$_POST['content'].'\',\''.$dateposted.'\')';


I feel I should suggest the checking to see if the gpc magic quotes thingy is on, and if not, protecting yourself from SQL injection. I think the problem is in using double quotes spanning over two lines, or using double quotes and using the GLOBAL arrays (GET, POST, SESSION, SERVER, etc..). Not sure, but whenever one of my employees codes something that way and it doesn't work that's what I do to correct.

Edit again: Did it work? lol

DC
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
Rayxen
Just Arrived
Just Arrived


Joined: 05 Feb 2003
Posts: 1
Location: Australia

Offline

PostPosted: Thu May 19, 2005 3:05 pm    Post subject: Reply with quote

Or try this:

Code:
$insertthread = "INSERT INTO threads (forum_id, name, title, content, date_posted) values ('".$_POST['forum_id']."',".'$_SESSION['username']."','".$_POST['threadtitle']."','".$_POST['content']."','".$dateposted."')";

That should work.
Back to top
View user's profile Send private message
ZxC
Just Arrived
Just Arrived


Joined: 25 Sep 2004
Posts: 0


Offline

PostPosted: Thu May 19, 2005 8:30 pm    Post subject: Reply with quote

I managed to fix it myself by converting the array variables to normal variables:

Code:
$insertforum_id = $_POST['forum_id'];

   $insertusername = $_SESSION['username'];

   $inserttitle = $_POST['threadtitle'];

   $insertcontent = $_POST['content'];

   $dateposted = date("Y-m-d H:i:S");


Thanks a lot though Smile
Back to top
View user's profile Send private message
darkcreature
Just Arrived
Just Arrived


Joined: 07 Mar 2005
Posts: 0


Offline

PostPosted: Thu May 19, 2005 10:14 pm    Post subject: Reply with quote

Cool
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
Rayxen
Just Arrived
Just Arrived


Joined: 05 Feb 2003
Posts: 1
Location: Australia

Offline

PostPosted: Fri May 20, 2005 9:53 am    Post subject: Reply with quote

Yes, that will also work but isn't the most efficient way. You're using more memory than is necessary.
Back to top
View user's profile Send private message
UziMonkey
SF Reviewer
SF Reviewer


Joined: 19 Dec 2003
Posts: 5


Offline

PostPosted: Fri May 20, 2005 7:24 pm    Post subject: Reply with quote

Rayxen wrote:
Yes, that will also work but isn't the most efficient way. You're using more memory than is necessary.


That's not really an issue. The memory and cycles used by the database query is going to dwarf your PHP code anyway. What is does do, however, is add code bloat. Doing something in 10 lines something you can reasonably do in 2 or 3 makes your code harder to read. To the OP, string concatenation or sprintf would be best. I use sprintf to explicitly sanitize my input, and make sure integers are really integers, etc.

Code:

$query = sprintf( "SELECT * FROM %s WHERE field='%s'",
    addslashes( $_POST['table'] ), addslashes( $_POST['value']) );
Back to top
View user's profile Send private message Visit poster's website
Rayxen
Just Arrived
Just Arrived


Joined: 05 Feb 2003
Posts: 1
Location: Australia

Offline

PostPosted: Sat May 21, 2005 9:26 am    Post subject: Reply with quote

True but I'm not referring to that specific example but rather better code style in general. Coding by renaming variables is not a clever way to code and a very bad habbit to get into.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register