Results 1 to 12 of 12
  1. #1

    Can someone help me fix this script?

    SO it's supposed to submit articles to a database... Problem is I keep getting various errors (currently: Parse error: syntax error, unexpected $end in /home/stuynet/public_html/cmsadmin/new_article.php on line 34 ).

    Can someone please, please help me with it?

    PHP Code:
    <?php
    // Acquire Settings
    require_once('../includes/DbConnector.php');

    // Check whether a form has been submitted. If so, carry on
    if ($HTTP_POST_VARS){

    // Create a new instance of DbConnector
    $connector = new DbConnector();

    // Form Validation

    // Create an SQL query
    $insertQuery "INSERT INTO articles (article_title,author_name,category,article_text) VALUES (".
    "'".$HTTP_POST_VARS['article_title']."', ".
    "'".$HTTP_POST_VARS['author_name']."', ".
    $HTTP_POST_VARS['category'].", ".
    "'".$HTTP_POST_VARS['article_text']."')

    // Insert the data obtained from the form into the databse
    if (
    $result = $connector->query($insertQuery)){

    // If it worked then...
    echo '<center><b>Article added to the database</b></center><br>';

    }else{

    // If it hasn't worked...
    exit('<center>Sorry, there was an error in saving to the database.</center>');

    }

    include '../html/forms/news_insert_form.html';
    ?>

  2. #2
    Join Date
    May 2007
    Location
    Orange Country, CA
    Posts
    138
    Missing a semi-colon. I would suggest using a text-editor with syntax highlighting for PHP. It will help you catch errors such as these.

    PHP Code:
    // Create an SQL query
    $insertQuery "INSERT INTO articles (article_title,author_name,category,article_text) VALUES (".
    "'".$HTTP_POST_VARS['article_title']."', ".
    "'".$HTTP_POST_VARS['author_name']."', ".
    $HTTP_POST_VARS['category'].", ".
    "'".$HTTP_POST_VARS['article_text']."'); 
    Blesta - Professional Billing Software
    We are about creating good experiences
    Trial - Demo | 866.478.7567 | Twitter @blesta

  3. #3
    Join Date
    May 2007
    Location
    Orange Country, CA
    Posts
    138
    Also, I'd just like to point out that the use of $HTTP_POST_VARS is deprecated. Use $_POST instead. Additionally, DO NOT use posted data in SQL queries directly. This script is extremely vulnerable to SQL injection. Clean all POST data with mysql_real_escape_string.
    Blesta - Professional Billing Software
    We are about creating good experiences
    Trial - Demo | 866.478.7567 | Twitter @blesta

  4. #4
    Thank you so much for you help, and I'll be sure to use mysql_real_escape_String in the future- I really had no idea about it.

  5. #5
    If $insertQuery is supposed to be deprecated, what can I use in place of it?

  6. #6
    Join Date
    Aug 2007
    Posts
    905
    I think he meant use $_POST['data'] instead of $_POST_VARS['data']

  7. #7
    Quote Originally Posted by Looie View Post
    I think he meant use $_POST['data'] instead of $_POST_VARS['data']
    Yes I know. but the problem with using mysql_escape_string is my previously defined values. Plus I still get the same error with his method.

  8. #8
    Join Date
    Aug 2007
    Posts
    905
    Did you replace

    PHP Code:
    "'".$HTTP_POST_VARS['article_text']."') 
    with

    PHP Code:
    "'".$HTTP_POST_VARS['article_text']."'); 

  9. #9
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    man the error you're getting is because you didn't close your first if
    "if ($HTTP_POST_VARS){"


    that is what it means undefined $end it has nothing to do with other things

  10. #10
    Join Date
    Dec 2002
    Location
    Jackson, MI
    Posts
    1,526
    Codebird, they were telling him how to fix the other problems in his script. He has two errors in his script, the first being a missing semi colon, the second being a missing closing }.

    unexpected $end can be caused by a missing semi colon, but most times is caused by a missing closing bracket. Happens a bit when using many nested ifs,fors,etc

  11. #11
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    Yes I know. but the problem with using mysql_escape_string is my previously defined values. Plus I still get the same error with his method
    csparks I was replying to that post.

  12. #12
    Join Date
    Jul 2007
    Posts
    205
    Hi i would recommend you to put this this.

    PHP Code:
    $article_title mysql_real_escape_string($_POST['article_title']);
    $author_name mysql_real_escape_string($_POST['author_name']);
    $category mysql_real_escape_string($_POST['category']);
    $article_text mysql_real_escape_string($_POST['category']);

    // Create an SQL query
    $insertQuery "INSERT INTO articles (article_title,author_name,category,article_text) VALUES ('$article_title','$author_name','$category','$article_text')"

    ciao

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •