Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2008
    Posts
    1

    Post Error When Open Form.

    hi all,

    script is:

    PHP Code:
    <?php
         
    require($_SERVER["DOCUMENT_ROOT"] ."/config/db_config.php");
         
    $connection = @mysql_connect($db_host$db_user$db_password) or die("error connecting");
         
    mysql_select_db($db_name$connection);

         
    $name $_POST["txt_name"];
         
    $len strlen($name);
         
    //Only write to database if there's a name
         
    if ($len 0)
         (
             
    $email $_POST["txt_email"];
             
    $comment $_POST["txt_comment"];
             
    $date time();

             
    $query "INSERT INTO guestbook (autoID, name, email, comment, date_auto) VALUES (NULL, '$name', '$email', '$comment', '$date')";
             
    mysql_query($query$connection) or die(mysql_error());
          )
    ?>
    <html>
    <head>
         <title>abc</title>
    </head>
    <body>
    <center>
    <form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
         <font face="arial" size="1">
             Name: <input type="text" name="txt_name">&nbsp;
             Email: <input type="text" name="txt_email"><br><br>
             Comment:<br>
             <textarea style="width: 75%" rows="10" name="txt_comment"></textarea>
             <center><input type="submit" value="Submit"></center>
         </font>
    </form>

    </center>
    </body>
    </html>
    when i browse this php file error: Parse error: parse error, unexpected ';' in c:\webroot\guestbook.php on line 12
    Last edited by Jennifer; 11-16-2008 at 12:11 PM. Reason: put in the codes tag.

  2. #2
    Join Date
    Apr 2004
    Location
    Phoenix, AZ
    Posts
    3,666
    This thread has been moved to a more appropriate forum.
    "I'm a great believer in luck, and I find the harder I work the more I have of it." -Thomas Jefferson


  3. #3
    Join Date
    Apr 2004
    Location
    Nr London, UK
    Posts
    831
    Code:
    if ($len > 0)
    (
    $email = $_POST["txt_email"];
    $comment = $_POST["txt_comment"];
    $date = time();
    
    $query = "INSERT INTO guestbook (autoID, name, email, comment, date_auto) VALUES (NULL, '$name', '$email', '$comment', '$date')";
    mysql_query($query, $connection) or die(mysql_error());
    )
    if() { // code } - the code contained within the if should be encapsulated within {} (curly) NOT ()

    A few other things:

    using user inputed data directly can result in SQL Injection enabling an attacker to execute arbitrary code on your site, and the clients browser. You have a serious problem here with this.

    Take some time to look up the following commands:

    mysql_real_escape_string()
    htmlentities()
    htmlspecialchars()
    strip_tags()

    Also, when using the forums, please use a code block [ CODE ] [ /CODE ] (without spaces), as it makes your code easier to read.

    Edit: One last thing:

    Code:
    require($_SERVER["DOCUMENT_ROOT"] ."/config/db_config.php");
    It would be better to just do:
    Code:
    require("../config/db_config.php");
    Depending on where your script is add more ../ to suit, so it looks OUTSIDE the DOCUMENT_ROOT, this is an added precaution as it means the web server cannot access db_config.php file directly.
    Last edited by martinco; 11-16-2008 at 12:00 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •