Page 1 of 1
'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 12:45 pm
by D.M.N.
I'm trying to get data from a form, and insert it to a database, but I'm getting the above error:
Parse error: syntax error, unexpected T_VARIABLE in /home/a4369339/public_html/processing.php on line 12
Here is the relevant code:
Code: Select all
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
('$_POST[fname]','$_POST[sname]','$_POST
Code: Select all
','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');';
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
I'm using MySQL version 5.1 if that helps?
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 12:48 pm
by prizelocker.co.cc
I think you have one extra semi colon
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 12:55 pm
by AbraCadaver
No. First get an editor that does syntax highlighting. This will show syntax problems. Second, read here:
http://www.php.net/manual/en/language.types.string.php
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 12:56 pm
by prizelocker.co.cc
Sorry for the last post your script should be like this:
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
('$_POST[fname]','$_POST[sname]','$_POST
Code: Select all
','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');':
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 1:02 pm
by D.M.N.
prizelocker.co.cc wrote:Sorry for the last post your script should be like this:
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
('$_POST[fname]','$_POST[sname]','$_POST
Code: Select all
','$_POST[uname]','$_POST[upassword]','$_POST[grade]','$_POST[tgrade]');':
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>[/quote]
I tried this, but still get a 'unexpected T_VARIABLE' error on the same line (the line with numerous $_POST functions). Is it something to do with the MySQL version that I'm using? (5.1)
I'll look on the link that AbraCadaver provided.
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 1:16 pm
by AbraCadaver
It has to do only with your understanding of the link that I posted.
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 1:31 pm
by infolock
Sigh, I dunno why no one wants to just answer this guy's question.
This code will work. A reason will be below this:
Code: Select all
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES (' . $_POST['fname'] . ',' . $_POST['sname'] . ',' . $_POST['code'] . ',' . $_POST['uname'] . ',' . $_POST['upassword'] . ',' . $_POST['grade'] . ',' . $_POST['tgrade'] . ')';
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
Reasons why it failed:
1) The T_ERROR is used to describe a token error PHP found while parsing your script. It's usually due to an invalid use of quotes, or in your case, a double semicolon...
2) You cannot start a string with a single quote (') and then put a PHP variable inside of it. So when you started your string as $sql = ', right away you gave up your rights to do something like $sql = '$hi, because PHP will not see it. If you were to have started your string with double quotes ("), then you can use regular variables. But even in this case, it may not work as you're calling for an array value which would need to be surrounded by curly braces in a double quote string (ie: $sql = "{$POST['my_key']} ) . However, both methods you can stop the string, append a variable, and then begin the string again by doing something like $sql = "SELECT " . $_POST['my_key'] . " FROM....
Since you were using single quotes, i chose to just append it with single quotes. IE: $sql = 'SELECT ' . $_POST['my_key'] . ' FROM.....
3) When you're going to call an array key, please get in the habit of surrounding your keys with either a single or double quote. PHP will execute without them, but will produce notices about them. Plus, it's kinda an ugly method to use for coding for other reasons, but that's out of this scope.
I hope this helps.
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 1:41 pm
by D.M.N.
Right I've managed to get rid of the error. However, in my database, instead of seeing the details I enter, I see $_POST[`fname`] in Forname and so on and so forth which definitely shouldn't be happening. Here is my current code:
Code: Select all
<html>
<body bgcolor="#752A29">
<center>
<img src = "banner.png">
<link REL="stylesheet" TYPE="text/css" href="h1.css">
<text>
<h1></h1>
<table bgcolor="#752A29">
<form method = "post" action = "processing.php">
<tr>
<h1>Admin page for creating users and passwords.</h1>
</tr>
<tr>
<td><h2>Student ID:</h2></td>
<td><input name = "Student ID" type = "integer" id = "studentid" /></td>
</tr>
<tr>
<td><h2>Forename:</h2></td>
<td><input name = "Forename" type = "text" id = "fname" /></td>
</tr>
<tr>
<td><h2>Surname:</h2></td>
<td><input name = "Surname" type = "text" id = "sname" /></td>
</tr>
<tr>
<td><h2>Class Code:</h2></td>
<td><input name = "Class Code" type = "text" id = "code" /></td>
</tr>
<tr>
<td><h2>Username:</h2></td>
<td><input name = "Username" type = "text" id = "uname" /></td>
</tr>
<tr>
<td><h2>Password:</h2></td>
<td><input name = "Password" type = "password" id = "upassword" /></td>
</tr>
<tr>
<td><h2>Grade:</h2></td>
<td><select name = 'Grade' id = "grade" />
<option value = 'Fail' />Fail</option>
<option value = 'Pass' />Pass</option>
<option value = 'Merit' />Merit</option>
<option value = 'Distinction' />Distinction</option>
<option value = 'Distinction_star' />Distinction *</option>
</select></td>
</tr>
<tr>
<td><h2>Target Grade:</h2></td>
<td><select name = 'Target Grade' id = "tgrade" />
<option value = 'Fail' />Fail</option>
<option value = 'Pass' />Pass</option>
<option value = 'Merit' />Merit</option>
<option value = 'Distinction' />Distinction</option>
<option value = 'Distinction_star' />Distinction *</option>
</select></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type = "submit" name = "Submit" value = Done /></td>
</tr>
<?php
// user enters username and password
?>
</form>
</text>
</center>
</body>
</html>
Code: Select all
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES
("$POST_[`studentid`]","$_POST[`fname`]","$_POST[`sname`]","$_POST[`code`]","$_POST[`uname`]","$_POST[`upassword`]","$_POST[`grade`]","$_POST[`tgrade`]");';
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 1:45 pm
by D.M.N.
infolock wrote:Sigh, I dunno why no one wants to just answer this guy's question.
This code will work. A reason will be below this:
Code: Select all
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = 'INSERT INTO `a4369339_btech`.`user_data` (`Student ID`, `Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES (' . $_POST['fname'] . ',' . $_POST['sname'] . ',' . $_POST['code'] . ',' . $_POST['uname'] . ',' . $_POST['upassword'] . ',' . $_POST['grade'] . ',' . $_POST['tgrade'] . ')';
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
Reasons why it failed:
1) The T_ERROR is used to describe a token error PHP found while parsing your script. It's usually due to an invalid use of quotes, or in your case, a double semicolon...
2) You cannot start a string with a single quote (') and then put a PHP variable inside of it. So when you started your string as $sql = ', right away you gave up your rights to do something like $sql = '$hi, because PHP will not see it. If you were to have started your string with double quotes ("), then you can use regular variables. But even in this case, it may not work as you're calling for an array value which would need to be surrounded by curly braces in a double quote string (ie: $sql = "{$POST['my_key']} ) . However, both methods you can stop the string, append a variable, and then begin the string again by doing something like $sql = "SELECT " . $_POST['my_key'] . " FROM....
Since you were using single quotes, i chose to just append it with single quotes. IE: $sql = 'SELECT ' . $_POST['my_key'] . ' FROM.....
3) When you're going to call an array key, please get in the habit of surrounding your keys with either a single or double quote. PHP will execute without them, but will produce notices about them. Plus, it's kinda an ugly method to use for coding for other reasons, but that's out of this scope.
I hope this helps.
Thanks for you're help, but the code you posted didn't work. Sorry.... :
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,,,,)' at line 2
Re: 'unexpected T_VARIABLE'
Posted: Fri Jan 29, 2010 2:54 pm
by AbraCadaver
infolock wrote:Sigh, I dunno why no one wants to just answer this guy's question.
Because people need to learn and also learn where to go to research how things work instead of just typing stuff into their script and assuming it should work and then posting questions when it doesn't.
D.M.N
The reasons infolock's code doesn't work are:
1. He didn't quote the text fields in the query.
2. There are more fields listed than there are values. Remove the id, this is most likely auto increment.
In addition, you never insert user supplied data into a query. Use mysql_real_escape_string(). Check this:
http://us.php.net/manual/en/security.da ... ection.php
Re: 'unexpected T_VARIABLE'
Posted: Sun Jan 31, 2010 1:21 pm
by infolock
Abra,
I agree, people need to research.. but the fact is everyone starts somewhere. Unless they know what they're looking for, it isn't all that apparent exactly what they should search for. Not to mention, while google is easy to use, what may be common sense to you may not be common sense to a novice. The way to show them the way, is to give them the understanding and then explain how you found your answers. Not just say "read this link, or die".
My code has errors yeah. I didn't exactly check it. My apologizes. Here is the fixed code:
Code: Select all
<?php
$con = mysql_connect("mysql12.000webhost.com", "a4369339_main", "password");
if(!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("a4369339_btech", $con);
$sql = "INSERT INTO `a4369339_btech`.`user_data` (`Forename`, `Surname`, `Class Code`, `Username`, `Password`, `Grade`, `Target Grade`)
VALUES ('" . $_POST['fname'] . "','" . $_POST['sname'] . "','" . $_POST['code'] . "','" . $_POST['uname'] . "','" . $_POST['upassword'] . "','" . $_POST['grade'] . "','" . $_POST['tgrade'] . "')";
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
The reasons your code failed still applies to what I mentioned earlier though. Please review this code and understand how you can see these issues next time
Another thing I noticed is you're using a plain-text password to store your user's information. You need to get into the habit of NOT doing this. Either use mysql's built-in password function, or store your passwords with md5.
Examples:
Code: Select all
$password = md5($_POST['upassword']);
$sql = "INSERT INTO `user_data` (`Password`) VALUES ('$password')";
Example 2:
Code: Select all
$sql = "INSERT INTO `user_data` (`Password`) VALUES (password('" . $_POST['upassword'] . "'))";
Re: 'unexpected T_VARIABLE'
Posted: Sun Jan 31, 2010 1:33 pm
by AbraCadaver
infolock wrote:Abra,
I agree, people need to research.. but the fact is everyone starts somewhere. Unless they know what they're looking for, it isn't all that apparent exactly what they should search for. Not to mention, while google is easy to use, what may be common sense to you may not be common sense to a novice. The way to show them the way, is to give them the understanding and then explain how you found your answers. Not just say "read this link, or die".
I didn't mean to be terse, and I definitely didn't mean or die()
I tend to try and point people to the relevant docs so that they get a more complete understanding and also so that they will see that php.net is a wonderful resource. I see too many times that if I answer this sort of question with an explanation and corrected code, that the poster is back the next day with a similar problem, maybe this time it is double quotes inside of double quotes instead of single quotes inside of single quotes.
Re: 'unexpected T_VARIABLE'
Posted: Sun Jan 31, 2010 1:35 pm
by AbraCadaver
Re: 'unexpected T_VARIABLE'
Posted: Sun Jan 31, 2010 1:44 pm
by infolock
hehe, awesome abra! it's good to see people like you helping these guys out too man. Glad to see our community is still going strong by passing down knowledge! keep up the good work