elite_prodigy Posted March 24, 2008 Share Posted March 24, 2008 I don't understand where this error message is comming from: Parse error: syntax error, unexpected T_STRING in /home/david08/public_html/hasdsecret.co.cc/do_dirt.php on line 13 <?phpif ((!$_POST[alias]) || (!$_POST[article])) { header("Location: dirt_digger.html"); exit;}$conn = mysql_connect("localhost", "david08_dirt", "spartan") or die(mysql_error());mysql_select_db("david08_dirt",$conn) or die(mysql_error());$update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error());mysql_query($update_db,$conn) or die(mysql_error());$msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!";?><html><head><title>HASD Dirty Little Secrets</title><style type="text/css">@import url("http://www.hasdsecret.co.cc/styles/overall.css");</style></head><body bgcolor="#FFFFFF"><table class="main" border="0"> <tr> <td colspan="2"> <table class="logo" border="0"> <tr valign="top"> <td> <center><img src="http://www.hasdsecret.co.cc/images/header.jpg" /></center><br /> <embed src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" width="100" height="25" controls="smallconsole" autostart="true" loop="true" /> <noembed> <bgsound src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" loop="infinite"/> </noembed><br /> </td> </tr> </table> </td> </tr> <tr class="mid" valign="top"> <td class="nav"> <a href="http://www.hasdsecret.co.cc/index.html"> Home </a> <br /> <a href="http://www.hasdsecret.co.cc/secrets.html"> Dirty Little Secrets </a> <br /> <a href="http://www.hasdsecret.co.cc/staff.html">Staff</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger.html">Dirt Diggers</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.html">Dirt Diggers Archives</a> <br /> </td> <td class="body"> <h3> Article Submitted </h3><br /> <br /><?php echo $msg; ?><br /><br /><br />The article you submitted was successfully added to our database. You may view it <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.php">here</a>. </td> </tr> <tr class="bot" valign="top"> <td class="footer" colspan="2"> <center> <script type="text/javascript" src="http://x10hosting.com/adserve.js?corporate"></script><br /> Copyright © 2008 HASD Secrets and Their Volunteers<br /> All Outside Links and Articles are © Their Respective Owners<br /> </center> </td> </tr></table></body></html> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/ Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 <?php $sql="insert into dirt_digger values ( '"{$_POST[alias]}'", "'{$_POST[title]}'", "'{$_POST[article]}'");?> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499965 Share on other sites More sharing options...
helraizer Posted March 24, 2008 Share Posted March 24, 2008 When all your code is on one line it's hard to find line 13 but it's because you have this <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> should be <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]')" or die(mysql_error()); // added second/end quote marks. mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499967 Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 also inserting like that into a database is not safe try putting it in a variable and checking it like <?php $this=mysql_real_escape_string(trim(isset($_POST['this'])));?> insert like this: <?php $sql="insert into blah VALUES($this)");?> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499968 Share on other sites More sharing options...
elite_prodigy Posted March 24, 2008 Author Share Posted March 24, 2008 <?phpif ((!$_POST[alias]) || (!$_POST[article])) { header("Location: dirt_digger.html"); exit; } $conn = mysql_connect("localhost", "david08_dirt", "spartan") or die(mysql_error()); mysql_select_db("david08_dirt",$conn) or die(mysql_error()); $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; I just changed the password for that database, I forgot it was in plane sight! *smacks self* Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499971 Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 read my advice above for SQL injection protection Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499977 Share on other sites More sharing options...
elite_prodigy Posted March 24, 2008 Author Share Posted March 24, 2008 read my advice above for SQL injection protection I have, but since I'm not password protecting any pages and since anyone is free tof make a submission, I don't see the necessity in protecting against injections. Unless I'm mistaken, then let me know. Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499978 Share on other sites More sharing options...
darkfreaks Posted March 25, 2008 Share Posted March 25, 2008 it cuts down on database attacks that can be very harmful even if everyone is free to make submissions it helps clear up clutter and keeps unwanted code out of the database. Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499981 Share on other sites More sharing options...
elite_prodigy Posted March 25, 2008 Author Share Posted March 25, 2008 Okay, I'll consider it, But I still need to remove the T_STRING error. Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499984 Share on other sites More sharing options...
elite_prodigy Posted March 25, 2008 Author Share Posted March 25, 2008 When all your code is on one line it's hard to find line 13 but it's because you have this <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> should be <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]')" or die(mysql_error()); // added second/end quote marks. mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> Thanks! But now I have a different problem: Parse error: syntax error, unexpected T_STRING in /home/david08/public_html/hasdsecret.co.cc/dirt_digger_archive.php on line 13 <?php $get_articles = "select id, alias, article from dirt_digger"; $get_articles_res = mysql_query($get_articles,$conn) or die(mysql_error()); while ($article_info = mysql_fetch_array($get_articles_res)) { $alias = $article_info[alias]; $title = $article_info[title]; $article = $article_info[article]; $display_block .= "<h1 class="title">$title</h1><br /> $article <br /><br />Author:<br /><strong>$alias</strong><br /><br />"; //line 13 } ?> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-499991 Share on other sites More sharing options...
helraizer Posted March 25, 2008 Share Posted March 25, 2008 <?php $get_articles = "select id, alias, article from dirt_digger"; $get_articles_res = mysql_query($get_articles,$conn) or die(mysql_error()); while ($article_info = mysql_fetch_array($get_articles_res)) { $alias = $article_info[alias]; $title = $article_info[title]; $article = $article_info[article]; $display_block .= "<h1 class="title">$title</h1><br /> $article <br /><br />Author:<br /><strong>$alias</strong><br /><br />"; //line 13 } ?> the reason is here "<h1 class="title">$title</h1>... You should either escape the quotes \" or use ' because your php variable is within "" - $display_block = "..." so when you came to the class you used "" again, which escaped the php variable.. change it to <?php $display_block .= "<h1 class='title'>".$title."</h1><br />". $article . "<br /><br />Author:<br /><strong>".$alias."</strong><br /><br />"; ?> Sam Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-500380 Share on other sites More sharing options...
conker87 Posted March 25, 2008 Share Posted March 25, 2008 I formatted it in a way I could read and corrected everything I could see wrong, hope you don't mind ^^ <?php if ((!$_POST['alias']) || (!$_POST['article'])) { header("Location: dirt_digger.html"); exit;} $conn = mysql_connect("localhost", "X", "X") or die(mysql_error()); mysql_select_db("X",$conn) or die(mysql_error()); $update_db = "insert into dirt_digger values ('', '$_POST['alias']', '$_POST['title']', '$_POST['article']')" or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>{$_POST['alias']}</strong>. Your support and help with exposing Hempfield is appreciated!"; ?> <html> <head> <title>HASD Dirty Little Secrets</title> <style type="text/css">@import url("http://www.hasdsecret.co.cc/styles/overall.css");</style> </head> <body bgcolor="#FFFFFF"> <table class="main" border="0"> <tr> <td colspan="2"> <table class="logo" border="0"> <tr valign="top"> <td><center><img src="http://www.hasdsecret.co.cc/images/header.jpg" /></center><br /> <embed src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" width="100" height="25" controls="smallconsole" autostart="true" loop="true" /><noembed><bgsound src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" loop="infinite"/></noembed><br /> </td> </tr> </table> </td> </tr> <tr class="mid" valign="top"> <td class="nav"> <a href="http://www.hasdsecret.co.cc/index.html"> Home </a> <br /> <a href="http://www.hasdsecret.co.cc/secrets.html"> Dirty Little Secrets </a> <br /> <a href="http://www.hasdsecret.co.cc/staff.html">Staff</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger.html">Dirt Diggers</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.html">Dirt Diggers Archives</a> <br /> </td> <td class="body"> <h3> Article Submitted </h3><br /> <br /> <?php echo $msg; ?> <br /><br /><br />The article you submitted was successfully added to our database. You may view it <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.php">here</a>. </td> </tr> <tr class="bot" valign="top"> <td class="footer" colspan="2"> <center><script type="text/javascript" src="http://x10hosting.com/adserve.js?corporate"></script><br /> Copyright © 2008 HASD Secrets and Their Volunteers<br /> All Outside Links and Articles are © Their Respective Owners<br /></center> </td> </tr> </table> </body> </html> Link to comment https://forums.phpfreaks.com/topic/97709-unexpected-t_string/#findComment-500506 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.