ja_blackburn Posted September 21, 2009 Share Posted September 21, 2009 Hi guys, first post, please go easy! I am doing a basic insert to register a product: Here is the code: <?php $con = mysql_connect("213.171.xxx.xx","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("pix", $con); $sql="INSERT INTO product_reg (name, 1st_line, town, postcode, country, product_type, purchase_from, your_email, contact) VALUES ('$_POST[name]','$_POST[1st_line]','$_POST[town]','$_POST[postcode]','$_POST[country]','$_POST[product_type]','$_POST[purchase_from]','$_POST[your_email]','$_POST[contact]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> I get the following error: Parse error: syntax error, unexpected T_STRING, expecting ']' in E:\domains\s\domain.com\user\htdocs\2009test\product_register.php on line 20 A friend has told me i should be using arrays for this data, however i have managed to run a test using the following code and it works. <?php $con = mysql_connect("213.171.xxx.xx","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("pix", $con); $sql="INSERT INTO test (one, two) VALUES ('$_POST[one]','$_POST[two]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> I cant see why the latter works but the first doesnt, please help!! Thanks Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/ Share on other sites More sharing options...
smerny Posted September 21, 2009 Share Posted September 21, 2009 $_POST[name] should be $_POST['name'] Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/#findComment-922231 Share on other sites More sharing options...
ja_blackburn Posted September 21, 2009 Author Share Posted September 21, 2009 Thanks, it worked! Out of interest though, why do not get this error with the test example, as i have not included the ' ' in the that one? Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/#findComment-922240 Share on other sites More sharing options...
smerny Posted September 21, 2009 Share Posted September 21, 2009 i'm surprised that it would... i actually generally use the format like this ('".$_POST['something']."', '".$_POST['something_else']."') but on another note, you are giving raw input from the user directly into the database... don't you want to verify they are entering correct information... and especially that they are not going to inject sql to delete your database or something? Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/#findComment-922243 Share on other sites More sharing options...
ja_blackburn Posted September 21, 2009 Author Share Posted September 21, 2009 would using a require() function to detail to connection be a secure way of doing it? I was going to add some front end validation to it as well. Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/#findComment-922247 Share on other sites More sharing options...
smerny Posted September 21, 2009 Share Posted September 21, 2009 would be best to require the db connect and put that in a different folder (not public http if thats where you have it) but that's not what i meant. I mean like for example, if you want post code to be all numbers and have a length of 5, then check that it is infact a number with a length of 5 before submitting it... check out the ctype functions... and you can use mysql_real_escape_string() to make sure that they aren't injecting sql into your fields Link to comment https://forums.phpfreaks.com/topic/174987-insert-errorunexpected-t_string-expecting/#findComment-922256 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.