Unexpected T_Variable ?

Gem · November 23, 2009

Hi all,

I dont really know what I am doing!! I know I'm doing something wrong, and I know its on line 42 "$sql="select pname, award, aw_year" but I dont know why its a problem?? Can anyone help me understand what I am doing wrong please??

Full code below:

<?php 

$conn = mysql_connect("CNX INFO") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname']
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql1);

echo $info?>



</body>
</html>

Alex · November 23, 2009

You're missing a ; at the end of this line:

$pname=$_GET['pname']

Gem · November 23, 2009

Oh Yeh LOL :-[

KK - Fixed that, and the error is gone, thanks for that. However, it's not working.

Maybe you could check the page for yourself so you can see what is happening

http://www.bradleystokejudoclub.co.uk/test.php

Here the code again because I changed something else that was wrong as well...

<?php 

$conn = mysql_connect("80.94.196.33","gem","landseer") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname'];
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql);

echo $info?>



</body>
</html>

Alex · November 23, 2009

There's a few things that should be corrected.

1. You should never use $_SERVER['PHP_SELF'] for a form action, doing so leaves you vulnerable to XSS attacks. Instead, either type in the name of the file, or leave it blank. Note that the latter will not validate as valid (X)HTML.

2. Currently you're also vulnerable to SQL injections. To correct this escape all user input that will be used in a mysql query with mysql_real_escape_string.

3. Finally, I'm not sure exactly what you're trying to output. You can't just echo the query. Here's an example on how to get a row from the record returned.

$info=mysql_query($sql);
$row = mysql_fetch_assoc($info);
echo $row['some_column_name'];

mysql_fetch_assoc

Gem · November 23, 2009

Thanks AlexWD.

I will deal with the whole security things once I get it working.

I'm getting there ... so far we have got one record being displayed, but I need it to show all the results from the query ... does that make sense??

I.e. I know that I have won 2 trophys, and if you select Gem Gale, only one of them comes up ... any ideas what I'm doing wrong there??

<?php 

$conn = mysql_connect("80.94.196.33","gem","landseer") or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('bssql',$conn) or trigger_error("SQL", E_USER_ERROR);

$sql="SELECT pname FROM pname ORDER BY pname"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

    $id=$row["pname"]; 
    $thing=$row["pname"]; 
    $options.="<OPTION VALUE=\"$id\">".$thing.'</option>'; 
} 


?> 


<html>
<body>

<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<SELECT NAME=pname> 
<OPTION VALUE=0>Choose 
<?=$options?> 
</SELECT> 
<input type="submit" name="submit" value="submit">
</FORM>

<?php

if(isset($_GET['submit'])){
print stripslashes($_GET['pname']);    //this is where i need to get the rest of the information to display//

//

} 
$pname=$_GET['pname'];
$sql="select pname, award, aw_year
FROM pname, aw_result, award
WHERE pname.name_id=aw_result.pname_id
AND award.award_id=aw_result.award_id
AND pname='$pname'
ORDER BY aw_year"; 
$info=mysql_query($sql);
$row = mysql_fetch_assoc($info);
?><BR><?
echo $row['award'];?><BR><?
echo $row['aw_year'];

?>

</body>
</html>

Alex · November 23, 2009

If your query is returning more than one record you need to create a loop.

$info=mysql_query($sql);
while($row = mysql_fetch_assoc($info))
{
     echo $row['award'] . '<br />';
     echo $row['aw_year'] . '<br />';
}

Gem · November 23, 2009

of course!! :wtf: Im such an idiot!!

Thank you SO much (L)

XXX

PS: Cant find the SOLVED thingy, can someone close this pleaseeee xxxx

Alex · November 23, 2009

The topic solved mod hasn't been reinstalled since the forum update.

Sign In

Unexpected T_Variable ?

Recommended Posts

Gem

Link to comment

Share on other sites

Alex

Link to comment

Share on other sites

Gem

Link to comment

Share on other sites

Alex

Link to comment

Share on other sites

Gem

Link to comment

Share on other sites

Alex

Link to comment

Share on other sites

Gem

Link to comment

Share on other sites

Alex

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information