...

View Full Version : Resolved unexpected T_VARIABLE



low tech
11-05-2010, 09:15 AM
Hello all


I know I have the following code wrong --- because I get unexpected Tvariable (I can only guess what that might mean)

I think I have misused the mysql_real_escape_string since several of the variables I have are integers

Questions are:
In this instance

Do I need to use the mysql_real_escape_string since i'm getting the variables from paypal?

If i need to use it for strings what do you do about integers?



$full_name = $_POST['last_name'];
$user_name = $_POST['first_name'];
$address = $_POST['address_street'];
$mc_gross = $_POST['mc_gross']; //integer
$country = $_POST['address_country_code'];
$txn_id = $_POST['txn_id']; //not sure--> 6JR189569R234043C
$date = $_POST['payment_date']; //inot sure--> 00:31:02 Nov 03 2010 PDT ??
$user_email = $_POST['payer_email'];
$pwd = mt_rand(1000, 9999); //integer
$approved = 1; //integer


mysql_query("INSERT INTO users (full_name, user_name, user_email, pwd, mc_gross, txn_id, address, country, date, approved)

VALUES('". mysql_real_escape_string($full_name) ."', '". mysql_real_escape_string($user_name) ."', '". mysql_real_escape_string($user_email) ."', '". md5($pwd) ."', '". mysql_real_escape_string($mc_gross) ."', '". mysql_real_escape_string($txn_id) ."', '". mysql_real_escape_string($address) ."', '". mysql_real_escape_string($country) ."', '".mysql_real_escape_string($date)."' '". mysql_real_escape_string($approved) ."' ) ") or die(mysql_error());

If somebody could help enlighten me as to the proper way to handle this i'd be much obliged.

LT

poyzn
11-05-2010, 09:19 AM
You should escape or filter all incoming data anyway course your script can be running from outside
by the way you've missed a comma in sql statement

'".mysql_real_escape_string($date)."' '". mysql_real_escape_string($approved) ."

low tech
11-05-2010, 09:25 AM
Thanks poyzn


I am trying to do that BUT I have the unexpected T_VARIABLE issue (what is it??)

I used the mysql_real_escape_string BUT I now se that they are not all strings

so what do I do about the variables that are not???

any ideas??

for example is this a string??

$txn_id = $_POST['txn_id']; //this is expected and i'm not sure data type--> 6JR189569R234043C

poyzn
11-05-2010, 09:31 AM
6JR189569R234043C

it's a string

I recommend to store dates in datetime format.

date("Y-m-d H:i:s")

low tech
11-05-2010, 09:36 AM
Ok thanks poyzn

So I guess my last question is what do I do about integers?

how do I escape or filter them if I can't use mysql_real_escape_string

LT

and what is an unexpected T_VARIABLE?

poyzn
11-05-2010, 09:38 AM
Ok thanks poyzn

So I guess my last question is what do I do about integers?

how do I escape or filter them if I can't use mysql_real_escape_string

LT

and what is an unexpected T_VARIABLE?

you can use php filter functions. You can read about them here (http://www.w3schools.com/php/php_ref_filter.asp)

low tech
11-05-2010, 09:56 AM
Hi poyzn

and thanks for the replies

Is this data also considered a string then?

00:51:02 Nov 03, 2010 PDT

if so I think I have my DB set up wrong in a couple of places:-(

LT

poyzn
11-05-2010, 10:09 AM
Hi poyzn

and thanks for the replies

Is this data also considered a string then?

00:51:02 Nov 03, 2010 PDT

if so I think I have my DB set up wrong in a couple of places:-(

LT

you can store it either as a string or in datetime format.
To convert to datetime use something like this

date("Y-m-d H:i:s", strtotime('00:51:02 Nov 03, 2010 PDT'))
storing in datetime will enable you to use mysql date functions

low tech
11-05-2010, 10:45 AM
Hi poyzn


Excellent

making some progress now

will have a go at your suggestion and see if I can make it work

thanks on the thank you button:-)

LT

Inigoesdr
11-06-2010, 12:08 AM
I am trying to do that BUT I have the unexpected T_VARIABLE issue (what is it??)

You generally get that error from forgetting to end your statements(ie. no semicolon at the end of the line), or some other syntax issue like missing a concatenation operator.

The error message will tell you the exact line the preparser realized there is an error, which is a good place to start, but the actual problem might be a few lines before.

low tech
11-06-2010, 12:57 AM
Thanks Inigoesdr

Actually, I made a few errors

I had the wrong data types in DB and I wasn't handling the data correctly from the start--- mainly DATE trouble.

Hence the errors unexpected T_VARIABLE.

I opened a new thread for that and was kindly helped out

if anybody has similar issue see
http://www.codingforums.com/showthread.php?t=208610


to all
thanks for the help

LT



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum