elite_prodigy Posted March 24, 2008 Share Posted March 24, 2008 I don't understand where this error message is comming from: Parse error: syntax error, unexpected T_STRING in /home/david08/public_html/hasdsecret.co.cc/do_dirt.php on line 13 <?phpif ((!$_POST[alias]) || (!$_POST[article])) { header("Location: dirt_digger.html"); exit;}$conn = mysql_connect("localhost", "david08_dirt", "spartan") or die(mysql_error());mysql_select_db("david08_dirt",$conn) or die(mysql_error());$update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error());mysql_query($update_db,$conn) or die(mysql_error());$msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!";?><html><head><title>HASD Dirty Little Secrets</title><style type="text/css">@import url("http://www.hasdsecret.co.cc/styles/overall.css");</style></head><body bgcolor="#FFFFFF"><table class="main" border="0"> <tr> <td colspan="2"> <table class="logo" border="0"> <tr valign="top"> <td> <center><img src="http://www.hasdsecret.co.cc/images/header.jpg" /></center><br /> <embed src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" width="100" height="25" controls="smallconsole" autostart="true" loop="true" /> <noembed> <bgsound src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" loop="infinite"/> </noembed><br /> </td> </tr> </table> </td> </tr> <tr class="mid" valign="top"> <td class="nav"> <a href="http://www.hasdsecret.co.cc/index.html"> Home </a> <br /> <a href="http://www.hasdsecret.co.cc/secrets.html"> Dirty Little Secrets </a> <br /> <a href="http://www.hasdsecret.co.cc/staff.html">Staff</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger.html">Dirt Diggers</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.html">Dirt Diggers Archives</a> <br /> </td> <td class="body"> <h3> Article Submitted </h3><br /> <br /><?php echo $msg; ?><br /><br /><br />The article you submitted was successfully added to our database. You may view it <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.php">here</a>. </td> </tr> <tr class="bot" valign="top"> <td class="footer" colspan="2"> <center> <script type="text/javascript" src="http://x10hosting.com/adserve.js?corporate"></script><br /> Copyright © 2008 HASD Secrets and Their Volunteers<br /> All Outside Links and Articles are © Their Respective Owners<br /> </center> </td> </tr></table></body></html> Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 <?php $sql="insert into dirt_digger values ( '"{$_POST[alias]}'", "'{$_POST[title]}'", "'{$_POST[article]}'");?> Quote Link to comment Share on other sites More sharing options...
helraizer Posted March 24, 2008 Share Posted March 24, 2008 When all your code is on one line it's hard to find line 13 but it's because you have this <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> should be <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]')" or die(mysql_error()); // added second/end quote marks. mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 also inserting like that into a database is not safe try putting it in a variable and checking it like <?php $this=mysql_real_escape_string(trim(isset($_POST['this'])));?> insert like this: <?php $sql="insert into blah VALUES($this)");?> Quote Link to comment Share on other sites More sharing options...
elite_prodigy Posted March 24, 2008 Author Share Posted March 24, 2008 <?phpif ((!$_POST[alias]) || (!$_POST[article])) { header("Location: dirt_digger.html"); exit; } $conn = mysql_connect("localhost", "david08_dirt", "spartan") or die(mysql_error()); mysql_select_db("david08_dirt",$conn) or die(mysql_error()); $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; I just changed the password for that database, I forgot it was in plane sight! *smacks self* Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 24, 2008 Share Posted March 24, 2008 read my advice above for SQL injection protection Quote Link to comment Share on other sites More sharing options...
elite_prodigy Posted March 24, 2008 Author Share Posted March 24, 2008 read my advice above for SQL injection protection I have, but since I'm not password protecting any pages and since anyone is free tof make a submission, I don't see the necessity in protecting against injections. Unless I'm mistaken, then let me know. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 25, 2008 Share Posted March 25, 2008 it cuts down on database attacks that can be very harmful even if everyone is free to make submissions it helps clear up clutter and keeps unwanted code out of the database. Quote Link to comment Share on other sites More sharing options...
elite_prodigy Posted March 25, 2008 Author Share Posted March 25, 2008 Okay, I'll consider it, But I still need to remove the T_STRING error. Quote Link to comment Share on other sites More sharing options...
elite_prodigy Posted March 25, 2008 Author Share Posted March 25, 2008 When all your code is on one line it's hard to find line 13 but it's because you have this <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]') or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> should be <?php $update_db = "insert into dirt_digger values ('', '$_POST[alias]', '$_POST[title]', '$_POST[article]')" or die(mysql_error()); // added second/end quote marks. mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>$_POST[alias]</strong>. Your support and help wiht exposing Hempfield is appreciated!"; ?> Thanks! But now I have a different problem: Parse error: syntax error, unexpected T_STRING in /home/david08/public_html/hasdsecret.co.cc/dirt_digger_archive.php on line 13 <?php $get_articles = "select id, alias, article from dirt_digger"; $get_articles_res = mysql_query($get_articles,$conn) or die(mysql_error()); while ($article_info = mysql_fetch_array($get_articles_res)) { $alias = $article_info[alias]; $title = $article_info[title]; $article = $article_info[article]; $display_block .= "<h1 class="title">$title</h1><br /> $article <br /><br />Author:<br /><strong>$alias</strong><br /><br />"; //line 13 } ?> Quote Link to comment Share on other sites More sharing options...
helraizer Posted March 25, 2008 Share Posted March 25, 2008 <?php $get_articles = "select id, alias, article from dirt_digger"; $get_articles_res = mysql_query($get_articles,$conn) or die(mysql_error()); while ($article_info = mysql_fetch_array($get_articles_res)) { $alias = $article_info[alias]; $title = $article_info[title]; $article = $article_info[article]; $display_block .= "<h1 class="title">$title</h1><br /> $article <br /><br />Author:<br /><strong>$alias</strong><br /><br />"; //line 13 } ?> the reason is here "<h1 class="title">$title</h1>... You should either escape the quotes \" or use ' because your php variable is within "" - $display_block = "..." so when you came to the class you used "" again, which escaped the php variable.. change it to <?php $display_block .= "<h1 class='title'>".$title."</h1><br />". $article . "<br /><br />Author:<br /><strong>".$alias."</strong><br /><br />"; ?> Sam Quote Link to comment Share on other sites More sharing options...
conker87 Posted March 25, 2008 Share Posted March 25, 2008 I formatted it in a way I could read and corrected everything I could see wrong, hope you don't mind ^^ <?php if ((!$_POST['alias']) || (!$_POST['article'])) { header("Location: dirt_digger.html"); exit;} $conn = mysql_connect("localhost", "X", "X") or die(mysql_error()); mysql_select_db("X",$conn) or die(mysql_error()); $update_db = "insert into dirt_digger values ('', '$_POST['alias']', '$_POST['title']', '$_POST['article']')" or die(mysql_error()); mysql_query($update_db,$conn) or die(mysql_error()); $msg = "Thanks for your dirt, <strong>{$_POST['alias']}</strong>. Your support and help with exposing Hempfield is appreciated!"; ?> <html> <head> <title>HASD Dirty Little Secrets</title> <style type="text/css">@import url("http://www.hasdsecret.co.cc/styles/overall.css");</style> </head> <body bgcolor="#FFFFFF"> <table class="main" border="0"> <tr> <td colspan="2"> <table class="logo" border="0"> <tr valign="top"> <td><center><img src="http://www.hasdsecret.co.cc/images/header.jpg" /></center><br /> <embed src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" width="100" height="25" controls="smallconsole" autostart="true" loop="true" /><noembed><bgsound src="http://discussion.exofire.net/hasdsecret.co.cc/sound/bg_sound.mp3" loop="infinite"/></noembed><br /> </td> </tr> </table> </td> </tr> <tr class="mid" valign="top"> <td class="nav"> <a href="http://www.hasdsecret.co.cc/index.html"> Home </a> <br /> <a href="http://www.hasdsecret.co.cc/secrets.html"> Dirty Little Secrets </a> <br /> <a href="http://www.hasdsecret.co.cc/staff.html">Staff</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger.html">Dirt Diggers</a> <br /> <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.html">Dirt Diggers Archives</a> <br /> </td> <td class="body"> <h3> Article Submitted </h3><br /> <br /> <?php echo $msg; ?> <br /><br /><br />The article you submitted was successfully added to our database. You may view it <a href="http://www.hasdsecret.co.cc/dirt_digger_archive.php">here</a>. </td> </tr> <tr class="bot" valign="top"> <td class="footer" colspan="2"> <center><script type="text/javascript" src="http://x10hosting.com/adserve.js?corporate"></script><br /> Copyright © 2008 HASD Secrets and Their Volunteers<br /> All Outside Links and Articles are © Their Respective Owners<br /></center> </td> </tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.