Page 1 of 1
unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'
Posted: Mon May 26, 2008 12:22 pm
by davidtube
Sorry, I'm probably missing something obvious but I've been looking at this for ages and can't work out what's wrong. Can anyone spot it?
Code: Select all
$query = mysql_query("INSERT INTO members (Name, EmailContact, CompanyName, WebsiteAddress, EmailDisplay, PhoneNumber, Area, description, LinkLocation, Date) VALUES ('$_POST[name]', '$_POST[e-mail]', '$_POST[companyname]', '$_POST[websiteaddress]', '$_POST[emailaddress]', '$_POST[phonenumber]', '$_POST[county]', '$_POST[description]', '$_POST[linkulr]', '$mysqldate')") or die(mysql_error());
Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'
Posted: Mon May 26, 2008 1:11 pm
by Zoxive
Code: Select all
$query = mysql_query("
INSERT INTO members (Name, EmailContact, CompanyName, WebsiteAddress, EmailDisplay, PhoneNumber, Area, description, LinkLocation, Date)
VALUES (
'{$_POST['name']}',
'{$_POST['e-mail']}',
'{$_POST['companyname']}',
'{$_POST['websiteaddress']}',
'{$_POST['emailaddress']}',
'{$_POST['phonenumber']}',
'{$_POST['county']}',
'{$_POST['description']}',
'{$_POST['linkulr']}',
'{$mysqldate}'
)
") or die(mysql_error());
{} help the parser to know what is part of the variable.
Your script is very insecure however, there is no validation, or escaping present. An attacker could easily do some nasty things.
Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'
Posted: Mon May 26, 2008 1:46 pm
by davidtube
Great you've fixed it. Thanks. I've never used {} in sql before. I don't understand why I needed it for this.
Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'
Posted: Mon May 26, 2008 1:58 pm
by Zoxive
davidtube wrote:Great you've fixed it. Thanks. I've never used {} in sql before. I don't understand why I needed it for this.
Its not, its for PHP to make the String for Mysql.
Example from Php.net wrote:Code: Select all
<?php
$beer = 'Heineken';
echo "$beer's taste is great"; // works; "'" is an invalid character for variable names
echo "He drank some $beers"; // won't work; 's' is a valid character for variable names
echo "He drank some ${beer}s"; // works
echo "He drank some {$beer}s"; // works
?>
Re: unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']'
Posted: Mon May 26, 2008 2:13 pm
by davidtube
Thanks, I nearly understand it.