Help with code: 'PHP_SELF' and 'Submit'

[vickie]

I've made some headway updating old code, but still have 2 problems. Can someone tell me what is wrong with the code lines below?

 

First error:  Parse error: syntax error, unexpected '?' ....line xx

line xx: <form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post">

 

Second error: Notice: Undefined variable: submit in .... on line xxx

line xxx: <?if ($submit) {$query="SELECT * from members WHERE id = $_GET[id]";.......

[kenrbnsn]

The code you have depended on register_globals being enabled in the php.ini file. This hasn't been the case in over 5 years.

 

You can can the form submit to the same script by just making the action null:

<form action="?p=login" method="post">

 

The other cast is fixed by referencing the value via the $_POST super global array:

<?php
if (isset($_POST['submit'])) {
?>

 

Also, you probably want to start using long tags "<?php" instead of short tags "<?" to start your PHP scripts.

 

Ken

[vickie]

Thanks for the quick reply!  One down.... it worked, and one still needs some help:

 

still get parse error: Parse error: syntax error, unexpected '='

for this code: <form action="?p=login" method="post">

 

I tried spacing but that didn't work. Any ideas?

[kenrbnsn]

Can you post more of the code surrounding that line.  It sounds like you're missing a quote somewhere.

 

Please put the code between

tags.

 

Ken

[vickie]

Thanks for your continued help Ken.  Here is the code that I'm struggling to update:

<?if (!$submit)
{echo" 
<table cellspacing=2 align=center valign=center bgcolor=f5f5dc>
<form action="?p=login" method="post" >

<align=center>xx title xx
  <br /><br /><tbody ><td>   
  
   Enter Your Member ID
</td>
<td><input type=text name=id size=15 />
</td>
</tr>
<tr>
<td class=name>
Enter Password
</td>
<td>
<input type=password name=pass size=15 />
</td>
</tr>
<tr>
<td>
<input type=submit value=Submit name=submit /><br /><br />
</td>
</tr>
  </form>
</table>      
";   }      	
elseif (!$id)   
{      echo" Please enter valid ID <A href='javascript:history.back()'>click here</A> to go back";   }   	
elseif ($id) 
{	$query="select * from members where ID='$id'";		
$data = $sql->Query($query);		
for ($i = 0; $i < $sql->rows; $i++) 			
{			$sql->Fetch($i);			
$dpass=$sql->data[1];					
}							
$cpass=crypt($pass, substr($pass,0,2));						
if ($dpass==$cpass)							
{				
?>
----content----
footer and end code:
<div id="footer">
<?php
@readfile('http://www.website.com/ssi/ssi-footer.html');
?></li>

<?}else echo" Password is not valid. Please re-enter your password <A href='javascript:history.back()'>click here</A> to go back";} ?>

[kenrbnsn]

You're surrounding the string you want to echo with double quotes and there are double quotes in the string which terminate it early giving you the error. Just use single quotes inside the string:

<?php
if (!$submit)
{echo" 
<table cellspacing=2 align=center valign=center bgcolor=f5f5dc>
<form action='?p=login' method='post' >

<align=center>xx title xx
  <br /><br /><tbody ><td>   
  
   Enter Your Member ID
</td>
<td><input type=text name=id size=15 />
</td>
</tr>
<tr>
<td class=name>
Enter Password
</td>
<td>
<input type=password name=pass size=15 />
</td>
</tr>
<tr>
<td>
<input type=submit value=Submit name=submit /><br /><br />
</td>
</tr>
  </form>
</table>      
";   }
?>

 

The better solution (IMHO) is to leave PHP, write plain HTML and re-enter PHP instead of using the echo statement:

<?php
if (!isset($_POST['submit']))
{ ?>
<table cellspacing="2" align="center" valign="center" bgcolor="f5f5dc">
<form action="?p=login" method="post" >

<align="center">xx title xx
  <br /><br /><tbody ><td>   
  
   Enter Your Member ID
</td>
<td><input type="text" name="id" size="15" />
</td>
</tr>
<tr>
<td class="name">
Enter Password
</td>
<td>
<input type="password" name="pass" size="15" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="Submit" name="submit" /><br /><br />
</td>
</tr>
  </form>
</table>      
<?php   }
?>

 

Ken

[vickie]

Ken, making progress...I changed the table as you suggested, but what do I do about this code below which is at the bottom of the table?

When I process the page, the error is:

Notice: Undefined variable: id.....line 77

which is this:

{  $query="select * from members where ID='$id'";     

 

";   }      	
elseif (!$id)   
{      echo" Please enter valid ID 
<A href='javascript:history.back()'>click here</A>
to go back";   }   	
elseif ($id) 
{	$query="select * from members where ID='$id'";		
$data = $sql->Query($query);		
for ($i = 0; $i < $sql->rows; $i++) 			
{	$sql->Fetch($i);			
$dpass=$sql->data[1];					
}							
$cpass=crypt($pass, substr($pass,0,2));						
if ($dpass==$cpass)							
{				
?>

 

[Ninjakreborn]

Post the entire code. It looks like your missing an ending tag but I can't tell until I see the full code.

[vickie]

<?php
if (!isset($_POST['submit']))
{ ?>
<table cellspacing="2" align="center" valign="center" bgcolor="f5f5dc">
<form action="?p=login" method="post" >

<align="center">Members
  <br /><br /><tbody ><td>   

   Enter Your Member ID
</td>
<td><input type="text" name="id" size="15" />
</td>
</tr>
<tr>
<td class="name">
Enter Password
</td>
<td>
<input type="password" name="pass" size="15" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="Submit" name="submit" /><br /><br />
</td>
</tr>
  </form>
</table>     
<?php   }
?>

<?php

{      echo" Please enter valid ID <A href='javascript:history.back()'>click here</A> to go back";   }      

{   $query="select * from members where ID='$id'";      
$data = $sql->Query($query);      
for ($i = 0; $i < $sql->rows; $i++)          
{         $sql->Fetch($i);         
$dpass=$sql->data[1];               
}                     
$cpass=crypt($pass, substr($pass,0,2));                  
if ($dpass==$cpass)                     
{            
?>

[JasonO]

It seems you are using the curly brackets for more than whats required.

 

You only need them when you have things like if, else, while, for etc etc.

 

<?php if (!isset($_POST['submit'])) { ?>

<table cellspacing="2" align="center" valign="center" bgcolor="f5f5dc">
<form action="?p=login" method="post" >

<align="center">Members
  <br /><br /><tbody ><td>   

   Enter Your Member ID
</td>
<td><input type="text" name="id" size="15" />
</td>
</tr>
<tr>
<td class="name">
Enter Password
</td>
<td>
<input type="password" name="pass" size="15" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="Submit" name="submit" /><br /><br />
</td>
</tr>
  </form>
</table>     
<?php } ?>

<?php
echo" Please enter valid ID <A href='javascript:history.back()'>click here</A> to go back";

$query="select * from members where ID='$id'";      
$data = $sql->Query($query);      
for ($i = 0; $i < $sql->rows; $i++)          
{
   $sql->Fetch($i);         
   $dpass=$sql->data[1];               
}                     
$cpass=crypt($pass, substr($pass,0,2));                  
if ($dpass==$cpass)                     
{            
// Code is cut off?
?>

 

Couldn't understand the last bit, it looks like its cut off or something.

[vickie]

So much fun...figuring out this outdated code.  I'm now getting a parse error: syntax error, unexpected $end --which is the last line of code.

 

The only other code is what follows at the end of the page...any suggestions?

<div id="footer">
<?php
@readfile('http://www.website/ssi/ssi-footer.html');
?></li>

<?php { echo" Password is not valid. Please re-enter your password 
<A href='javascript:history.back()'>click here</A> to go back";
}
?>
</div>
</body>
</html>

[kenrbnsn]

That error happens when you have unbalanced quotes or curly braces "{ }".

 

Ken

[vickie]

Okay, figured out the brackets...still a recurring error below.  What am I doing wrong?

 

Please enter valid ID click here  to go back

Notice: Undefined variable: id in /Applications/MAMP/htdocs/...on line 78

Error: Unable to perform query: select * from members where ID='' :Table 'members' doesn't exist

 

Line 78: {  $query="select * from members where ID='$id'"; 

 

So I tried the backslash to separate the quotes:

Line 78: {  $query="select * from members where ID=\'$id\'"; 

 

But that resulted in this error:

Please enter valid ID click here  to go back

Notice: Undefined variable: id in /Applications/MAMP/htdocs/xxxxl on line 78

Error: Unable to perform query: select * from members where ID=\'\' :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\'' at line 1 

 

I'm using 5.1.44 mysql.  Any advice?

[kenrbnsn]

Since the value of "id" is coming from the posted form, you need to get it from the $_POST super global array. It should be sanitized before using, since we never trust user input, so try something like this:

<?php
$query="select * from members where ID='" . mysql_real_escape_string($_POST['id']) . "'";
?>

 

Ken

[vickie]

Making progress...thanks for your continued help!  Now the error reads:

 

Error: Unable to perform query: select * from members where ID='9000' :Table 'name' doesn't exist

 

So does this have to do with the code at the top of this page?

<?php
require('admin2/admin2.php');$sql=new MySQL_class;$sql->Create("xxx");
?>

 

Do I need to look at admin2.php for old code???