Jump to content

parse error

freelance84

By freelance84
in PHP Coding Help

Recommended Posts

freelance84 Advanced Member

freelance84

Posted
Posted

//entering new student into class table

if (isset($_POST['surname']) && isset($_POST['forename1']))

{

$surname = get_post('surname');

$surname = sanitizeString($surname);

$forename1 = get_post('forename1');

$forename1 = sanitizeString($forename1);

$forename2 = get_post('forename2');

$forename2 = sanitizeString($forename2);

$forename3 = get_post('forename3');

$forename3 = sanitizeString($forename3);

$title = get_post('title');

$title = sanitizeString('$title');

$gender = get_post('gender');

$gender = sanitizeString($gender);

$chosenFname= get_post('chosenFname');

$chosenFname= sanitizeString($chosenFname);

 

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

$result = mysql_query($query);

if(!$result) die (mysql_error());

}

 

 

Can anyone see a parse error in the above? I'm lost as to what is going on. When I stick this into my PHP it causes a parse error but says it a few lines down from the last bracket.

 

These are the functions it calls in at the start:

<?php //functions

function sanitizeString($var)

{

$var = stripslashes($var);

$var = htmlentities($var);

$var = strip_tags($var);

return ($var);

}

 

function get_post($var)

{

return mysql_real_escape_string($_POST[$var]);

}

?>

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/
Share on other sites
simshaun Newbie

simshaun

Posted
Posted

If you were using a decent IDE, it should have pointed this out for you... you're missing the ending " on this line:

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

 

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048927
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Also, in sanitizeString $var = stripslashes($var); is not necessary.  If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

 

Furthermore, strip_tags will have no effect after htmlentities has been used on the string. Not that a MySQL database is vulnerable to anything HTML related though.

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048928
Share on other sites
freelance84 Advanced Member

freelance84

Posted
  • Author
Posted

 

thank you. I don't know how i missed that one! ::)

 

yup, will put code between the code tags. Didn't know about them.

 

Thanks for the pointers on my functions too.

 

I'm using Crimson Editor to create all my php. I didn't know IDE's could point out errors like this.

 

Which are peoples favourite IDE's?

Link to comment
https://forums.phpfreaks.com/topic/199836-parse-error/#findComment-1048934
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.