help finding "Parse error: syntax error, unexpected T_STRING"

**Dormilich** · Dec 16 '09, 06:38 AM

the apostrophe at offset 51 closes the string, after that you have to use the command end (;) or string concatenation operator (.).

and please please secure your SQL against SQL Injection (e.g. by means of mysql_real_esca pe_string())

**kovik** · Dec 16 '09, 12:53 PM

Line 13 is messed up a lot. Firstly, your query is invalid. It will return results, but not what you think. The WHERE clause requires a condition that each row that you want to select has to meet. If you were to say "WHERE 1", then all rows would be selected. If you were to say "WHERE `id` = 1", then only rows where "`id` = 1" is true would be selected. Conditions are more than just a single variable.

Secondly, you can't have the same type of quotation marks inside of the same type of quotation marks without escaping them (using the "\" character).

Thirdly, arrays do not use parentheses for subscript; they use brackets ("[" and "]").

Fourthly, all data in the $_POST array is user input. Therefore, it is unsafe in its raw form. Cleanse it using mysql_real_esca pe_string().

**riverdale1567** · Dec 18 '09, 01:03 PM

Reworked a little bit but now no error message, but

Hi, first let me say thank you to both of you for helping me, I really appreciate it. I have reworked it a little bit but now no error message, but just a echo of my heading only.
here are the 2 php scripts that are involved. Building Select try it out, plz

Code:

<?php
/*  Program name: buildSelect.php
 *  Description:  Program builds a selection list 
 *                from the database.
 */
?>
<html>
<head><title>Building info by state</title></head>
<body>
<?php
  $user="attorney_test";
  $host="localhost";
  $password="Baronj55";
  $database = "attorney_test";

  $cxn = mysqli_connect($host,$user,$password,$database)
         or die ("couldn't connect to server");
  $query = "SELECT DISTINCT bizState FROM BIZ_APARTMENTS ORDER BY bizState";
  $result = mysqli_query($cxn,$query)
            or die ("Couldn't execute query.");

 /* create form containing selection list */
  echo "<form action='processform2.php' method='POST'>
        <select name='b'>\n";

  while ($row = mysqli_fetch_assoc($result))
  {
     extract($row);
     echo "<option value='$bizState'>$bizState\n";
  }
  echo "</select>\n";
  echo "<input type='submit' value='Select State in which building is located'>
        </form>\n";
?>
</body></html>

here is the 2nd script

Code:

<?
$username="attorney_test";
$password="Baronj55";
$database="attorney_test";
$table="BIZ_APARTMENTS";  
$column="bizState";
ini_set('display_errors',1);
error_reporting(E_ALL);


mysql_connect("localhost",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM $table WHERE bizState='$_POST'";
$result=mysql_query($query);
$ret = mysql_query($query) or die(mysql_error());  
$num=mysql_numrows($result);

mysql_real_escape_string($result)
 mysql_close();
 
 
 
 echo "<b><center>Buildings in State</center></b><br><br>";
 
$i=0;
while ($i < $num) {
$name=mysql_result($result,$i,"bizName");
$address=mysql_result($result,$i,"bizAddress");
$city=mysql_result($result,$i,"bizCity");
$state=mysql_result($result,$i,"bizState");
$zip=mysql_result($result,$i,"bizZip");
$phone=mysql_result($result,$i,"bizPhone");
$email=mysql_result($result,$i,"bizEmail");
 
 echo "<b>Name: $name</b><br>Phone: $phone<br>Type: $type<br>Address: $address<br>City: $city<br>State: $state<br>Zip: $zip<br>Email:$email<br>";

$i++;
 }

 
 ?>

thanks again for all the help, having actual human break it down for you is invaluable.

**kovik** · Dec 18 '09, 01:32 PM

You're going to have to be more clear abt what the error is if you want more help.

**riverdale1567** · Dec 18 '09, 01:41 PM

Hi Kovik
I am not sure what my error is exactly now, when I go to my first page Building Select and select a state from the drop down. On the following , 'results' page all i get is the page heading and nothing else.
My goal of the 2 scripts is to be able to select a state from the first script then display all the apartment buildings from that state in the second script.
I hope this clarifies.
Thanks a lot, I really appreciate the help.

**kovik** · Dec 18 '09, 01:52 PM

Code:

$query="SELECT * FROM $table WHERE bizState='$_POST'";

You do realize that $_POST is an array, right? print_r() $_POST and see what it gives you. You should know where to go from there.

Also, all data in the $_POST array is user input. As such, you have to cleanse or validate the data. For textual input, mysql_real_esca pe_string() will come in handy.

**Dormilich** · Dec 18 '09, 01:58 PM

you may additionally want to look into PHP Filter Functions.

**kovik** · Dec 18 '09, 02:00 PM

Originally posted by Dormilich

you may additionally want to look into PHP Filter Functions.

How long have you been hiding this little treasure from us? o.O
I love PHP. :D

**Dormilich** · Dec 18 '09, 02:07 PM

wait until I rant about Prepared Statements again.

**kovik** · Dec 18 '09, 02:11 PM

OMFG! That is the syntax that my query() function in my database uses. o.o

Code:

/**
 * Query the database
 * @param string Database query
 * @param array Values to substitute into query
 * @return Vol_Database_MySql
 */
public function query($query, array $substitutions);

Replaces values from $substitutions into the places that question marks are in $query (using mysql_real_esca pe_string and typecasting of numeric values). I thought it was clever and original >.<

**riverdale1567** · Dec 18 '09, 02:43 PM

when i do print r() i get back the the data from the array...

for instance if i select Iowa, i get back 'Array ( [b] => IA )' What does the 'b' before the '=>' stand for? Also how do i get the post data to be used as part of the 'where' so that only rows with column 'bizState' matching $_POST are pulled.

I plead my massive ignorance as I try to teach myself here. Again many thanks for your patience.
thank you,thank you,thank you,thank you...

**kovik** · Dec 18 '09, 02:47 PM

"Array ( [b] => IA )" means that the array has an element at index "b" that has the value "IA".

In order to access th value "IA", you want to access the "b" index. So, your query should be:

Code:

$query = "SELECT * FROM $table WHERE bizState='"
       . mysql_real_escape_string($_POST['b']) . "'";

**riverdale1567** · Dec 18 '09, 03:25 PM

how freakin cool, it actually WORKS!!!

Can I Pick Your Brains A Little Further?...

Can you give me a general idea on how I could take these results and turn them into a page full of links each one pointing to a separate page for each result.
I think i understand a little how to concatenate together a url from the results, but do i point it to a template or something to generate a gazillion pages from the results or what?
Many thanks from a newbie fumbling in the dark.

**kovik** · Dec 18 '09, 03:35 PM

You'll likely want to make use of the query string. The query string is the part of a URL that is followed by a question mark (?). It is a series of variables and values that will exist in the $_GET array. Example:

Code:

// index.php
$result = mysql_query("select `id`, `name` from `table`");

while ($data = mysql_fetch_object($result)) {
    echo '<a href="item.php?id=', $result->id, '">', $result->name, '</a>';
}

Code:

// item.php
$item = null;

if (isset($_GET['id'])) {
    $id = (int)$_GET['id'];
    $result = mysql_query("select * from `table` where `id` = {$id}");
    $item = mysql_fetch_object($result);
}

if (!$item) {
    echo 'Invalid item.';
} else {
    echo 'Item name: ', $item->name;
}

help finding "Parse error: syntax error, unexpected T_STRING"

help finding "Parse error: syntax error, unexpected T_STRING"

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment