'unexpected T_VARIABLE'

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
D.M.N.
Forum Newbie
Posts: 11
Joined: Wed Jan 27, 2010 12:43 pm

'unexpected T_VARIABLE'

Post by D.M.N. »

I'm trying to get data from a form, and insert it to a database, but I'm getting the above error:

Parse error: syntax error, unexpected T_VARIABLE in /home/a4369339/public_html/processing.php on line 12

Here is the relevant code:

Code: Select all

<?php
    $con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
 
    mysql_select_db("a4369339_btech", $con);
 
    $sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
    VALUES
    ('$_POST[fname]','$_POST[sname]','$_POST

Code: Select all

','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');';
 
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
 
    echo "1 record added";
 
    mysql_close($con)
?>
I'm using MySQL version 5.1 if that helps?
Last edited by D.M.N. on Fri Jan 29, 2010 12:57 pm, edited 1 time in total.
prizelocker.co.cc
Forum Newbie
Posts: 4
Joined: Fri Jan 29, 2010 12:39 pm

Re: 'unexpected T_VARIABLE'

Post by prizelocker.co.cc »

I think you have one extra semi colon
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: 'unexpected T_VARIABLE'

Post by AbraCadaver »

No. First get an editor that does syntax highlighting. This will show syntax problems. Second, read here: http://www.php.net/manual/en/language.types.string.php
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
prizelocker.co.cc
Forum Newbie
Posts: 4
Joined: Fri Jan 29, 2010 12:39 pm

Re: 'unexpected T_VARIABLE'

Post by prizelocker.co.cc »

Sorry for the last post your script should be like this:
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("a4369339_btech", $con);

$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
('$_POST[fname]','$_POST[sname]','$_POST

Code: Select all

','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');':
 
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
 
    echo "1 record added";
 
    mysql_close($con)
?>
D.M.N.
Forum Newbie
Posts: 11
Joined: Wed Jan 27, 2010 12:43 pm

Re: 'unexpected T_VARIABLE'

Post by D.M.N. »

prizelocker.co.cc wrote:Sorry for the last post your script should be like this:
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("a4369339_btech", $con);

$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
('$_POST[fname]','$_POST[sname]','$_POST

Code: Select all

','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');':
 
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
 
    echo "1 record added";
 
    mysql_close($con)
?>[/quote]

I tried this, but still get a 'unexpected T_VARIABLE' error on the same line (the line with numerous $_POST functions). Is it something to do with the MySQL version that I'm using? (5.1)

I'll look on the link that AbraCadaver provided.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: 'unexpected T_VARIABLE'

Post by AbraCadaver »

It has to do only with your understanding of the link that I posted.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: 'unexpected T_VARIABLE'

Post by infolock »

Sigh, I dunno why no one wants to just answer this guy's question.


This code will work. A reason will be below this:

Code: Select all

 
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
  die('Could not connect: ' . mysql_error());
}
 
mysql_select_db("a4369339_btech", $con);
 
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES (' . $_POST['fname'] . ',' . $_POST['sname'] . ',' . $_POST['code'] . ',' . $_POST['uname'] . ',' . $_POST['upassword'] . ',' . $_POST['grade'] . ',' . $_POST['tgrade'] . ')';
 
if (!mysql_query($sql,$con)) {
  die('Error: ' . mysql_error());
}
 
echo "1 record added";
 
mysql_close($con)
?>
 
Reasons why it failed:
1) The T_ERROR is used to describe a token error PHP found while parsing your script. It's usually due to an invalid use of quotes, or in your case, a double semicolon...

2) You cannot start a string with a single quote (') and then put a PHP variable inside of it. So when you started your string as $sql = ', right away you gave up your rights to do something like $sql = '$hi, because PHP will not see it. If you were to have started your string with double quotes ("), then you can use regular variables. But even in this case, it may not work as you're calling for an array value which would need to be surrounded by curly braces in a double quote string (ie: $sql = "{$POST['my_key']} ) . However, both methods you can stop the string, append a variable, and then begin the string again by doing something like $sql = "SELECT " . $_POST['my_key'] . " FROM....

Since you were using single quotes, i chose to just append it with single quotes. IE: $sql = 'SELECT ' . $_POST['my_key'] . ' FROM.....

3) When you're going to call an array key, please get in the habit of surrounding your keys with either a single or double quote. PHP will execute without them, but will produce notices about them. Plus, it's kinda an ugly method to use for coding for other reasons, but that's out of this scope.


I hope this helps.
D.M.N.
Forum Newbie
Posts: 11
Joined: Wed Jan 27, 2010 12:43 pm

Re: 'unexpected T_VARIABLE'

Post by D.M.N. »

Right I've managed to get rid of the error. However, in my database, instead of seeing the details I enter, I see $_POST[`fname`] in Forname and so on and so forth which definitely shouldn't be happening. Here is my current code:

Code: Select all

<html>
<body bgcolor="#752A29">
<center>
<img src = "banner.png">
 
<link REL="stylesheet" TYPE="text/css" href="h1.css">
<text>
 
<h1></h1>
 
<table bgcolor="#752A29">
    <form method = "post" action = "processing.php">
         
        <tr>
            <h1>Admin page for creating users and passwords.</h1>
        </tr>
        
        <tr>
            <td><h2>Student ID:</h2></td>
            <td><input name = "Student ID" type = "integer" id = "studentid" /></td>
        </tr>
 
        <tr>
            <td><h2>Forename:</h2></td>
            <td><input name = "Forename" type = "text" id = "fname" /></td>
        </tr>
        
        <tr>
            <td><h2>Surname:</h2></td>
            <td><input name = "Surname" type = "text" id = "sname" /></td>
        </tr>
        
        <tr>
            <td><h2>Class Code:</h2></td>
            <td><input name = "Class Code" type = "text" id = "code" /></td>
        </tr>
        
        <tr>
            <td><h2>Username:</h2></td>
            <td><input name = "Username" type = "text" id = "uname" /></td>
        </tr>
        
        <tr>
            <td><h2>Password:</h2></td>
            <td><input name = "Password" type = "password" id = "upassword" /></td>
        </tr>
        
        <tr>
            <td><h2>Grade:</h2></td>
            <td><select name = 'Grade' id = "grade" />
            <option value = 'Fail' />Fail</option>
            <option value = 'Pass' />Pass</option>
            <option value = 'Merit' />Merit</option>
            <option value = 'Distinction' />Distinction</option>
            <option value = 'Distinction_star' />Distinction *</option>
            </select></td>
        </tr>
        
        <tr>
            <td><h2>Target Grade:</h2></td>
            <td><select name = 'Target Grade' id = "tgrade" />
            <option value = 'Fail' />Fail</option>
            <option value = 'Pass' />Pass</option>
            <option value = 'Merit' />Merit</option>
            <option value = 'Distinction' />Distinction</option>
            <option value = 'Distinction_star' />Distinction *</option>
            </select></td>
        </tr>
        
        <tr>
            <td>&nbsp;</td>
            <td align="right"><input type = "submit" name = "Submit" value = Done /></td>
        </tr>
        <?php
        // user enters username and password 
        ?>
    </form>
 
</text>
</center>
</body>
</html>

Code: Select all

<?php
    $con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
 
    if (!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
 
    mysql_select_db("a4369339_btech", $con);
 
    $sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
    VALUES
    ("$POST_[`studentid`]","$_POST[`fname`]","$_POST[`sname`]","$_POST[`code`]","$_POST[`uname`]","$_POST[`upassword`]","$_POST[`grade`]","$_POST[`tgrade`]");';
 
    if (!mysql_query($sql,$con))
        {
        die('Error: ' . mysql_error());
        }
 
    echo "1 record added";
 
    mysql_close($con)
?>
D.M.N.
Forum Newbie
Posts: 11
Joined: Wed Jan 27, 2010 12:43 pm

Re: 'unexpected T_VARIABLE'

Post by D.M.N. »

infolock wrote:Sigh, I dunno why no one wants to just answer this guy's question.


This code will work. A reason will be below this:

Code: Select all

 
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
  die('Could not connect: ' . mysql_error());
}
 
mysql_select_db("a4369339_btech", $con);
 
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES (' . $_POST['fname'] . ',' . $_POST['sname'] . ',' . $_POST['code'] . ',' . $_POST['uname'] . ',' . $_POST['upassword'] . ',' . $_POST['grade'] . ',' . $_POST['tgrade'] . ')';
 
if (!mysql_query($sql,$con)) {
  die('Error: ' . mysql_error());
}
 
echo "1 record added";
 
mysql_close($con)
?>
 
Reasons why it failed:
1) The T_ERROR is used to describe a token error PHP found while parsing your script. It's usually due to an invalid use of quotes, or in your case, a double semicolon...

2) You cannot start a string with a single quote (') and then put a PHP variable inside of it. So when you started your string as $sql = ', right away you gave up your rights to do something like $sql = '$hi, because PHP will not see it. If you were to have started your string with double quotes ("), then you can use regular variables. But even in this case, it may not work as you're calling for an array value which would need to be surrounded by curly braces in a double quote string (ie: $sql = "{$POST['my_key']} ) . However, both methods you can stop the string, append a variable, and then begin the string again by doing something like $sql = "SELECT " . $_POST['my_key'] . " FROM....

Since you were using single quotes, i chose to just append it with single quotes. IE: $sql = 'SELECT ' . $_POST['my_key'] . ' FROM.....

3) When you're going to call an array key, please get in the habit of surrounding your keys with either a single or double quote. PHP will execute without them, but will produce notices about them. Plus, it's kinda an ugly method to use for coding for other reasons, but that's out of this scope.


I hope this helps.
Thanks for you're help, but the code you posted didn't work. Sorry.... :

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,,,,)' at line 2
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: 'unexpected T_VARIABLE'

Post by AbraCadaver »

infolock wrote:Sigh, I dunno why no one wants to just answer this guy's question.
Because people need to learn and also learn where to go to research how things work instead of just typing stuff into their script and assuming it should work and then posting questions when it doesn't.

D.M.N

The reasons infolock's code doesn't work are:

1. He didn't quote the text fields in the query.
2. There are more fields listed than there are values. Remove the id, this is most likely auto increment.

In addition, you never insert user supplied data into a query. Use mysql_real_escape_string(). Check this: http://us.php.net/manual/en/security.da ... ection.php
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: 'unexpected T_VARIABLE'

Post by infolock »

Abra,
I agree, people need to research.. but the fact is everyone starts somewhere. Unless they know what they're looking for, it isn't all that apparent exactly what they should search for. Not to mention, while google is easy to use, what may be common sense to you may not be common sense to a novice. The way to show them the way, is to give them the understanding and then explain how you found your answers. Not just say "read this link, or die".

My code has errors yeah. I didn't exactly check it. My apologizes. Here is the fixed code:

Code: Select all

 
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
  die('Could not connect: ' . mysql_error());
}
 
mysql_select_db("a4369339_btech", $con);
 
$sql = "INSERT INTO `a4369339_btech`.`user_data` (`Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`) 
        VALUES ('" . $_POST['fname'] . "','" . $_POST['sname'] . "','" . $_POST['code'] . "','" . $_POST['uname'] . "','" . $_POST['upassword'] . "','" . $_POST['grade'] . "','" . $_POST['tgrade'] . "')";
 
if (!mysql_query($sql,$con)) {
  die('Error: ' . mysql_error());
}
 
echo "1 record added";
 
mysql_close($con)
?>
 
The reasons your code failed still applies to what I mentioned earlier though. Please review this code and understand how you can see these issues next time ;)

Another thing I noticed is you're using a plain-text password to store your user's information. You need to get into the habit of NOT doing this. Either use mysql's built-in password function, or store your passwords with md5.

Examples:

Code: Select all

 
$password = md5($_POST['upassword']);
 
$sql = "INSERT INTO `user_data` (`Password`) VALUES ('$password')";
 
Example 2:

Code: Select all

 
  $sql = "INSERT INTO `user_data` (`Password`) VALUES (password('" . $_POST['upassword'] . "'))";
 
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: 'unexpected T_VARIABLE'

Post by AbraCadaver »

infolock wrote:Abra,
I agree, people need to research.. but the fact is everyone starts somewhere. Unless they know what they're looking for, it isn't all that apparent exactly what they should search for. Not to mention, while google is easy to use, what may be common sense to you may not be common sense to a novice. The way to show them the way, is to give them the understanding and then explain how you found your answers. Not just say "read this link, or die".
I didn't mean to be terse, and I definitely didn't mean or die() ;-)

I tend to try and point people to the relevant docs so that they get a more complete understanding and also so that they will see that php.net is a wonderful resource. I see too many times that if I answer this sort of question with an explanation and corrected code, that the poster is back the next day with a similar problem, maybe this time it is double quotes inside of double quotes instead of single quotes inside of single quotes.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: 'unexpected T_VARIABLE'

Post by AbraCadaver »

mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: 'unexpected T_VARIABLE'

Post by infolock »

hehe, awesome abra! it's good to see people like you helping these guys out too man. Glad to see our community is still going strong by passing down knowledge! keep up the good work
Post Reply