View previous topic :: View next topic |
Author |
Message |
ZxC Just Arrived


Joined: 25 Sep 2004 Posts: 0

|
Posted: Wed May 18, 2005 11:50 pm Post subject: PHP Error |
|
|
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/zxc/public_html/makethread1.php on line 8
I keep getting this error, can anyone help me identify what it means?
|
|
Back to top |
|
 |
darkcreature Just Arrived

Joined: 07 Mar 2005 Posts: 0

|
Posted: Wed May 18, 2005 11:52 pm Post subject: |
|
|
You may have an extra semi colon
What you need to do is copy-paste your source code (or atleast that section, maybe 3-5 lines prior to that line, and 3-5 lines after aswell so we can analyze)
DC
|
|
Back to top |
|
 |
ZxC Just Arrived


Joined: 25 Sep 2004 Posts: 0

|
Posted: Wed May 18, 2005 11:57 pm Post subject: |
|
|
Code: |
if($_SESSION['username']) {
$dateposted = date("Y-m-d H:i:s");
$insertthread = "INSERT INTO threads (forum_id,name,title,content,date_posted) values ('$_POST['forum_id']','$_SESSION['username']','$_POST['threadtitle']','$_POST['content']','$dateposted')";
mysql_query($insertthread,$link);
echo('Thread added. Click <a href="board.php?forum_id="');
echo($_POST['forum_id']);
echo('">here</a> to continue.');
} else {
echo('Error: You are not logged in, or your session has timed out. Please log in.');
} |
|
|
Back to top |
|
 |
darkcreature Just Arrived

Joined: 07 Mar 2005 Posts: 0

|
Posted: Thu May 19, 2005 12:05 am Post subject: |
|
|
Is this the line that's giving you trouble?
Code: |
$insertthread = "INSERT INTO threads (forum_id,name,title,content,date_posted) values ('$_POST['forum_id']','$_SESSION['username']','$_POST['threadtitle']','$_POST['content']','$dateposted')"; |
|
|
Back to top |
|
 |
ZxC Just Arrived


Joined: 25 Sep 2004 Posts: 0

|
Posted: Thu May 19, 2005 12:07 am Post subject: |
|
|
Yes. >_<
|
|
Back to top |
|
 |
darkcreature Just Arrived

Joined: 07 Mar 2005 Posts: 0

|
Posted: Thu May 19, 2005 12:15 am Post subject: |
|
|
Try this line:
Code: |
$insertthread = 'INSERT INTO `threads` (`forum_id`,`name`,`title`,`content`,`date_posted`) values (\''.$_POST['forum_id'].'\',\''.$_SESSION['username'].'\',\''.$_POST['threadtitle'].'\',\''.$_POST['content'].'\',\''.$dateposted.'\')'; |
I feel I should suggest the checking to see if the gpc magic quotes thingy is on, and if not, protecting yourself from SQL injection. I think the problem is in using double quotes spanning over two lines, or using double quotes and using the GLOBAL arrays (GET, POST, SESSION, SERVER, etc..). Not sure, but whenever one of my employees codes something that way and it doesn't work that's what I do to correct.
Edit again: Did it work? lol
DC
|
|
Back to top |
|
 |
Rayxen Just Arrived

Joined: 05 Feb 2003 Posts: 1 Location: Australia

|
Posted: Thu May 19, 2005 3:05 pm Post subject: |
|
|
Or try this:
Code: |
$insertthread = "INSERT INTO threads (forum_id, name, title, content, date_posted) values ('".$_POST['forum_id']."',".'$_SESSION['username']."','".$_POST['threadtitle']."','".$_POST['content']."','".$dateposted."')"; |
That should work.
|
|
Back to top |
|
 |
ZxC Just Arrived


Joined: 25 Sep 2004 Posts: 0

|
Posted: Thu May 19, 2005 8:30 pm Post subject: |
|
|
I managed to fix it myself by converting the array variables to normal variables:
Code: |
$insertforum_id = $_POST['forum_id'];
$insertusername = $_SESSION['username'];
$inserttitle = $_POST['threadtitle'];
$insertcontent = $_POST['content'];
$dateposted = date("Y-m-d H:i:S"); |
Thanks a lot though
|
|
Back to top |
|
 |
darkcreature Just Arrived

Joined: 07 Mar 2005 Posts: 0

|
Posted: Thu May 19, 2005 10:14 pm Post subject: |
|
|
Cool
|
|
Back to top |
|
 |
Rayxen Just Arrived

Joined: 05 Feb 2003 Posts: 1 Location: Australia

|
Posted: Fri May 20, 2005 9:53 am Post subject: |
|
|
Yes, that will also work but isn't the most efficient way. You're using more memory than is necessary.
|
|
Back to top |
|
 |
UziMonkey SF Reviewer


Joined: 19 Dec 2003 Posts: 5

|
Posted: Fri May 20, 2005 7:24 pm Post subject: |
|
|
Rayxen wrote: |
Yes, that will also work but isn't the most efficient way. You're using more memory than is necessary. |
That's not really an issue. The memory and cycles used by the database query is going to dwarf your PHP code anyway. What is does do, however, is add code bloat. Doing something in 10 lines something you can reasonably do in 2 or 3 makes your code harder to read. To the OP, string concatenation or sprintf would be best. I use sprintf to explicitly sanitize my input, and make sure integers are really integers, etc.
Code: |
$query = sprintf( "SELECT * FROM %s WHERE field='%s'",
addslashes( $_POST['table'] ), addslashes( $_POST['value']) );
|
|
|
Back to top |
|
 |
Rayxen Just Arrived

Joined: 05 Feb 2003 Posts: 1 Location: Australia

|
Posted: Sat May 21, 2005 9:26 am Post subject: |
|
|
True but I'm not referring to that specific example but rather better code style in general. Coding by renaming variables is not a clever way to code and a very bad habbit to get into.
|
|
Back to top |
|
 |
|