SO it's supposed to submit articles to a database... Problem is I keep getting various errors (currently: Parse error: syntax error, unexpected $end in /home/stuynet/public_html/cmsadmin/new_article.php on line 34 ).

Can someone please, please help me with it?

<?php
// Acquire Settings
require_once('../includes/DbConnector.php');

// Check whether a form has been submitted. If so, carry on
if ($HTTP_POST_VARS){

// Create a new instance of DbConnector
$connector = new DbConnector();

// Form Validation

// Create an SQL query
$insertQuery = "INSERT INTO articles (article_title,author_name,category,article_text) VALUES (".
"'".$HTTP_POST_VARS['article_title']."', ".
"'".$HTTP_POST_VARS['author_name']."', ".
$HTTP_POST_VARS['category'].", ".
"'".$HTTP_POST_VARS['article_text']."')

// Insert the data obtained from the form into the databse
if ($result = $connector->query($insertQuery)){

// If it worked then...
echo '<center><b>Article added to the database</b></center><br>';

}else{

// If it hasn't worked...
exit('<center>Sorry, there was an error in saving to the database.</center>');

}

include '../html/forms/news_insert_form.html';
?>

Missing a semi-colon. I would suggest using a text-editor with syntax highlighting for PHP. It will help you catch errors such as these.


// Create an SQL query
$insertQuery = "INSERT INTO articles (article_title,author_name,category,article_text) VALUES (".
"'".$HTTP_POST_VARS['article_title']."', ".
"'".$HTTP_POST_VARS['author_name']."', ".
$HTTP_POST_VARS['category'].", ".
"'".$HTTP_POST_VARS['article_text']."');

Also, I'd just like to point out that the use of $HTTP_POST_VARS is deprecated. Use $_POST instead. Additionally, DO NOT use posted data in SQL queries directly. This script is extremely vulnerable to SQL injection. Clean all POST data with mysql_real_escape_string. (http://www.php.net/manual/en/function.mysql-real-escape-string.php)

Thank you so much for you help, and I'll be sure to use mysql_real_escape_String in the future- I really had no idea about it.

If $insertQuery is supposed to be deprecated, what can I use in place of it?

I think he meant use $_POST['data'] instead of $_POST_VARS['data']

I think he meant use $_POST['data'] instead of $_POST_VARS['data']

Yes I know. but the problem with using mysql_escape_string is my previously defined values. Plus I still get the same error with his method.

Did you replace

"'".$HTTP_POST_VARS['article_text']."')

with

"'".$HTTP_POST_VARS['article_text']."');

man the error you're getting is because you didn't close your first if
"if ($HTTP_POST_VARS){"


that is what it means undefined $end it has nothing to do with other things

Codebird, they were telling him how to fix the other problems in his script. He has two errors in his script, the first being a missing semi colon, the second being a missing closing }.

unexpected $end can be caused by a missing semi colon, but most times is caused by a missing closing bracket. Happens a bit when using many nested ifs,fors,etc

Yes I know. but the problem with using mysql_escape_string is my previously defined values. Plus I still get the same error with his method
csparks I was replying to that post.

Hi i would recommend you to put this this.


$article_title = mysql_real_escape_string($_POST['article_title']);
$author_name = mysql_real_escape_string($_POST['author_name']);
$category = mysql_real_escape_string($_POST['category']);
$article_text = mysql_real_escape_string($_POST['category']);

// Create an SQL query
$insertQuery = "INSERT INTO articles (article_title,author_name,category,article_text) VALUES ('$article_title','$author_name','$category','$article_text')";




:) ciao