fullyloaded Posted August 12, 2012 Share Posted August 12, 2012 Hi, I have a big favor to ask, first anyone know why im getting this erro on line 4? Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in on line 4 and also im new to PDO and not that great at php is there anything in my code i should change to make it better? thanks. require("db.php"); $query = "SELECT * FROM users WHERE user = '$_SESSION['user']' AND pass = '$_SESSION['pass']'"; $query_params = array( ':user' => $_POST['user'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } if ($row = $stmt->fetch($result)){ $userid = mysql_result($result, 0, 'id'); $_SESSION['id'] = $id; $user_current_level = $row["userlevel"]; if ($reqlevel == 0 && $row["userlevel"] > 0){ header("Location: error"); exit(); }else{ if ($row["userlevel"] < $reqlevel && $row["userlevel"] > 0){ header("Location: levelerror"); exit(); } } if ($reqlevel == 0 && $row["userlevel"] > 0){ header("Location: error"); exit(); }else{ if ($row["userlevel"] < $reqlevel && $row["userlevel"] > 0){ header("Location: levelerror"); exit(); } } }else{die("<meta http-equiv='refresh' content='0;url=mysite.com'>"); } $user_currently_loged = htmlspecialchars($_SESSION["id"],ENT_NOQUOTES); $user_currently_loged = str_replace ('\"', """, $user_currently_loged); $user_currently_loged = str_replace ("\'", "'", $user_currently_loged); $user_currently_loged_plain = $_SESSION['user']; if ($user_current_level < 0){ $user_current_Rank = "Adminstrator"; }else{ $user_current_Rank = $ranks[$user_current_level]; } $query = "SELECT * FROM mymsgs WHERE sent = $_SESSION['user']"; $query_params = array( ':sent' => $_POST['sent'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $user_current_ammount_new = $stmt->fetch($result); Link to comment https://forums.phpfreaks.com/topic/266992-parse-error-syntax-error-unexpected/ Share on other sites More sharing options...
requinix Posted August 13, 2012 Share Posted August 13, 2012 "$_SESSION['user']" If you don't use {}s with the variable then you do not include quotes in the array key. "$_SESSION[user]" Include the quotes only with {}s. "{$_SESSION['user']}" "${_SESSION['user']}" Link to comment https://forums.phpfreaks.com/topic/266992-parse-error-syntax-error-unexpected/#findComment-1368874 Share on other sites More sharing options...
fullyloaded Posted August 13, 2012 Author Share Posted August 13, 2012 Hi, thank you very much, that fixed my problem. Link to comment https://forums.phpfreaks.com/topic/266992-parse-error-syntax-error-unexpected/#findComment-1368935 Share on other sites More sharing options...
Christian F. Posted August 13, 2012 Share Posted August 13, 2012 This is how I'd done it. Not only does it evade the problem of the quotes (and poor syntax, imho), but it also makes escapes output to prevent against SQL injections: $query = "SELECT * FROM users WHERE user = '%s' AND pass = '%s'"; $query = sprintf ($query, mysql_real_escape_string ($_SESSION['user']), mysql_real_escape_string ($_SESSION['pass'])); PS: Note that MySQL is deprecated, and that you should use MySQLi. Link to comment https://forums.phpfreaks.com/topic/266992-parse-error-syntax-error-unexpected/#findComment-1369012 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.