Jump to content

RE: PHP SYNTAX ERROR ON LINE 203 / PREVENT HEADER INJECTION - 05.18.11

mrjap1

By mrjap1
in PHP Coding Help

 Share

Recommended Posts

mrjap1 Member

mrjap1

Posted
Posted

 

Hello,

 

I have a syntax error on line 203 that is causing my code NOT work.

Could someone please look at it and tell me what is wrong & more important how to fix it?

Below is what I am getting. This " ~ " is server path info

 

" Parse error: syntax error, unexpected $end in /~ /~ /~ /phptestform/real_form_processing.php on line 203"

 

Also, how do I prevent "header injection", to keep my mail form from being open to abuse by spammers?

 

thx

mrjap1

 

 

 


<?php # Script 

if (isset($_POST['submit'])) { // Handle the form.

// Register the user in the database.
require_once ('mysql_connect_page.php'); // Connect to the db.

// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
} // End of function.

$message = NULL; // Create an empty new variable.

// Check for a first name.
if (empty($_POST['first_name'])) {
$fn = FALSE;
$message .= '<p>You forgot to enter your first name... its Required!</p>';
} else {
$fn = escape_data($_POST['first_name']);
}

// Check for a last name.
if (empty($_POST['last_name'])) {
$ln = FALSE;
$message .= '<p>You forgot to enter your last name... its Required!</p>';
} else {
$ln = escape_data($_POST['last_name']);
}

// Check for an email address.
if (empty($_POST['email'])) {
$e = FALSE;
$message .= '<p>You forgot to enter your email address... its Required!</p>';
} else {
$e = escape_data($_POST['email']);
}

// Check for a address.
if (empty($_POST['address'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your address... its Required!</p>';
} else {
$u = escape_data($_POST['address']);
}

// Check for a country.
if (empty($_POST['country'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your country... its Required!</p>';
} else {
$u = escape_data($_POST['country']);
}


if ($salutation && $first_name && $last_name && $address && $city && $state_province && $zip_code && $email && $zip_code && $newsletter && $registration_date ) { // If everything's OK.

$query = "SELECT id FROM visitors WHERE address='$address'";	
$result = @mysql_query ($query); // Run the query.
if (mysql_num_rows($result) == 0) {
// Make the query. This code is what you will use to prevent duplicate of usernames
$query = "INSERT INTO  `mrjap1_database`.`visitors` (`id` , `salutation` , `first_name` , `last_name` , `address` ,
`city` , `state_province` , `zip_code` , `country` , `email` , `newsletter` , `registration_date`) VALUES (
NULL ,  '$_POST[salutation]',  '$_POST[first_name]',  '$_POST[last_name]',  '$_POST[address]',  '$_POST[city]',  '$_POST[state_province]',  '$_POST[zip_code]',  '$_POST[country]',  '$_POST[email]',  '$_POST[newsletter]', '$_POST[registration_date]' , NOW() )";	
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.

exit(); // Quit the script.

} else { // If it did not run OK.
$message = '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; 
}	

mysql_close(); // Close the database connection.

} else {
$message .= '<p>Please try again.</p>';	
} 
} // End of the main Submit conditional.

// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<?php

// ALL THE SUBJECT and EMAIL VARIABLES

$emailSubject = 'MY TEST EMAIL SCRIPTING!!! ';
$webMaster = '[email protected]';



// GATHERING the FORM DATA VARIABLES

$salutation = $_POST['salutation'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$address = $_POST['address'];
$city = $_POST['city'];
$state_province = $_POST['state_province'];
$zip_code = $_POST['zip_code'];
$country = $_POST['country'];
$email = $_POST['email'];
$newsletter = $_POST['newsletter'];
    $registration_date = $_POST['registration_date'];
$date = date ("l, F jS, Y");
    $time = date ("h:i A");



$body = <<<EOD
<br /><hr><br />
<strong>Salutation: </strong>$salutation <br />
<strong>First Name:</strong>$first_name <br />
<strong>Last Name: </strong>$last_name <br />
<strong>Address: </strong>$address <br />
<strong>City: </strong>$city <br />
<strong>State_Province: </strong>$state_province <br />
<strong>Zip Code: </strong>$zip_code <br />
<strong>Country: </strong>$country <br />
<strong>Email:</strong> $email <br />
<strong>Zip Code:</strong> $zip_code <br />
<strong>Newsletter:</strong> $newsletter <br />
<strong>Registration Date:</strong> $date at $time <br />
EOD;


// THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML

$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);


// THE RESULTS OF THE FORM RENDERED AS PURE HTML 

$theResults = <<<EOD
<!DOCTYPE HTML>
<html lang="en">
<head>
<style type="text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:11px;
font-weight:bold;
}

#thankyou_block {
width: 400px;
height: 250px;
text-align:center;
border: 1px solid #666;
padding: 5px;
background-color: #0CF;
border-radius:8px;
-webkit-border-radius:8px;
-moz-border-radius:8px;
-opera-border-radius:8px;
-khtml-border-radius:8px;
box-shadow:0px 0px 10px #000;
-webkit-box-shadow: 0px 0px 10px #000;
-moz-box-shadow: 0px 0px 10px #000;
-o-box-shadow: 0px 0px 10px #000;
margin: 25px auto;
}

p {
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
line-height: 18px;
letter-spacing:1px;
color: #333;
}

</style>
<meta charset="UTF-8">
<title>THANK YOU!!!</title>
</head>

<body>

<div id="thankyou_block">
<br><br><br>
<h1>CONGRATULATIONS!!</h1>
<h2>YOUR FORM HAS BEEN PROCESSED!!!</h2>
<p>You are now registered in our Database...<br>
we will get back to you very shortly.<br>
Please have a very wondeful day.</p>

</div>
</body>
</html>

EOD;
echo "$theResults"; 

?>

Fadion Newbie

Fadion

Posted
Posted

You have a missing brace, that's for sure, but your code is a mess, so I'm just guessing it's for the first if (if (isset($_POST['submit'])) { // Handle the form.). Just check if you've closed every brace and as you're on it, apply some indentation.

 

There are a few problems with your $theResults html output. I would put the whole HTML in a text or html file and use file_get_contents() to get it - it would clean the code a lot. Or better yet, I wouldn't print the whole HTML page with PHP - it is a very bad practice that makes code totally unreadable.

 

As for the header injection, try google as there are plenty of tutorials on that.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.