Page 1 of 1
Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 5:15 am
by natalia
I can't figure out what the problem is... This is the bit of code it refers to, line 7 is the second to last line.
Parse error: syntax error, unexpected T_STRING in /public_html/work/create.php on line 7
Code: Select all
if ($_POST['parse_var'] == “new”){
$title = $_POST['title'];
$contents = $_POST['contents'];
$author = $_POST['author'];
$sqlcreate = mysql_query(“INSERT INTO entries (date, title, contents, author)
VALUES(now(),'$title','$contents','$author')”);
I wasn't sure whether to put this in the MySQL forum, hope it's ok.
Thanks in advance.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 5:19 am
by pbs
Replace with this
Code: Select all
if ($_POST['parse_var'] == "new")
{
$title = $_POST['title'];
$contents = $_POST['contents'];
$author = $_POST['author'];
$sqlcreate = mysql_query("INSERT INTO entries (date, title, contents, author) VALUES(now(),'$title','$contents','$author')");
}
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 6:42 am
by natalia
The error is still the same, I had closed the curly brackets further down.
This is a bit more of the code:
Code: Select all
<?php
include_once”scripts/connect.php”;
if ($_POST['parse_var'] == “new”)
{
$title = $_POST['title'];
$contents = $_POST['contents'];
$author = $_POST['author'];
$sqlcreate = mysql_query(“INSERT INTO entries (date, title, contents, author) VALUES(now(),'$title','$contents','$author')”);
if ($sqlcreate){
$msg = ‘<font color=”#009900?>A new article has been created.</font>’;
} else {
$msg = ‘<font color=”#FF0000?>Problems connecting to server, please try again later.</font>’;
}
}
Thanks again, I really can't figure it out!
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 7:14 am
by learnerabn
Code: Select all
1. <?php
2. include_once”scripts/connect.php”;
3. if ($_POST['parse_var'] == “new”)
4. {
5. $title = $_POST['title'];
6. $contents = $_POST['contents'];
7. $author = $_POST['author'];
8. $sqlcreate = mysql_query(“INSERT INTO entries (date, title, contents, author) VALUES(now(),'$title','$contents','$author')”);
9.
10. if ($sqlcreate){
11. $msg = ‘<font color=”#009900?>A new article has been created.</font>’;
12. } else {
13. $msg = ‘<font color=”#FF0000?>Problems connecting to server, please try again later.</font>’;
14. }
15. }
i think that now() function should be given inside the single quotes and it should be given in the uppercase.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 7:59 am
by natalia
It doesn't seem to have anything to do with the NOW() function. I got rid of it and I still get the same error... Thanks for the suggestion, though.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 8:56 am
by davex
Hi,
It looks like it's darn MS stupid-stylee-quotes (don't think that's the tecnical term).
When I cut+pasted the code some of them were styalised (open one way, close another) double-quotes and some were a weird type of apostrapie.
Code: Select all
<?php
include_once "scripts/connect.php";
if ($_POST['parse_var'] == "new")
{
$title = $_POST['title'];
$contents = $_POST['contents'];
$author = $_POST['author'];
$sqlcreate = mysql_query("INSERT INTO entries (date, title, contents, author) VALUES(now(),'$title','$contents','$author')");
if ($sqlcreate){
$msg = "<font color=”#009900?>A new article has been created.</font>";
} else {
$msg = "<font color=”#FF0000?>Problems connecting to server, please try again later.</font>";
}
}
Should work - in fact looking at your post now I can see they're weird-quotes.
What editor are you using? I've only seen that before when something is cut+pasted from word.
Cheers,
Dave.
Edit: Can I just also add your code as-is is entirely open to SQL Injection attacks.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 9:05 am
by natalia
I'm following a tutorial to create a blog, so the code is copy and pasted into smultron. Should I replace all the quotes and apostrophes?
Also, what do you mean by SQL Injection attacks? That doesn't sound good!
Thanks so much for your help!
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 9:13 am
by davex
Hi,
Well weirdly not all the quotes were. Basically some software (quite possibly including the blog you're copying from) uses special "stylised quotes" which slope in different directions.
Unfortunately I'm not familiar with your editor and it looks like it's for the Mac so I can't help you specifically but I would guess that there is probably an option to convert to raw text or similar?
Otherwise you may well have to go through changing your quotes over. To be honest once I realised what it was they stood out - you can see in your earlier posts just looking at the include_once the quotes are angled and not just "straight". Likewise with some of the single-quotes.
I would try and see if you can convert or save as plain text (ASCII). These quotes are UNICODE characters (I think, I may just be making that up) so would get converted.
SQL injection is where nasty people can put things directly into your SQL. Most commonly this consists of chaining instructions as MySQL will accept multiple queries in the same line for example:
Code: Select all
<?php
$query = "INSERT INTO sometable(myfield) VALUES(\"".$_REQUEST['user_value'])."\")";
?>
Is fine unless someone inputs:
or similar as the user entry which will cause a problem.
Have a look at the
mysql_real_escape_string function which will escape nasty unwanted characters.
You may also want to perform some other validation/sanitation on the input but generally if it's escaped properly the worst that happens is the query just fails.
Cheers,
Dave.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 9:20 am
by natalia
Changing all the quotes actually worked. There are still so many issues with the tutorial, but thanks again for your tips. I'll look into securing my database a little more.
Re: Parse error: syntax error, unexpected T_STRING
Posted: Sat Mar 06, 2010 9:23 am
by davex
Glad it's worked - good luck with your project.
Regards,
Dave.