Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts

    unexpected T_VARIABLE

    Hello all


    I know I have the following code wrong --- because I get unexpected Tvariable (I can only guess what that might mean)

    I think I have misused the mysql_real_escape_string since several of the variables I have are integers

    Questions are:
    In this instance

    Do I need to use the mysql_real_escape_string since i'm getting the variables from paypal?

    If i need to use it for strings what do you do about integers?


    PHP Code:
    $full_name $_POST['last_name'];
    $user_name $_POST['first_name'];
    $address $_POST['address_street'];
    $mc_gross $_POST['mc_gross']; //integer
    $country $_POST['address_country_code'];
    $txn_id $_POST['txn_id']; //not sure--> 6JR189569R234043C
    $date $_POST['payment_date']; //inot sure--> 00:31:02 Nov 03 2010 PDT ??
    $user_email $_POST['payer_email'];
    $pwd mt_rand(10009999); //integer
    $approved 1;   //integer


    mysql_query("INSERT INTO users (full_name, user_name, user_email, pwd, mc_gross, txn_id, address, country, date, approved)

     VALUES('"
    mysql_real_escape_string($full_name) ."', '"mysql_real_escape_string($user_name) ."', '"mysql_real_escape_string($user_email) ."', '"md5($pwd) ."', '"mysql_real_escape_string($mc_gross) ."', '"mysql_real_escape_string($txn_id) ."', '"mysql_real_escape_string($address) ."', '"mysql_real_escape_string($country) ."', '".mysql_real_escape_string($date)."' '"mysql_real_escape_string($approved) ."' ) ") or die(mysql_error()); 
    If somebody could help enlighten me as to the proper way to handle this i'd be much obliged.

    LT
    Last edited by low tech; 11-06-2010 at 05:00 AM.

  • #2
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    You should escape or filter all incoming data anyway course your script can be running from outside
    by the way you've missed a comma in sql statement
    '".mysql_real_escape_string($date)."' '". mysql_real_escape_string($approved) ."
    Last edited by poyzn; 11-05-2010 at 09:23 AM.

  • #3
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts
    Thanks poyzn


    I am trying to do that BUT I have the unexpected T_VARIABLE issue (what is it??)

    I used the mysql_real_escape_string BUT I now se that they are not all strings

    so what do I do about the variables that are not???

    any ideas??

    for example is this a string??

    $txn_id = $_POST['txn_id']; //this is expected and i'm not sure data type--> 6JR189569R234043C
    Last edited by low tech; 11-05-2010 at 09:27 AM.

  • #4
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    Quote Originally Posted by low tech View Post
    6JR189569R234043C
    it's a string

    I recommend to store dates in datetime format.
    PHP Code:
    date("Y-m-d H:i:s"
    Last edited by poyzn; 11-05-2010 at 09:35 AM.

  • #5
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts
    Ok thanks poyzn

    So I guess my last question is what do I do about integers?

    how do I escape or filter them if I can't use mysql_real_escape_string

    LT

    and what is an unexpected T_VARIABLE?

  • #6
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    Quote Originally Posted by low tech View Post
    Ok thanks poyzn

    So I guess my last question is what do I do about integers?

    how do I escape or filter them if I can't use mysql_real_escape_string

    LT

    and what is an unexpected T_VARIABLE?
    you can use php filter functions. You can read about them here

  • #7
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts
    Hi poyzn

    and thanks for the replies

    Is this data also considered a string then?

    00:51:02 Nov 03, 2010 PDT

    if so I think I have my DB set up wrong in a couple of places:-(

    LT

  • #8
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    Quote Originally Posted by low tech View Post
    Hi poyzn

    and thanks for the replies

    Is this data also considered a string then?

    00:51:02 Nov 03, 2010 PDT

    if so I think I have my DB set up wrong in a couple of places:-(

    LT
    you can store it either as a string or in datetime format.
    To convert to datetime use something like this
    PHP Code:
    date("Y-m-d H:i:s"strtotime('00:51:02 Nov 03, 2010 PDT')) 
    storing in datetime will enable you to use mysql date functions

  • Users who have thanked poyzn for this post:

    low tech (11-05-2010)

  • #9
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts
    Hi poyzn


    Excellent

    making some progress now

    will have a go at your suggestion and see if I can make it work

    thanks on the thank you button:-)

    LT
    Last edited by low tech; 11-06-2010 at 12:50 AM.

  • #10
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by low tech View Post
    I am trying to do that BUT I have the unexpected T_VARIABLE issue (what is it??)
    You generally get that error from forgetting to end your statements(ie. no semicolon at the end of the line), or some other syntax issue like missing a concatenation operator.

    The error message will tell you the exact line the preparser realized there is an error, which is a good place to start, but the actual problem might be a few lines before.

  • #11
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    850
    Thanks
    172
    Thanked 92 Times in 92 Posts
    Thanks Inigoesdr

    Actually, I made a few errors

    I had the wrong data types in DB and I wasn't handling the data correctly from the start--- mainly DATE trouble.

    Hence the errors unexpected T_VARIABLE.

    I opened a new thread for that and was kindly helped out

    if anybody has similar issue see
    trying to get data format for mysql


    to all
    thanks for the help

    LT


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •