uramagget

Alright, it seems the mySQL error format WAS wrong. Thanks thorpe!

<? include "news.inc.php"; ?> <html> <head> <title>News</title> <basefont face="Verdana"> </head> <body> <? //Generate News $query = "SELECT id, title, timestamp FROM $table ORDER BY id ASC LIMIT 0, 5"; $result = mysql_query($query) or die ("mysql_error()); if (mysql_num_rows($result) > 0) { while($row = mysql_fetch_array($result)) { ?> <h2><? echo $row['title']; ?></h2> <p><? echo $row['content']; ?></p> <div align='right'> Posted by <? echo $row['author']; ?> </div> <? } } else { echo "no news"; } mysql_close(); ?> </body> </html> Returns: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/parahost/public_html/news.php on line 20

MY BAD, IT WORKS! THANKS!

Alright, this works, but seems that everything results in a 404 now. :/;

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ']' in /home/rindiny/public_html/beta/query.inc.php on line

Fatal error: Can't use function return value in write context in /home/rindiny/public_html/beta/query.inc.php on line 13

That doesn't work.... It gives me a blank page....

I'm making a Content Management System, so I want the system to check if a page (?id=pagename here) exists or not. If it doesn't, return a 404 error. If not, serve the page. Also, I would like some help in stopping people from entering blank URLs (?id=_blank_stuff_here). Here is what I'm using for the querystring: <? /* Script Name: query.inc.php Date: June 03, 2007 Description: ?id= URLs. Eww..... Version: 0.1 Change Log: Version 0.1 (Original Version): */ //Use GET to find query $id=mysql_real_escape_string($_GET['id']); //Use mySQL to select the query $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?>

How would I format this properly, though, so it can work?

I'm making a content management system, and so, I'm trying to allow PHP code to work, properly, when entered through the form. But the problem is, after a user presses the submit button to edit the page, and has PHP code, it adds on a backslash to every variable declaration, and certain characters. How do I rectify this?

Finally! It actually works@! Thanks everybody for the help! :

Oh, wait: INSERT INTO pokemon('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , '' , '' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude') http://dex.pokeuniverse.info/admin/valid.php The form.

I've certainly tried this, and it does not change the error message. :/;

$sql = "INSERT INTO $tbl_name('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('$id' , '$name' , '$num' , '$type1' , '$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense' , '$speed' , '$spattack' , '$spdefense')"; :/; Still not working. I'll try mysql_real_escape, then.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 And line is is <?, so what in the world is going on?

I'm currently using this PHP Code for my form: <? include "../config.inc.php"; // Connect to server and select database. $tbl_name = "pokemon"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("$username can't connect to mySQL database..."); // POST Data retrieved from form $id=$_POST['id']; $name=$_POST['name']; $num=$_POST['num']; $type1=$_POST['type1']; $type2=$_POST['type2']; $class=$_POST['class']; $height=$_POST['height']; $weight=$_POST['weight']; $malerat=$_POST['malerat']; $femalerat=$_POST['femalerat']; $ability=$_POST['ability']; $abilitydesc=$_POST['type1']; $gen=$_POST['gen']; $genlocation=$_POST['genlocation']; $attack=$_POST['attack']; $defense=$_POST['defense']; $speed=$_POST['speed']; $spattack=$_POST['spattack']; $spdefense=$_POST['spdefense']; $rbyloc=$_POST['rubyloc']; $gscloc=$_POST['gscloc']; $rseloc=$_POST['rseloc']; $frlgloc=$_POST['frlgloc']; $dploc=$_POST['dploc']; $sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')"; $result=mysql_query($sql); if($result){ echo "<a href=\"http://www.pokeuniverse.info/pokemon/$id/\">$name</a> was added to the Pokedex!"; echo "<a href=\"valid.php\">Modify/Add Another Pokemon</a>"; } else { echo "Mistake while adding Pokemon. Go <a href=\"valid.php\">back</a> and try again."; } mysql_close(); ?> Then, after I submitted via the form, it gives me the error "Mistake while adding Pokemon". Is this some sort of syntax error with the SQL code? I can't seem to find the error.... Please help..