Jump to content

Unexpected T_Variable ?

Gem

By Gem
in PHP Coding Help

 Share

Recommended Posts

Gem Member

Gem

Posted
Posted

Hi all,

I dont really know what I am doing!! I know I'm doing something wrong, and I know its on line 42 "$sql="select pname, award, aw_year" but I dont know why its a problem?? Can anyone help me understand what I am doing wrong please??

 

Full code below:

 

<?php 

$conn = mysql_connect("CNX INFO") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname']
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql1);

echo $info?>



</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/182648-unexpected-t_variable/
Share on other sites
Gem Member

Gem

Posted
  • Author
Posted

Oh Yeh LOL  :-[

 

KK - Fixed that, and the error is gone, thanks for that.  However, it's not working.

 

Maybe you could check the page for yourself so you can see what is happening

 

http://www.bradleystokejudoclub.co.uk/test.php

 

Here the code again because I changed something else that was wrong as well...

 

<?php 

$conn = mysql_connect("80.94.196.33","gem","landseer") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname'];
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql);

echo $info?>



</body>
</html>

Alex Advanced Member

Alex

Posted
Posted

There's a few things that should be corrected.

 

1. You should never use $_SERVER['PHP_SELF'] for a form action, doing so leaves you vulnerable to XSS attacks. Instead, either type in the name of the file, or leave it blank. Note that the latter will not validate as valid (X)HTML.

 

2. Currently you're also vulnerable to SQL injections. To correct this escape all user input that will be used in a mysql query with mysql_real_escape_string.

 

3. Finally, I'm not sure exactly what you're trying to output. You can't just echo the query. Here's an example on how to get a row from the record returned.

 

$info=mysql_query($sql);
$row = mysql_fetch_assoc($info);
echo $row['some_column_name'];

 

mysql_fetch_assoc

Gem Member

Gem

Posted
  • Author
Posted

Thanks AlexWD.

 

I will deal with the whole security things once I get it working.

 

I'm getting there ... so far we have got one record being displayed, but I need it to show all the results from the query ... does that make sense??

 

I.e. I know that I have won 2 trophys, and if you select Gem Gale, only one of them comes up ... any ideas what I'm doing wrong there??

 

<?php 

$conn = mysql_connect("80.94.196.33","gem","landseer") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname'];
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql);
$row = mysql_fetch_assoc($info);
?><BR><?
echo $row['award'];?><BR><?
echo $row['aw_year'];

?>

</body>
</html>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.