Author | Message | Time |
---|---|---|
hismajesty | A friend and I are in the process of extending the features of a clan manegement system we're developing, while adding a feature to allow members to request to be allowed to go inactive I've run into a problem. Here is the outputed error: [quote]Parse error: parse error, expecting `','' or `';'' in /home/digitald/public_html/e1/members/requestia.php on line 36[/quote] Here is the code, and I don't beleive a ; is needed online 36 or anywhere near it, since all that does is end the echo statement. [code]<link rel="stylesheet" href="index.css"> <?php @include_once("functions.php"); SQLConnect(); if(USERNAME == "") { echo "You must be logged in to access this area."; } else { echo " <form action=\"\" method=post> <table width=75% align=center> <input type=hidden name=username value=\" . USERNAME . \"> <tr> <td id=header-footer colspan=2> Inactive Request </td> </tr> <tr> <td> Username </td> <td width=70%>" . USERNAME . "</td> </tr> <tr> <td> Time Needed Off </td> <td> <input type=text name=time value="" id=def_input> </td> </tr> <tr> <td> Describe Your Reason </td> <td> <textarea name=reason id=def_inputw rows=15></textarea> </td> </tr> <tr> <center> <td> <input type=submit name=submit value\"Submit\" /> </td> <td> <input type=reset> </td> </center> </tr> </table> </form>"; } $submit = $HTTP_POST_VARS[submit]; $username = $HTTP_POST_VARS[username]; $time = $HTTP_POST_VARS[time]; $reason = $HTTP_POST_VARS[reason]; $date2 = date("K j, Y"); $time2 = date("h:i:s T") if($submit != "" && (USERNAME != "")) { if($time != "" && $reason != "") { $query = "" . "INSERT INTO iareq VALUES ( '0', '$username', '$time', '$reason', '$date2', '$time2', );"; mysql_query($query) or die("Could not submit IA request - " . mysql_error()); echo "Your request of inactivity has been submitted."; } } ?>[/code] Thanks | April 13, 2004, 10:04 PM |
KoRRuPT | [quote]if($submit != "" && (USERNAME != "")) {[/quote] Should be $username, remember variables are case-sencitive $uSerName is not $username. [quote] $submit = $HTTP_POST_VARS[submit]; $username = $HTTP_POST_VARS[username]; $time = $HTTP_POST_VARS[time]; $reason = $HTTP_POST_VARS[reason]; [/quote] You have to put ['submit'], ['username'] etc. I could screw up your table because you are not verifying the content of the post vars for example for username I could put '; DELETE FROM iareq; and your sql query would turn into [code] INSERT INTO iareq VALUES ( '0', ''; DELETE FROM iaereq;', '$time', '$reason', '$date2', '$time2', ); [/code] You gotta make sure they dont put ' to mess your query up. Just... [code] $username = addslashes($HTTP_POST... [/code] it turns ' into \' There is WAY too many errors and bugs in your script. you have a SQL injection bug in your script... the list goes on. | April 13, 2004, 10:21 PM |
hismajesty | I use 'USERNAME' throughout my entire project, I'm not going to change it now. And with the stuff you listed, nothing is even remotely close to the error given. Thanks though, I'll look into some of that stuff. | April 13, 2004, 10:25 PM |
KoRRuPT | Yah, well it might not be close to the error. But like I said in the channel people can TOTALLY kill your mysql, and I explained it in the channel. No offense but that's actually the worst I've seen a PHP script, biggest mess. Your error is just the beginning of your prolbems. | April 13, 2004, 10:32 PM |
hismajesty | hmm ok, I'll just rewrite it then. | April 13, 2004, 10:33 PM |
hismajesty | For reference: I fixed the errors [code]<td> <input type=text name=time value="" id=def_input> </td>[/code] should have had value=\"\" and $time2 = date("h:i:s T") was missing a semi-colon | April 14, 2004, 12:22 AM |