parse error

freelance84 · April 26, 2010

//entering new student into class table

if (isset($_POST['surname']) && isset($_POST['forename1']))

{

$surname = get_post('surname');

$surname = sanitizeString($surname);

$forename1 = get_post('forename1');

$forename1 = sanitizeString($forename1);

$forename2 = get_post('forename2');

$forename2 = sanitizeString($forename2);

$forename3 = get_post('forename3');

$forename3 = sanitizeString($forename3);

$title = get_post('title');

$title = sanitizeString('$title');

$gender = get_post('gender');

$gender = sanitizeString($gender);

$chosenFname= get_post('chosenFname');

$chosenFname= sanitizeString($chosenFname);

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

$result = mysql_query($query);

if(!$result) die (mysql_error());

}

Can anyone see a parse error in the above? I'm lost as to what is going on. When I stick this into my PHP it causes a parse error but says it a few lines down from the last bracket.

These are the functions it calls in at the start:

<?php //functions

function sanitizeString($var)

{

$var = stripslashes($var);

$var = htmlentities($var);

$var = strip_tags($var);

return ($var);

}

function get_post($var)

{

return mysql_real_escape_string($_POST[$var]);

}

?>

Maq · April 26, 2010

What's the error? Please use

tags around code.

simshaun · April 26, 2010

If you were using a decent IDE, it should have pointed this out for you... you're missing the ending " on this line:

$query = "INSERT INTO $tableName (surname,forename1,forename2,forename3,title,gender,chosenFname) VAULES('$surname','$forename1','$forename2',$forename3','$title','$gender','$chosenFname');

Also, in sanitizeString $var = stripslashes($var); is not necessary. If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

Daniel0 · April 26, 2010

Also, in sanitizeString $var = stripslashes($var); is not necessary. If magic quotes are on, you should be stripping slashes from all user data at the start of every page load (or better yet, turn magic quotes off.)

Furthermore, strip_tags will have no effect after htmlentities has been used on the string. Not that a MySQL database is vulnerable to anything HTML related though.

freelance84 · April 26, 2010

thank you. I don't know how i missed that one! ::)

yup, will put code between the code tags. Didn't know about them.

Thanks for the pointers on my functions too.

I'm using Crimson Editor to create all my php. I didn't know IDE's could point out errors like this.

Which are peoples favourite IDE's?

Maq · April 26, 2010

Check out this sticky:

http://www.phpfreaks.com/forums/index.php/topic,277416.0.html

simshaun · April 26, 2010

"Your favorite IDE" has been discussed a thousand times over. Doing a quick search here should reveal numerous posts discussing the subject, and InfoWorld has a particularly lengthy article on multiple IDE's.

freelance84 · April 26, 2010

ah cool.

cheers

Sign In

parse error

Recommended Posts

freelance84

Link to comment

Share on other sites

Maq

Link to comment

Share on other sites

simshaun

Link to comment

Share on other sites

Daniel0

Link to comment

Share on other sites

freelance84

Link to comment

Share on other sites

Maq

Link to comment

Share on other sites

simshaun

Link to comment

Share on other sites

freelance84

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information