Jump to content

parse error

freelance84

By freelance84
in PHP Coding Help

 Share

Recommended Posts

freelance84 Advanced Member

freelance84

Posted
Posted

//entering new student into class table

if (isset($_POST['surname']) && isset($_POST['forename1']))

{

$surname = get_post('surname');

$surname = sanitizeString($surname);

$forename1 = get_post('forename1');

$forename1 = sanitizeString($forename1);

$forename2 = get_post('forename2');

$forename2 = sanitizeString($forename2);

$forename3 = get_post('forename3');

$forename3 = sanitizeString($forename3);

$title = get_post('title');

$title = sanitizeString('$title');

$gender = get_post('gender');

$gender = sanitizeString($gender);

$chosenFname= get_post('chosenFname');

$chosenFname= sanitizeString($chosenFname);

 

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

$result = mysql_query($query);

if(!$result) die (mysql_error());

}

 

 

Can anyone see a parse error in the above? I'm lost as to what is going on. When I stick this into my PHP it causes a parse error but says it a few lines down from the last bracket.

 

These are the functions it calls in at the start:

<?php //functions

function sanitizeString($var)

{

$var = stripslashes($var);

$var = htmlentities($var);

$var = strip_tags($var);

return ($var);

}

 

function get_post($var)

{

return mysql_real_escape_string($_POST[$var]);

}

?>

Link to comment
Share on other sites
simshaun Newbie

simshaun

Posted
Posted

If you were using a decent IDE, it should have pointed this out for you... you're missing the ending " on this line:

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

Link to comment
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

 

Furthermore, strip_tags will have no effect after htmlentities has been used on the string. Not that a MySQL database is vulnerable to anything HTML related though.

Link to comment
Share on other sites
freelance84 Advanced Member

freelance84

Posted
  • Author
Posted

 

thank you. I don't know how i missed that one! ::)

 

yup, will put code between the code tags. Didn't know about them.

 

Thanks for the pointers on my functions too.

 

I'm using Crimson Editor to create all my php. I didn't know IDE's could point out errors like this.

 

Which are peoples favourite IDE's?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.