Parse error: syntax error, unexpected T_STRING in C:\blablah on line 31

[Namtip]

SET UP: Windows vista

# XAMPP 1.7.3,

# Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l

# MySQL 5.1.41 + PBXT engine

# PHP 5.3.1

# phpMyAdmin

 

After entering various different information from previous forms on different pages I finally get this error message "Parse error: syntax error, unexpected T_STRING in C:\blablah on line 31" on the following code:

 

<?php	

//let's start our session, so we have access to stored data
session_start();	

include 'db.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or 
    die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

//let's create the query
$query = 'INSERT INTO subscriptions (name, email_address, membership_type, terms_and_conditions,
			name_on_card,
			credit_card_number, credit_card_expiration_data)
		VALUES (
			"' . $_SESSION[$name, $db] . '",
			' . $_SESSION[$email_address, $db] . '",
			' . $_SESSION[$membership_type, $db] . '",
			' . $_SESSION[$terms_and_conditions, $db] . '",
			' . $_POST[$name_on_card, $db] . '",
			' . $_POST[$credit_card_number, $db] . '",
			' . $_POST[$credit_card_expiration, $db] . ')';

if (isset($query)) {
        $result = mysql_query($query, $db) or die(mysql_error($db));
}
?>
<p>Done!</p>
</body>
</html>

?>

Any help would be appreciated. I'm practicing this with the ambition to develop a multi-page registration using sessions for a website so even web pages that might help me with this aim would be good.

[sasa]

<?php	

//let's start our session, so we have access to stored data
session_start();	

include 'db.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or 
    die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

//let's create the query
$query = 'INSERT INTO subscriptions (name, email_address, membership_type, terms_and_conditions,
			name_on_card,
			credit_card_number, credit_card_expiration_data)
		VALUES (
			"' . $_SESSION[$name] . '",
			' . $_SESSION[$email_address] . '",
			' . $_SESSION[$membership_type] . '",
			' . $_SESSION[$terms_and_conditions] . '",
			' . $_POST[$name_on_card] . '",
			' . $_POST[$credit_card_number] . '",
			' . $_POST[$credit_card_expiration] . ')';

if (isset($query)) {
        $result = mysql_query($query, $db) or die(mysql_error($db));
}
?>
<p>Done!</p>
</body>
</html>

?>

[Namtip]

I opened a new browser (to clear the session info) and tested the code, even though it looks like you've just qoutedt he code back at me. Came back with the same error. I appreciate the effort though I'll read the post to see if I get any replies in an hour.

[PFMaBiSmAd]

The code that sasa posted corrected the fatal parse error, which I just tested.

 

If you got the same error, then you didn't actually change the code in the file that is being requested.

[PFMaBiSmAd]

Once you get past the basic php syntax errors in your code, you will find that the sql in your query also contains syntax errors.

 

Using string concatenation, where you are switching into/out-of a php quoted string and an sql quoted string repeatedly is very error prone because of the number of different elements mixed together and that it is hard to see what is the sql syntax and what is the php syntax.

 

If you use sprintf, it makes it easier and less error prone to build queries that have more than a few php variables in them. You can see what the sql syntax is and what the php syntax is because they are kept separate  -

 

$query = sprintf("INSERT INTO subscriptions (
			name, email_address, membership_type,
			terms_and_conditions, name_on_card,	credit_card_number,
			credit_card_expiration_data)
			VALUES ('%s','%s','%s','%s','%s','%s','%s')",
			$_SESSION['name'],
			$_SESSION['email_address'],
			$_SESSION['membership_type'],
			$_SESSION['terms_and_conditions'],
			$_POST['name_on_card'],
			$_POST['credit_card_number'],
			$_POST['credit_card_expiration']);

 

Also, doing this will easily allow you to see that you need to add mysql_real_escape_string() to the individual values that need it (to prevent sql injection and any sql special characters in the data from breaking your sql syntax and producing an sql error.)

[PaulRyan]

<?php	

//let's start our session, so we have access to stored data
session_start();	

include 'db.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or 
    die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

//let's create the query
$query = 'INSERT INTO subscriptions (name, email_address, membership_type, terms_and_conditions,
			name_on_card,
			credit_card_number, credit_card_expiration_data)
		VALUES (
			"' . $_SESSION[$name] . '",
			' . $_SESSION[$email_address] . '",
			' . $_SESSION[$membership_type] . '",
			' . $_SESSION[$terms_and_conditions] . '",
			' . $_POST[$name_on_card] . '",
			' . $_POST[$credit_card_number] . '",
			' . $_POST[$credit_card_expiration] . ')';

if (isset($query)) {
        $result = mysql_query($query, $db) or die(mysql_error($db));
}
?>
<p>Done!</p>
</body>
</html>

 

Well I can't believe no-one else spotted this, or am I missing the point?

Look on the very last line on your posted code for '?>'...

You added a close PHP tag but yet you haven't opened it, copy and paste the code above hopefully it will fix the error.

 

Thanks, Paul Ryan.

[Namtip]

Thanks guys got rid of the PHP error. Got a new SQL one immediately after it though, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '", )' at line 8".

 

I just need to surf the net for new things like "string concatenation",  "sprintf()" and try to learn how to debug sql. You might see another post from me tomorrow:)