Mehtabyte Posted August 10, 2009 Share Posted August 10, 2009 Hi! I've acquired the code to a comments system, and want to integrate a feature whereby the form to post a comment is only shown if you are logged in i.e. the session variable $_SESSION['username'] has a character length of less than one. To be honest, I should use ISSET, but never mind for now... Anyway, the following code returns this error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/readcon1/public_html/comments.php on line 60 <? $username="***"; $password="***"; $database="***"; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); //query comments for this page of this article $inf = "SELECT * FROM `comments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC"; $info = mysql_query($inf); if(!$info) die(mysql_error()); $info_rows = mysql_num_rows($info); if($info_rows > 0) { echo '<h5>Comments:</h5>'; echo '<table width="95%">'; while($info2 = mysql_fetch_object($info)) { echo '<tr>'; echo '<td>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a></td> <td><div align="right"> @ '.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td>'; echo '</tr><tr>'; echo '<td colspan="2"> '.stripslashes($info2->comment).' </td>'; echo '</tr>'; }//end while echo '</table>'; echo '<hr width="95%" noshade>'; } else echo 'No comments for this page. Feel free to be the first <br>'; if(isset($_POST['submit'])) { if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.'); if(!addslashes($_POST['contact'])) die('<u>ERROR:</u> enter contact method in contact field.'); if(!addslashes($_POST['subject'])) die('<u>ERROR:</u> enter a subject to your comment.'); if(!addslashes($_POST['comment'])) die('<u>ERROR:</u> cannot add comment if you do not enter one!?'); //this is for a valid contact if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) { if(strstr($_POST['contact'],'@')) $_POST['contact'] = "mailto:".$_POST['contact'].""; else $_POST['contact'] = "http://".$_POST['contact'].""; } //end valid contact //try to prevent multiple posts and flooding... $c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'"; $c2 = mysql_query($c); while($c3 = mysql_fetch_object($c2)) { $difference = time() - $c3->time; if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>'); } //end while //add comment $q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(htmlspecialchars(nl2br($_POST['comment'])))."')"; $q2 = mysql_query($q); if(!$q2) die(mysql_error()); //refresh page so they can see new comment header('Location: http://www.readconverse.co.uk/index.php'); } elseif(strlen($_SESSION['username']) < 1){ echo "You need to be logged in to display messages."; }else echo "<form name=\"comments\" action=\"<? $_SERVER['PHP_SELF']; ?>\" method=\"post\"> <input type=\"hidden\" name=\"page\" value=\"<? echo($_SERVER['REQUEST_URI']); ?>\"> <input type=\"hidden\" name=\"date\" value=\"<? echo(date(\"F j, Y.\")); ?>\"> <input type=\"hidden\" name=\"time\" value=\"<? echo(time()); ?>\"> <table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"> <tr><td><div align=\"right\">Username: </div></td> <td><input name=\"username\" type=\"text\" size=\"30\"></td> </tr> <tr> <td><div align=\"right\">Contact: </div></td> <td><input type=\"text\" name=\"contact\" size=\"30\"> <i>(email or url)</i></td> </tr> <td><div align=\"right\">Subject: </div></td> <td><input type=\"text\" name=\"subject\" size=\"30\"></td> </tr> <tr> <td><div align=\"right\">Comment: </div></td> <td><textarea name=\"comment\" cols=\"45\" rows=\"5\" wrap=\"VIRTUAL\"></textarea></td> </tr> <tr> <td></td> <td colspan=\"2\"><input type=\"reset\" value=\"Reset Fields\"> <input type=\"submit\" name=\"submit\" value=\"Add Comment\"></td> </tr> </table> </form>"; ?> All help is greatly appreciated. Thanks! Have a nice day! Mehtabyte. Quote Link to comment Share on other sites More sharing options...
alexdemers Posted August 10, 2009 Share Posted August 10, 2009 Check line 60. You are already in PHP so no need to <? $_SERVER['PHP_SELF']; ?>. Replace that with action=\"".$_SERVER['PHP_SELF']."\" and everywhere where you used <? ?> Edit: Also, you shold really be cleaning your code/syntax. There's alot of confusion in there and that's where it creates problem. Quote Link to comment Share on other sites More sharing options...
Mehtabyte Posted August 10, 2009 Author Share Posted August 10, 2009 Thanks very much for that solution, it worked. However, here's the code again. Could someone look at the header(); function? It gives me the error, and I have read the sticky thread, and understand header functions, but can anyone think of a way I can refresh the page after adding the comment to mySQL so that the user can see their comment? <? $username="readcon1_Admin"; $password="-Mantaray-"; $database="readcon1_comments"; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); //query comments for this page of this article $inf = "SELECT * FROM `comments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC"; $info = mysql_query($inf); if(!$info) die(mysql_error()); $info_rows = mysql_num_rows($info); if($info_rows > 0) { echo '<h5>Comments:</h5>'; echo '<table width="95%">'; while($info2 = mysql_fetch_object($info)) { echo '<tr>'; echo '<td>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a></td> <td><div align="right"> @ '.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td>'; echo '</tr><tr>'; echo '<td colspan="2"> '.stripslashes($info2->comment).' </td>'; echo '</tr>'; }//end while echo '</table>'; echo '<hr width="95%" noshade>'; } else echo 'No comments for this page. Feel free to be the first <br>'; if(isset($_POST['submit'])) { if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.'); if(!addslashes($_POST['contact'])) die('<u>ERROR:</u> enter contact method in contact field.'); if(!addslashes($_POST['subject'])) die('<u>ERROR:</u> enter a subject to your comment.'); if(!addslashes($_POST['comment'])) die('<u>ERROR:</u> cannot add comment if you do not enter one!?'); //this is for a valid contact if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) { if(strstr($_POST['contact'],'@')) $_POST['contact'] = "mailto:".$_POST['contact'].""; else $_POST['contact'] = "http://".$_POST['contact'].""; } //end valid contact //try to prevent multiple posts and flooding... $c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'"; $c2 = mysql_query($c); while($c3 = mysql_fetch_object($c2)) { $difference = time() - $c3->time; if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>'); } //end while //add comment $q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(htmlspecialchars(nl2br($_POST['comment'])))."')"; $q2 = mysql_query($q); if(!$q2) die(mysql_error()); //refresh page so they can see new comment header("Location: http://www.readconverse.co.uk/index.php"); } elseif(strlen($_SESSION['username']) < 1){ echo "You need to be logged in to display messages."; }else echo "<form name=\"comments\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\"> <input type=\"hidden\" name=\"page\" value=\"".$_SERVER['REQUEST_URI']."\"> <input type=\"hidden\" name=\"date\" value=\"".date("F j, Y.")."\"> <input type=\"hidden\" name=\"time\" value=\"".time()."\"> <table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"> <tr><td><div align=\"right\">Username: </div></td> <td><input name=\"username\" type=\"text\" readonly value=\"". $_SESSION['username'] ."\"></td> </tr> <tr> <td><div align=\"right\">Contact: </div></td> <td><input type=\"text\" name=\"contact\" size=\"30\"> <i>(email or url)</i></td> </tr> <td><div align=\"right\">Subject: </div></td> <td><input type=\"text\" name=\"subject\" size=\"30\"></td> </tr> <tr> <td><div align=\"right\">Comment: </div></td> <td><textarea name=\"comment\" cols=\"45\" rows=\"5\" wrap=\"VIRTUAL\"></textarea></td> </tr> <tr> <td></td> <td colspan=\"2\"><input type=\"reset\" value=\"Reset Fields\"> <input type=\"submit\" name=\"submit\" value=\"Add Comment\"></td> </tr> </table> </form>"; ?> Quote Link to comment Share on other sites More sharing options...
alexdemers Posted August 10, 2009 Share Posted August 10, 2009 Well, as said in the sticky, headers should be set before any echo statements. If there's 1 byte of content, the headers will not work. You have two choices here. Either set the header before echoing the content, or do your insertion in the database before starting to output the table. So move your block of code to check/insert the comment in the database and move it before the loop to parse the table. Make any correction if it fails. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.