...

View Full Version : PHP Math



SBDTHRU
02-27-2010, 11:10 PM
I am having trouble getting this script to work. What I am trying to do: Get the
two form inputs ($reason & $prev) to subtract and take that number and send it to the database along with those ^. For example:

$reason = $10.00
$prev = $15.00
$dif = +$5.00

I really don't know where to start on this one. Any help is appreciated. Thanks.

masterofollies
02-27-2010, 11:25 PM
$prev = '15';
$reason = '10';
$dif = $prev - $reason;

echo 'There is a difference of $dif';

SBDTHRU
02-28-2010, 12:09 AM
$prev = '15';
$reason = '10';
$dif = $prev - $reason;

echo 'There is a difference of $dif';


The thing is the users input the numbers. (I had already tried something like that)

I had tried something like this.


$dif = $reason - $prev;
echo"$dif";

Whole code:

<?
ob_start();
include("config.php");
switch($_GET[act]){
default:
if($logged[username] && !$_POST[report]){
echo "
<form method=\"post\" action=\"report.php?act=do\">

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Website</b>: (<i>FullTilt, PokerStars, etc.</i>)<br />
<input type=\"text\" class=\"input\" name=\"user\" size=\"15\"><br />

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Current Bankroll</b>: (<i>ex. 152.65</i>)<br />$
<input type=\"text\" class=\"input\" name=\"reason\" size=\"15\"><br />

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Starting Bankroll</b>: (<i>ex. 68.25</i>)<br />$
<input type='text' class='input' name='prev' size='15'><br />

<input type=\"submit\" class=\"input\" name=\"report\" value=\"Report Bankroll\">
</form>
";
}else {
if(!$logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
}
}
$dif = $reason - $prev;
echo"$dif";
break;

case 'do':
if($logged[username] && $_POST[report]){
$user = stripslashes(htmlspecialchars($_POST[user]));
$reason = stripslashes(htmlspecialchars($_POST[reason]));
$prev = stripslashes(htmlspecialchars($_POST[prev]));
$dif = stripslashes(htmlspecialchars($_POST[dif]));
$date = date("d-m-y");
$errs = array();
if(empty($user)){
$errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Username<br />";
}
if(empty($reason)){
$errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Reason<br />";
}
if(count($errs) > 1){
foreach($errs as $oops){
echo "$oops";
}
}else{
$sql = "INSERT INTO reps(`username`,`reason`,`prev`,`dif`,`date`,`reported_by`) VALUES ('$user',$reason,$prev,$dif,'$date','$logged[username]')";
report == mysql_query( $sql );
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><meta http-equiv=\"Refresh\" content=\"10; URL=usercp.php\"/><center>Thank you <b>$user</b>, you are being redirected.</center><br>";
}
}elseif($logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Go Back And Submit The Form";
}elseif(!$logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
}
break;
}
?>

MattyUK
02-28-2010, 01:15 PM
Hi

I didn't look carefully at your code or test it however one thing stands out.


$myvar = stripslashes(htmlspecialchars($_POST['postVar']));

Would probably work as expected. Note the single quotes in the $_POST array value.



$myvar = stripslashes(htmlspecialchars($_POST[postVar]));

may not work.

Since the POST value will be a string you might want to read these functions:
http://us2.php.net/manual/en/function.is-float.php
http://us2.php.net/manual/en/function.is-numeric.php
http://us2.php.net/manual/en/function.floatval.php
http://us2.php.net/manual/en/function.intval.php
This can be interesting too:
http://php.net/manual/en/language.types.type-juggling.php
http://www.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting
http://www.php.net/manual/en/types.comparisons.php

So assuming the rest of the code is fine perhaps:

$prev = stripslashes(htmlspecialchars($_POST['prev']
then

$dif = intval($reason) - intval($prev);
That said you should really test that they actually entered numbers after all.


if(is_numeric($reason)&&is_numeric($prev))//otherwise what if they enter $15 instead of 15.
{
$dif = intval($reason) - intval($prev);
}
else
{
$dif = 'invalid input';
}
Or some such.

The above is untested, off the top of my head code early in the morning after a late night and before coffee. In short or not have caught everything, I may be wrong but that's what I could see easily.

SBDTHRU
02-28-2010, 07:11 PM
Hi

I didn't look carefully at your code or test it however one thing stands out.


$myvar = stripslashes(htmlspecialchars($_POST['postVar']));

Would probably work as expected. Note the single quotes in the $_POST array value.



$myvar = stripslashes(htmlspecialchars($_POST[postVar]));

may not work.

Since the POST value will be a string you might want to read these functions:
http://us2.php.net/manual/en/function.is-float.php
http://us2.php.net/manual/en/function.is-numeric.php
http://us2.php.net/manual/en/function.floatval.php
http://us2.php.net/manual/en/function.intval.php
This can be interesting too:
http://php.net/manual/en/language.types.type-juggling.php
http://www.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting
http://www.php.net/manual/en/types.comparisons.php

So assuming the rest of the code is fine perhaps:

$prev = stripslashes(htmlspecialchars($_POST['prev']
then

$dif = intval($reason) - intval($prev);
That said you should really test that they actually entered numbers after all.


if(is_numeric($reason)&&is_numeric($prev))//otherwise what if they enter $15 instead of 15.
{
$dif = intval($reason) - intval($prev);
}
else
{
$dif = 'invalid input';
}
Or some such.

The above is untested, off the top of my head code early in the morning after a late night and before coffee. In short or not have caught everything, I may be wrong but that's what I could see easily.

I tried what you posted. But it gave my a syntax error in PMA, it was around the date. So I just removed the date value all together and found that it didn't recieve the number. So either I didn't put the code in the right spot or there is something wrong. :P I am a total n00b so all I can do is guess.


<?
ob_start();
include("config.php");
switch($_GET[act]){
default:
if($logged[username] && !$_POST[report]){
echo "
<form method=\"post\" action=\"report.php?act=do\">

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Website</b>: (<i>FullTilt, PokerStars, etc.</i>)<br />
<input type=\"text\" class=\"input\" name=\"user\" size=\"15\"><br />

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Current Bankroll</b>: (<i>ex. 152.65</i>)<br />$
<input type=\"text\" class=\"input\" name=\"reason\" size=\"15\"><br />

<b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Starting Bankroll</b>: (<i>ex. 68.25</i>)<br />$
<input type='text' class='input' name='prev' size='15'><br />

<input type=\"submit\" class=\"input\" name=\"report\" value=\"Report Bankroll\">
</form>
";
}else {
if(!$logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
}
}
if(is_numeric($reason)&&is_numeric($prev))
{
$dif = intval($reason) - intval($prev);
}
else
{
$dif = 'invalid input';
}
break;

case 'do':
if($logged[username] && $_POST[report]){
$user = stripslashes(htmlspecialchars($_POST[user]));
$reason = stripslashes(htmlspecialchars($_POST[reason]));
$prev = stripslashes(htmlspecialchars($_POST[prev]));
$dif = stripslashes(htmlspecialchars($_POST[dif]));
$errs = array();
if(empty($user)){
$errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Username<br />";
}
if(empty($reason)){
$errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Reason<br />";
}
if(count($errs) > 1){
foreach($errs as $oops){
echo "$oops";
}
}else{
$sql = "INSERT INTO reps(`username`,`reason`,`prev`,`dif`,`reported_by`) VALUES ('$user',$reason,$prev,$dif,'$logged[username]')";
echo "DEBUG SQL: $sql<hr>";
report == mysql_query( $sql );
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><meta http-equiv=\"Refresh\" content=\"10; URL=usercp.php\"/><center>Thank you <b>$user</b>, you are being redirected.</center><br>";
}
}elseif($logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Go Back And Submit The Form";
}elseif(!$logged[username] && !$_POST[report]){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
}
break;
}
?>

Inigoesdr
02-28-2010, 07:54 PM
Have you tried something like this?

$reason = (float) trim($_POST['reason'], '$ ');
$prev = (float) trim($_POST['prev'], '$ ');
$diff = number_format($prev - $reason);

SBDTHRU
02-28-2010, 08:04 PM
Have you tried something like this?

$reason = (float) trim($_POST['reason'], '$ ');
$prev = (float) trim($_POST['prev'], '$ ');
$diff = number_format($prev - $reason);

Unless I didn't put it in the right spot, didn't work. :confused: If this would be easier, is there a way to make it so it shows up in the area where you view the numbers? (I have an admin panel where you view the 3 variables) Is there a way that in that file it just does the math, so it doesn't have to deposit to the DB at all? Ill post the code for that as well. (I have had a couple failed attempts to do this)


<?php
ob_start();
include("config.php");
switch($_GET[x]){
default:
if ($logged[username] && $logged[level] == Admin){
$get = mysql_query("SELECT * FROM reps") or die(mysql_error());
$gnum = mysql_num_rows($get);
if($gnum == 0){
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: There Are No Reports To Review";
}else{
echo "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'>There Are Currently $gnum Reports To Review<br>";
while($ec = mysql_fetch_array($get)){
echo "<table width='150' align='Left'>

<tr>
<td width='150' align='left' valign='top'>
<b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'></b><br />
&nbsp;<b>Reported By</b>: $ec[reported_by]
</td>
</tr>

<tr>
<td width='200' colspan='2' align='center' valign='top'>
<b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Current Bankroll</b>: <font type='verdana' size='2'><body link='black' alink='black' vlink='black'>$ec[reason]
</td>
</tr>

<tr>
<td width='200' colspan='2' align='center' valign='top'>
<b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Previous Bankroll</b>: <font type='verdana' size='2'><body link='black' alink='black' vlink='black'>$ec[prev]
</td>
</tr>

<tr>
<td width='350' colspan='3' align='center' valign='top'>
<b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Date Reported</b>:<br><font type='verdana' size='2'><body link='black' alink='black' vlink='black'> $ec[date]<br><a href='repcp.php?x=warn&y=$ec[username]'>Warn User</a>&nbsp;|&nbsp;<a href='repcp.php?x=delete&id=$ec[id]'>Delete</a>
</td>
</tr>
</table>";
}
}
}
break;
case 'warn':
if ($_GET[y]){
if(!$_POST[warn]){
echo "<form method='post'>
<b>Username</b>:<br />
<input type='text' name='user' class='input' value='$_GET[y]' readonly='readonly'><Br />
<b>Warn Reason</b>:<Br />
<textarea rows='5' cols='35' class='textarea' name='reason'></textarea><br />
<input type='submit' name='warn' value='Warn $_GET[y]'>
</form>";
}else{
$user = strip_tags(stripslashes($_POST[user]));
$reason = stripslashes(strip_tags($_POST[reason]));
$date = date("l, F d, Y");
mysql_query("INSERT INTO warnings (`user`,`reason`,`from`,`date`) VALUES ('$user','$reason','$logged[username]','$date')") or die(mysql_error()); //mysql query to insert or die
echo "$user Has Been Warned";
}
} else {
echo "<b>Error</b>: No User Selected";
}
break;
case 'delete':
if($_GET[id]){
mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());
echo "<meta http-equiv=\"Refresh\" content=\"0; URL=repcp.php\"/>Report Deleted. Redirecting...";
} else {
echo "<b>Error</b>: No Report Was Selected To Delete";
}
break;
}
?>

Inigoesdr
02-28-2010, 08:09 PM
I don't see anything like that in the code you posted. And you should know that script is incredibly insecure.

MattyUK
03-01-2010, 02:03 AM
Hi SBDTHRU

Ok, strictly as a learning aid I've prepared a very quick sample page for you that you might learn from whilst picking apart.


<?php

/*
Strictly as a learning exercise.
There is a lot wrong but this should give you enough to play with and learn from.
For example:
How will it cope if people enter in 1,200.00?
Perhaps you'll always want to round down... or always up.
Is it HTML or XHTML?
Should we really use $_SERVER["PHP_SELF"]?
How can you get it to always display the trailing zeros...
(http://php.net/manual/en/function.money-format.php)
Negative numbers?
Very very large numbers?
Extra junk entered by users?
...and so on.
*/

//get the values with some sanity filtering from POST.
//Note the single quotes around the POST value names (ALL of them that we use).
$prev = stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
$reason = stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
//We can only use them if they are valid numbers, so lets test
if(is_numeric($prev))
{ //yep a number
$prev = floatval($prev);
}
else
{ //nah, bad input so zero it out
$prev = 0.00;
}
if(is_numeric($reason))
{ //yep a number
$reason = floatval($reason);
}
else
{ //nah, bad input so zero it out
$reason = 0.00;
}
//the php math part
$dif = round($reason - $prev,2);

echo '<html><head></head><body><form method="post" action="'.$_SERVER["PHP_SELF"].'" >
<table width="400" border="1" cellpadding="5">
<tr><th colspan="2">Example</th></tr>
<tr>
<td align="right">Previous Value:</td><td><input type="text" maxlength="9" size="9" name="prev" value="$'.htmlspecialchars($prev).'"/></td>
</tr>
<tr>
<td align="right">Reasoned Value:</td><td><input type="text" maxlength="9" size="9" name="reason" value="$'.htmlspecialchars($reason).'"/></td>
</tr>
<tr>
<td align="right"><input type="reset" value="Reset"/></td><td><input type="submit" value="Update"/></td>
</tr>
<tr>
<td align="right">Difference:</td><td><input type="text" maxlength="9" size="9" name="dif" value="$'.htmlspecialchars($dif).'"/></td>
</tr>
</table>
</form></body></html>';

?>

Hope it helps.

Matty

SBDTHRU
03-01-2010, 03:51 AM
Hi SBDTHRU

Ok, strictly as a learning aid I've prepared a very quick sample page for you that you might learn from whilst picking apart.


<?php

/*
Strictly as a learning exercise.
There is a lot wrong but this should give you enough to play with and learn from.
For example:
How will it cope if people enter in 1,200.00?
Perhaps you'll always want to round down... or always up.
Is it HTML or XHTML?
Should we really use $_SERVER["PHP_SELF"]?
How can you get it to always display the trailing zeros...
(http://php.net/manual/en/function.money-format.php)
Negative numbers?
Very very large numbers?
Extra junk entered by users?
...and so on.
*/

//get the values with some sanity filtering from POST.
//Note the single quotes around the POST value names (ALL of them that we use).
$prev = stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
$reason = stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
//We can only use them if they are valid numbers, so lets test
if(is_numeric($prev))
{ //yep a number
$prev = floatval($prev);
}
else
{ //nah, bad input so zero it out
$prev = 0.00;
}
if(is_numeric($reason))
{ //yep a number
$reason = floatval($reason);
}
else
{ //nah, bad input so zero it out
$reason = 0.00;
}
//the php math part
$dif = round($reason - $prev,2);

echo '<html><head></head><body><form method="post" action="'.$_SERVER["PHP_SELF"].'" >
<table width="400" border="1" cellpadding="5">
<tr><th colspan="2">Example</th></tr>
<tr>
<td align="right">Previous Value:</td><td><input type="text" maxlength="9" size="9" name="prev" value="$'.htmlspecialchars($prev).'"/></td>
</tr>
<tr>
<td align="right">Reasoned Value:</td><td><input type="text" maxlength="9" size="9" name="reason" value="$'.htmlspecialchars($reason).'"/></td>
</tr>
<tr>
<td align="right"><input type="reset" value="Reset"/></td><td><input type="submit" value="Update"/></td>
</tr>
<tr>
<td align="right">Difference:</td><td><input type="text" maxlength="9" size="9" name="dif" value="$'.htmlspecialchars($dif).'"/></td>
</tr>
</table>
</form></body></html>';

?>

Hope it helps.

Matty

Your post was extremely helpful, and indeed I did learn a lot from it. But I had a few problems. I tried to see any errors and correct them. But there were things that I just couldn't get around.

This for one, was the first thing I ran into. The "" gives it a syntax error but when I try to avoid that by doing \"\" or '', it still has the same problem..


<form method="post" action="'.$_SERVER["PHP_SELF"].'" >

MattyUK
03-01-2010, 04:32 AM
Hi

I can't spot a single place where there is two double quotes "" but if so that would give you an error.

Assuming you pasted exactly as posted it should be fine. I tested before posting and did not get any errors or warnings.

Could you eyes be playing a trick. "' look like "" ? I did use a double quote followed by s single quote "' then the reverse a single quote followed by a double quote '" but never a double double quote "" unless I missed one.

The HTML output is a single quote encapsulated string (so it can contain double quotes without them needing escaping). Since a single quote string is a literal string it must be 'stopped and started' in order to 'insert' variables. But better this way than having the entire string parsed for variables and interpreted.



$myvar = "SOME EXTRA TEXT";
echo "some text and $myvar so that is it<br/>";//The variable is inserted
echo 'some text and $myvar so that is it<br/>';//The variable is not inserted
echo 'some text and '.$myvar.' so that is it<br/>';//The variable is inserted


So in this case:


echo '...
<form method="post" action="'.$_SERVER["PHP_SELF"].'">
...';

It is a single quote encapsulated string, that is stopped, then the variable joined onto the end of it with the . then it is started again and the rest of the string joined onto the end of that. The double quotes (not any double double quotes)are actually part of the output, not the encapsulation.

Inserting extra white space just so it reads easier:


echo '...
<form method="post" action=" ' . $_SERVER["PHP_SELF"] . ' ">
...';


You could post your version of the code with your error 'corrections' if you like, I might be able to point out what you changed but perhaps didn't need too.

Hope this helps.

Cheers,
Matty

PS: No need to quote the entire previous message every time you reply.

SBDTHRU
03-01-2010, 09:35 PM
Not sure if this is completely right... But I am also getting


Parse error: syntax error, unexpected T_CASE in /home/sbdthru/public_html/repcp.php on line 86

Code:


<?php
ob_start();
include("config.php");
switch($_GET[x]){
default:
if ($logged[username] && $logged[level] == Admin){
$get = mysql_query("SELECT * FROM reps") or die(mysql_error());
$gnum = mysql_num_rows($get);
if($gnum == 0){
$prev = stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
$reason = stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
//We can only use them if they are valid numbers, so lets test
if(is_numeric($prev))
{ //yep a number
$prev = floatval($prev);
}
else
{ //nah, bad input so zero it out
$prev = 0.00;
}
if(is_numeric($reason))
{ //yep a number
$reason = floatval($reason);
}
else
{ //nah, bad input so zero it out
$reason = 0.00;
}
//the php math part
$dif = round($reason - $prev,2);
echo '<form method="post" action="'.$_SERVER["PHP_SELF"].'" >
<font type="verdana" size="2"><body link="white" alink="white" vlink="white"><b>Error</b>: There Are No Reports To Review";
}else{
echo "<font type="verdana" size="2"><body link="white" alink="white" vlink="white">There Are Currently $gnum Reports To Review<br>";
while($ec = mysql_fetch_array($get)){
echo "<table width="500" align="center">

<tr>
<td width="150" align="left" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black"></b><br />
&nbsp;<b>Reported By</b>: $ec[reported_by]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Site</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[name]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Username</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[username]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Current Bankroll</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($reason).
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Previous Bankroll</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($prev).
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Bankroll Change</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($dif).
</td>
</tr>
<tr>

<td width="200" colspan="2" align="center" valign="top">
<font type="verdana" size="2"><body link="black" alink="black" vlink="black"><a href="repcp.php?x=delete&id=$ec[id]">Delete</a>
</td>
</tr>
</table>
<hr width="65%">';
}
}
}
break;
case 'delete':
if($_GET[id]){
mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());
echo "<meta http-equiv=\"Refresh\" content=\"0; URL=repcp.php\"/>Report Deleted. Redirecting...";
} else {
echo "<b>Error</b>: No Report Was Selected To Delete";
}
break;
}
?>

MattyUK
03-02-2010, 04:26 AM
Try removing the extra } on line 85.

Hope you don't use this approach on a production server. Just learning right?

ouch
mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());

Utterly, gigantic, huge "no no's" there (just at a glance).
http://en.wikipedia.org/wiki/SQL_injection

SBDTHRU
03-03-2010, 07:51 PM
Try removing the extra } on line 85.

Hope you don't use this approach on a production server. Just learning right?

ouch
mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());

Utterly, gigantic, huge "no no's" there (just at a glance).
http://en.wikipedia.org/wiki/SQL_injection

I will fix the security after I actually get it working. :P Any help with the file, besides the security...

MattyUK
03-04-2010, 01:22 AM
:P Any help with the file, besides the security...

Only what I've already posted in that same post. ;P I guess the security comment was a little distracting.



Try removing the extra } on line 85.

There may be other issues but that removed the parse error for me. I copied your code from the post into a file on my system then resolved the parse error with that one change.

I'd suggest you consider using notepad++, indenting traditionally then using the fold feature to examine the segments. I think you may need to double check the "switch and cases" and "else's" but I stopped looking after finding the parse error cause.

Best of luck.

Matty

PS: after another brief look:
Still issues with strings. You''ll need to learn/look at the differences between "test" and 'text'
Check out: http://php.net/manual/en/language.types.string.php
As mentioned before I believe the $_GET[x] is bad whereas $_GET['x'] should work, or even $_GET["x"]. NOTE the quotes. This goes for any GET, POST, REQUEST, SERVER, etc variable.
You are mixing GET and POST. They are very different. The form POSTS. Just pointing it out. It may be as you intended, I'm not sure.


Scripting is very detail orientated. Gotta check it all. ;)

SBDTHRU
03-04-2010, 02:38 AM
Getting the same error. Checked all the { } with JEdit. I did not make this code, just trying to edit it and learn as I go. If you could point out any specific errors that you see that would be great. I

<?php
ob_start();
include("config.php");
switch($_GET[x]){
default:
if ($logged[username] && $logged[level] == Admin){
$get = mysql_query("SELECT * FROM reps") or die(mysql_error());
$gnum = mysql_num_rows($get);
if($gnum == 0){
$prev = stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
$reason = stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
//We can only use them if they are valid numbers, so lets test
if(is_numeric($prev))
{ //yep a number
$prev = floatval($prev);
}
else
{ //nah, bad input so zero it out
$prev = 0.00;
}
if(is_numeric($reason))
{ //yep a number
$reason = floatval($reason);
}
else
{ //nah, bad input so zero it out
$reason = 0.00;
}
//the php math part
$dif = round($reason - $prev,2);
echo '<form method="post" action="'.$_SERVER["PHP_SELF"].'" >
<font type="verdana" size="2"><body link="white" alink="white" vlink="white"><b>Error</b>: There Are No Reports To Review";
}else{
echo "<font type="verdana" size="2"><body link="white" alink="white" vlink="white">There Are Currently $gnum Reports To Review<br>";
while($ec = mysql_fetch_array($get)){
echo "<table width="500" align="center">

<tr>
<td width="150" align="left" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black"></b><br />
&nbsp;<b>Reported By</b>: $ec[reported_by]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Site</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[name]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Username</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[username]
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Current Bankroll</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($reason).
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Previous Bankroll</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($prev).
</td>
</tr>

<tr>
<td width="200" colspan="2" align="center" valign="top">
<b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Bankroll Change</b>: <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($dif).
</td>
</tr>
<tr>

<td width="200" colspan="2" align="center" valign="top">
<font type="verdana" size="2"><body link="black" alink="black" vlink="black"><a href="repcp.php?x=delete&id=$ec[id]">Delete</a>
</td>
</tr>
</table>
<hr width="65%">';
}
}
}
break;
case "delete" :
if($_GET['id']){
mysql_query("DELETE FROM reps WHERE id = '$_GET['id']'") or die(mysql_error());
echo "<meta http-equiv=\"Refresh\" content=\"0; URL=repcp.php\"/>Report Deleted. Redirecting...";
} else {
echo "<b>Error</b>: No Report Was Selected To Delete";
}
break;
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum