Jump to content

Syntax Error - Comments System / Login

Mehtabyte

By Mehtabyte
in PHP Coding Help

 Share

Recommended Posts

Mehtabyte Newbie

Mehtabyte

Posted
Posted

Hi! I've acquired the code to a comments system, and want to integrate a feature whereby the form to post a comment is only shown if you are logged in i.e. the session variable $_SESSION['username'] has a character length of less than one. To be honest, I should use ISSET, but never mind for now...

 

Anyway, the following code returns this error:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/readcon1/public_html/comments.php on line 60

 

<?
$username="***";
$password="***";
$database="***";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
//query comments for this page of this article
$inf = "SELECT * FROM `comments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC";
$info = mysql_query($inf);
if(!$info) die(mysql_error());
   $info_rows = mysql_num_rows($info);
if($info_rows > 0) {
   echo '<h5>Comments:</h5>';
   echo '<table width="95%">';
while($info2 = mysql_fetch_object($info)) {    
echo '<tr>';   
echo '<td>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a></td> <td><div align="right"> @ '.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td>';
echo '</tr><tr>';
echo '<td colspan="2"> '.stripslashes($info2->comment).' </td>';
echo '</tr>';
}//end while
echo '</table>';
echo '<hr width="95%" noshade>';
} else echo 'No comments for this page. Feel free to be the first <br>';

if(isset($_POST['submit'])) {
  if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.');
  if(!addslashes($_POST['contact']))  die('<u>ERROR:</u> enter contact method in contact field.');
  if(!addslashes($_POST['subject']))  die('<u>ERROR:</u> enter a subject to your comment.');
  if(!addslashes($_POST['comment']))  die('<u>ERROR:</u> cannot add comment if you do not enter one!?');


//this is for a valid contact
  if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) {
              if(strstr($_POST['contact'],'@'))
                $_POST['contact'] = "mailto:".$_POST['contact']."";
              else
                $_POST['contact'] = "http://".$_POST['contact']."";
   } //end valid contact

//try to prevent multiple posts and flooding...
$c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
  $c2 = mysql_query($c);
     while($c3 = mysql_fetch_object($c2)) {
      $difference = time() - $c3->time;
     if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>');
      } //end while

//add comment
$q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(htmlspecialchars(nl2br($_POST['comment'])))."')";

$q2 = mysql_query($q);
  if(!$q2) die(mysql_error());

//refresh page so they can see new comment
header('Location: http://www.readconverse.co.uk/index.php');

} elseif(strlen($_SESSION['username']) < 1){
echo "You need to be logged in to display messages.";
}else echo "<form name=\"comments\" action=\"<? $_SERVER['PHP_SELF']; ?>\" method=\"post\">
<input type=\"hidden\" name=\"page\" value=\"<? echo($_SERVER['REQUEST_URI']); ?>\">
<input type=\"hidden\" name=\"date\" value=\"<? echo(date(\"F j, Y.\")); ?>\">
<input type=\"hidden\" name=\"time\" value=\"<? echo(time()); ?>\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr><td><div align=\"right\">Username:   </div></td>
<td><input name=\"username\" type=\"text\" size=\"30\"></td>
</tr>
<tr>
<td><div align=\"right\">Contact:   </div></td>
<td><input type=\"text\" name=\"contact\" size=\"30\"> <i>(email or url)</i></td>
</tr>
<td><div align=\"right\">Subject:   </div></td>
<td><input type=\"text\" name=\"subject\" size=\"30\"></td>
</tr>
<tr>
<td><div align=\"right\">Comment:   </div></td>
<td><textarea name=\"comment\" cols=\"45\" rows=\"5\" wrap=\"VIRTUAL\"></textarea></td>
</tr>
<tr>
<td></td>
<td colspan=\"2\"><input type=\"reset\" value=\"Reset Fields\">     
<input type=\"submit\" name=\"submit\" value=\"Add Comment\"></td>
</tr>
</table>
</form>";
?>

 

All help is greatly appreciated. Thanks!

 

Have a nice day!

 

Mehtabyte.

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

Check line 60. You are already in PHP so no need to <? $_SERVER['PHP_SELF']; ?>.

 

Replace that with

action=\"".$_SERVER['PHP_SELF']."\"

 

and everywhere where you used <? ?>

 

 

Edit: Also, you shold really be cleaning your code/syntax. There's alot of confusion in there and that's where it creates problem.

Link to comment
Share on other sites
Mehtabyte Newbie

Mehtabyte

Posted
  • Author
Posted

Thanks very much for that solution, it worked. However, here's the code again. Could someone look at the header(); function? It gives me the error, and I have read the sticky thread, and understand header functions, but can anyone think of a way I can refresh the page after adding the comment to mySQL so that the user can see their comment?

 

<?
$username="readcon1_Admin";
$password="-Mantaray-";
$database="readcon1_comments";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
//query comments for this page of this article
$inf = "SELECT * FROM `comments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC";
$info = mysql_query($inf);
if(!$info) die(mysql_error());
   $info_rows = mysql_num_rows($info);
if($info_rows > 0) {
   echo '<h5>Comments:</h5>';
   echo '<table width="95%">';
while($info2 = mysql_fetch_object($info)) {    
echo '<tr>';   
echo '<td>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a></td> <td><div align="right"> @ '.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td>';
echo '</tr><tr>';
echo '<td colspan="2"> '.stripslashes($info2->comment).' </td>';
echo '</tr>';
}//end while
echo '</table>';
echo '<hr width="95%" noshade>';
} else echo 'No comments for this page. Feel free to be the first <br>';

if(isset($_POST['submit'])) {
  if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.');
  if(!addslashes($_POST['contact']))  die('<u>ERROR:</u> enter contact method in contact field.');
  if(!addslashes($_POST['subject']))  die('<u>ERROR:</u> enter a subject to your comment.');
  if(!addslashes($_POST['comment']))  die('<u>ERROR:</u> cannot add comment if you do not enter one!?');


//this is for a valid contact
  if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) {
              if(strstr($_POST['contact'],'@'))
                $_POST['contact'] = "mailto:".$_POST['contact']."";
              else
                $_POST['contact'] = "http://".$_POST['contact']."";
   } //end valid contact

//try to prevent multiple posts and flooding...
$c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
  $c2 = mysql_query($c);
     while($c3 = mysql_fetch_object($c2)) {
      $difference = time() - $c3->time;
     if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>');
      } //end while

//add comment
$q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(htmlspecialchars(nl2br($_POST['comment'])))."')";

$q2 = mysql_query($q);
  if(!$q2) die(mysql_error());

//refresh page so they can see new comment
header("Location: http://www.readconverse.co.uk/index.php");

} elseif(strlen($_SESSION['username']) < 1){
echo "You need to be logged in to display messages.";
}else echo "<form name=\"comments\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">
<input type=\"hidden\" name=\"page\" value=\"".$_SERVER['REQUEST_URI']."\">
<input type=\"hidden\" name=\"date\" value=\"".date("F j, Y.")."\">
<input type=\"hidden\" name=\"time\" value=\"".time()."\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr><td><div align=\"right\">Username:   </div></td>
<td><input name=\"username\" type=\"text\" readonly value=\"". $_SESSION['username'] ."\"></td>
</tr>
<tr>
<td><div align=\"right\">Contact:   </div></td>
<td><input type=\"text\" name=\"contact\" size=\"30\"> <i>(email or url)</i></td>
</tr>
<td><div align=\"right\">Subject:   </div></td>
<td><input type=\"text\" name=\"subject\" size=\"30\"></td>
</tr>
<tr>
<td><div align=\"right\">Comment:   </div></td>
<td><textarea name=\"comment\" cols=\"45\" rows=\"5\" wrap=\"VIRTUAL\"></textarea></td>
</tr>
<tr>
<td></td>
<td colspan=\"2\"><input type=\"reset\" value=\"Reset Fields\">     
<input type=\"submit\" name=\"submit\" value=\"Add Comment\"></td>
</tr>
</table>
</form>";
?>

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

Well, as said in the sticky, headers should be set before any echo statements. If there's 1 byte of content, the headers will not work. You have two choices here. Either set the header before echoing the content, or do your insertion in the database before starting to output the table. So move your block of code to check/insert the comment in the database and move it before the loop to parse the table.

 

Make any correction if it fails.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.