...

View Full Version : Getting error, dunno the problem.



SBDTHRU
03-03-2010, 01:51 AM
I have recently gotten this in a couple of my files.. Can someone spot the error for me? I can't for the love of got figure it out.


<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] == Admin)
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
//these lines get the user's information and put it in an array.
//we will display the information in the html form
echo("<div align='center'><form method='POST'>
<table width='100%'>

<tr>
<td align='right' width='25%'>
<font type='verdana' size='2'>Add New Limit
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='stake'
value='$user[level]'></td>
</tr>
<tr>
<td align='center'>
</td>

<td align='left'>
<input type='submit' name='update' value='Submit'></td>
</tr>
</table>
</form>
</div>");
//displays the html form
}
else
{
$stake = htmlspecialchars($_POST[stake]);
// the above lines get rid of all html.
echo ("<meta http-equiv='REFRESH' content='1;url=http://gator44.hostgator.com/~sbdthru/admincp.php'>$_GET[user]'s profile has been updated.");
$update = mysql_query("location = 'stake = '$stake' where username = '$_GET[user]'");
// updates the information in the database.
}
else
{
echo("Sorry, but you are not allowed to view this page!");
}
?>


EDIT: Forgot the error. :P I checked all the } & { and couldn't find the problem


Parse error: syntax error, unexpected T_ELSE in /home/sbdthru/public_html/addgroup.php on line 32

PappaJohn
03-03-2010, 01:59 AM
There are 2 'else' clauses in your if-else statement block.

SBDTHRU
03-03-2010, 02:48 AM
There are 2 'else' clauses in your if-else statement block.

:T Removed one and still getting the same problem.


<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] == Admin)
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
//these lines get the user's information and put it in an array.
//we will display the information in the html form
echo("
<div align='center'><form method='POST'>
<table width='100%'>

<tr>
<td align='right' width='25%'>
<font type='verdana' size='2'>Add New Limit
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='stake'
value='$user[level]'></td>
</tr>
<tr>
<td align='center'>
</td>

<td align='left'>
<input type='submit' name='update' value='Submit'></td>
</tr>
</table>
</form>
</div>");
//displays the html form
else
{
$stake = htmlspecialchars($_POST[stake]);
// the above lines get rid of all html.
echo ("<meta http-equiv='REFRESH' content='1;url=http://gator44.hostgator.com/~sbdthru/admincp.php'>$_GET[user]'s profile has been updated.");
$update = mysql_query("location = 'stake = '$stake' where username = '$_GET[user]'");
// updates the information in the database.
}
}
?>

Please excuse my total n00bishness

bacterozoid
03-03-2010, 02:53 AM
You're missing the closing bracket.

Edit: And you have an extra one at the end of your file.

masterofollies
03-03-2010, 04:00 AM
Here you go, use this.


<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] == Admin)
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
//these lines get the user's information and put it in an array.
//we will display the information in the html form
echo "
<div align='center'><form method='POST'>
<table width='100%'>

<tr>
<td align='right' width='25%'>
<font type='verdana' size='2'>Add New Limit
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='stake'
value='$user[level]'></td>
</tr>
<tr>
<td align='center'>
</td>

<td align='left'>
<input type='submit' name='update' value='Submit'></td>
</tr>
</table>
</form>
</div>";
//displays the html form
}
else
{
$stake = htmlspecialchars($_POST[stake]);
// the above lines get rid of all html.
echo "<meta http-equiv='REFRESH' content='1;url=http://gator44.hostgator.com/~sbdthru/admincp.php'>$_GET[user]'s profile has been updated.";
$update = mysql_query("location = 'stake = '$stake' where username = '$_GET[user]'");
// updates the information in the database.

}
?>

_Aerospace_Eng_
03-03-2010, 05:16 AM
You should read up on mysql injection as your code is susceptible to it.

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum