Jump to content

Recommended Posts

//entering new student into class table

if (isset($_POST['surname']) && isset($_POST['forename1']))

{

$surname = get_post('surname');

$surname = sanitizeString($surname);

$forename1 = get_post('forename1');

$forename1 = sanitizeString($forename1);

$forename2 = get_post('forename2');

$forename2 = sanitizeString($forename2);

$forename3 = get_post('forename3');

$forename3 = sanitizeString($forename3);

$title = get_post('title');

$title = sanitizeString('$title');

$gender = get_post('gender');

$gender = sanitizeString($gender);

$chosenFname= get_post('chosenFname');

$chosenFname= sanitizeString($chosenFname);

 

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

$result = mysql_query($query);

if(!$result) die (mysql_error());

}

 

 

Can anyone see a parse error in the above? I'm lost as to what is going on. When I stick this into my PHP it causes a parse error but says it a few lines down from the last bracket.

 

These are the functions it calls in at the start:

<?php //functions

function sanitizeString($var)

{

$var = stripslashes($var);

$var = htmlentities($var);

$var = strip_tags($var);

return ($var);

}

 

function get_post($var)

{

return mysql_real_escape_string($_POST[$var]);

}

?>

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/
Share on other sites

If you were using a decent IDE, it should have pointed this out for you... you're missing the ending " on this line:

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048927
Share on other sites

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

 

Furthermore, strip_tags will have no effect after htmlentities has been used on the string. Not that a MySQL database is vulnerable to anything HTML related though.

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048928
Share on other sites

 

thank you. I don't know how i missed that one! ::)

 

yup, will put code between the code tags. Didn't know about them.

 

Thanks for the pointers on my functions too.

 

I'm using Crimson Editor to create all my php. I didn't know IDE's could point out errors like this.

 

Which are peoples favourite IDE's?

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048934
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.