cant find my error

puglover · 11-05-2009, 04:10 AM

i need to add data to my database and when i added everything after isset the page stopped working...i get this error...
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/students/got5758/public_html/hmwk7.php on line 35
ive been looking for my error for hours...maybe someone here can find it..it wud be greatly appreciated..oh and before asked..yes i am connected to my db..just left it out of this code

Code:

<html>
<head>
<title>
</title>
</head>
<body>
<h3>Add a new product to the Inventory</h3>
<form method="post" action="<?php $_SERVER['php_self'];?>">

Enter Category<br />
<input type="text" name="category" size="20"><p />

Enter Product Name<br />
<input type="text" name="pro_name" size="20"><p />

Enter Price<br />
<input type="text" name="price" size="20"><p />

Enter Amount On-Hand<br />
<input type="text" name="onhand" size="20"><p />

<input type="hidden" name="do_php" value="true">
<input type="submit" value="Add Product">
</form>
<?php
if( isset($_POST['do_php'] ) )
{
	$in_query = "insert into Inventory values(";
	$in_query .= "NULL,'" .$_POST['category']. "',";
	$in_query .= "'" .$_POST['pro_name'] ."','" . $_POST['price'] ."'";
	$in_query .= "," . $_POST['onhand']")";
	
	$in_result = mysql_query( $in_query )
		or die("Could not connect" . mysql_error() );
	
	if( !$in_result )
		echo "Sorry, an error occurred\n";
	else
		echo "New Inventory was successfully added to the database!";
}
?>
</body>
</html>

Fou-Lu · 11-05-2009, 04:43 AM

Fresh set of eyes:

PHP Code:


			
$in_query .= "," . $_POST['onhand']")";

You're missing a '.' right after the onhand index access:

PHP Code:


			
$in_query .= "," . $_POST['onhand'] . ")";

Also, this won't work: <?php $_SERVER['php_self'];?>. The first is because you're missing an echo to actually print it out, but also because php_self doesn't exist - its PHP_SELF you're looking for; however, don't use PHP_SELF since its XSS exploitable, use $_SERVER['SCRIPT_NAME'] instead which will take the currently executing script. If you include this into another file, you could use basename(__FILE__) instead.

puglover · 11-05-2009, 04:52 AM

thank you soo much for catching that!! and php_self does work and thats what we use...but thanks for finding that missing echo as well...wudda driven me crazy!!

puglover · 11-05-2009, 05:15 AM

now im wondering if i could get some more help...i have to check if the data being added already exists and if it does then dont add it..if it doesnt add it...i've been googling it and cant understand most of whats out there...im just learning sql

Fou-Lu · 11-05-2009, 05:39 AM

Quote:

Originally Posted by puglover

thank you soo much for catching that!! and php_self does work and thats what we use...but thanks for finding that missing echo as well...wudda driven me crazy!!

Check you're source, I'd suspect that the action on you're form is "" when using $_SERVER['php_self']. It will still work since no action defaults to self.

MySQL actually has a REPLACE command which will either insert or update without needing to determine if it exists first. But you need to be handling it based on you're primary key, and from the looks of this I'd suspect that is what the NULL value is representing? Without knowing that, I would have to assume that each entry should be unique.

puglover · 11-05-2009, 05:45 AM

my primary key is the null field...its idnum...and auto incrementing...how would i use the replace command?? what more info would u need to help me??

Fou-Lu · 11-05-2009, 05:55 AM

http://dev.mysql.com/doc/refman/5.1/en/replace.html

Code:

REPLACE INTO table (col1, ...coln) VALUES (val1, ...valn)

But, without knowing the primary key before hand, there isn't really anyway to determine if the record already exists.
That said, there really isn't a way to determine if this exists. Unless one of the other fields is actually responsible for controlling what is unique, in which case that should probably be you're primary key and a replace would work. Note that a replace updates any values that have changed as opposed to actually rejecting an insertion.

puglover · 11-05-2009, 06:02 AM

well i guess what would be unique would be product name thats basically what we dont want repeated

Fou-Lu · 11-05-2009, 06:19 AM

Mkay, what you can do for that then without changing you're structure is to first query for the productName, and insert only if the count is 0.

PHP Code:


			
$sQry = 'SELECT idnum FROM Inventory WHERE productName = \'' . $_POST['pro_name'] . '\'';

if ($result = mysql_query($sQry))

{

    if (mysql_num_rows($result) > 0)

    {

        // This indicates that a record exists

        die('Cannot insert a new product with name ' . $_POST['pro_name']);

    }

    else

    {

        // Proceed with the insertion

    }

}

The other option would be to alter you're table and flag pro_name as the primary key.

Also, normally I wouldn't give this much help for a homework assignment since I just noticed it was one. For that reason, I'll say you shouldn't be too worried about SQL injections by this point unless thats already been covered in you're course.

puglover · 11-05-2009, 06:23 AM

its a really long story..yes it is a hmwk assignment..no the teacher hasnt gone over some of this yet...and he encourages us to find the answer whereever we can...and most of the sql we were suppose to learn in a different class..but that teacher decided he doesnt know sql and is not going to teach it to us...go figure...but i really do appreciate your help

puglover · 11-05-2009, 06:37 AM

i think i may have done something wrong...i get this Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/students/got5758/public_html/hmwk7.php on line 32

Code:

<html>
<head>
<title>
</title>
</head>
<body>
<h3>Add a new product to the Inventory</h3>
<form method="post" action="<?php $_SERVER['php_self'];?>">

Enter Category<br />
<input type="text" name="category" size="20"><p />

Enter Product Name<br />
<input type="text" name="pro_name" size="20"><p />

Enter Price<br />
<input type="text" name="price" size="20"><p />

Enter Amount On-Hand<br />
<input type="text" name="onhand" size="20"><p />

<input type="hidden" name="do_php" value="true">
<input type="submit" value="Add Product">
</form>
<?php
if( isset($_POST['do_php'] ) )
{
	$sQry*=*"select***from*Inventory*where*product_name='"*.*$_POST['pro_name']*.*"'"; 
	if*($result*=*mysql_query($sQry)) 
	{ 
****	if*(mysql_num_rows($result)*>*0) 
**** 
********	die('Cannot*insert*a*new*product*with*name*'*.*$_POST['pro_name']); 
**** 
****	else 
****	{ 
*****
			$in_query = "insert into Inventory values(";
			$in_query .= "NULL,'" .$_POST['category']. "',";
			$in_query .= "'" .$_POST['pro_name'] ."','" . $_POST['price'] ."'";
			$in_query .= "," . $_POST['onhand'] .")";
	
			$in_result = mysql_query( $in_query )
				or die("Could not connect" . mysql_error() );
	
			if( !$in_result )
				echo "Sorry, an error occurred\n";
			else
				echo "New Inventory was successfully added to the database!";
****	} 
	}
	
}
?>
</body>
</html>

puglover · 11-05-2009, 06:38 AM

there are no * in my code...i dont know why they showed up here

Fou-Lu · 11-05-2009, 08:51 AM

While it shouldn't be based on the *'s (that would trigger the error at line 28 from the looks of it), I'm not certain what the problem is. Mine is almost identical (I shifted some things so that I could actually use some data, you'll need to rename to match you're tables):

PHP Code:


			
<html>

<head>

<title>

</title>

</head>

<body>

<h3>Add a new product to the Inventory</h3>

<form method="post" action="<?php $_SERVER['php_self'];?>">



Enter Category<br />

<input type="text" name="category" size="20"><p />



Enter Product Name<br />

<input type="text" name="pro_name" size="20"><p />



Enter Price<br />

<input type="text" name="price" size="20"><p />



Enter Amount On-Hand<br />

<input type="text" name="onhand" size="20"><p />



<input type="hidden" name="do_php" value="true">

<input type="submit" value="Add Product">

</form>

<?php



$con = mysql_connect('localhost', 'root', 'root');

mysql_select_db('productDatabase');

if( isset($_POST['do_php'] ) )

{

    $sQry = "SELECT idnum FROM Inventory WHERE pro_name='" . $_POST['pro_name'] . "'"; 

    if ($result = mysql_query($sQry) or die(mysql_error())) 

    { 

        if (mysql_num_rows($result) > 0) 

     

            printf('A product with the name %s already exists!', $_POST['pro_name']); 

     

        else 

        { 

     

            $in_query = "INSERT INTO Inventory VALUES (";

            $in_query .= "NULL,'" .$_POST['category']. "',";

            $in_query .= "'" .$_POST['pro_name'] ."', '" . (float)$_POST['price'] . "'";

            $in_query .= "," . (int)$_POST['onhand'] .")";

            $in_result = mysql_query( $in_query )

                or die("Could not connect " . mysql_error() );

    

            if( !$in_result ) //btw, this will never be true since you died in the line above.

                echo "Sorry, an error occurred\n";

            else

                echo "New Inventory was successfully added to the database!";

        } 

    }

    

}

?>

</body>

</html>

And this worked fine:

Code:

<html>
<head>
<title>
</title>
</head>
<body>
<h3>Add a new product to the Inventory</h3>
<form method="post" action="">

Enter Category<br />
<input type="text" name="category" size="20"><p />

Enter Product Name<br />
<input type="text" name="pro_name" size="20"><p />

Enter Price<br />
<input type="text" name="price" size="20"><p />

Enter Amount On-Hand<br />
<input type="text" name="onhand" size="20"><p />

<input type="hidden" name="do_php" value="true">
<input type="submit" value="Add Product">
</form>
A product with the name test prod already exists!</body>
</html>

Notice the source of the form action, I have my error reporting disabled on this, but the notice is: Notice: /test.php line 8 - Undefined index: php_self

puglover · 11-05-2009, 09:08 AM

is printf the same as echo??

puglover · 11-05-2009, 09:18 AM

i copied urs exactly and its still coming up with an error at line 29

11-05-2009, 04:43 AM	PM User \| #2
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 5,123 Thanks: 2 Thanked 554 Times in 542 Posts	Fresh set of eyes: PHP Code: `$in_query .= "," . $_POST['onhand']")";` You're missing a '.' right after the onhand index access: PHP Code: `$in_query .= "," . $_POST['onhand'] . ")";` Also, this won't work: `<?php $_SERVER['php_self'];?>`. The first is because you're missing an echo to actually print it out, but also because php_self doesn't exist - its PHP_SELF you're looking for; however, don't use PHP_SELF since its XSS exploitable, use $_SERVER['SCRIPT_NAME'] instead which will take the currently executing script. If you include this into another file, you could use `basename(__FILE__)` instead. __________________ Code: struct User upFou; userInit(upFou, "Fou-Lu", 1); printf("%s has %s to %s\n", (upFou).Name, !quitSmoking(upFou) ? "FAILED" : "SUCCEEDED", (upFou).Smoker == 1 ? "FAIL" : "PASS"); // Fou-Lu has FAILED to FAIL? Lol*

11-05-2009, 05:55 AM	PM User \| #7
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 5,123 Thanks: 2 Thanked 554 Times in 542 Posts	http://dev.mysql.com/doc/refman/5.1/en/replace.html Code: REPLACE INTO table (col1, ...coln) VALUES (val1, ...valn) But, without knowing the primary key before hand, there isn't really anyway to determine if the record already exists. That said, there really isn't a way to determine if this exists. Unless one of the other fields is actually responsible for controlling what is unique, in which case that should probably be you're primary key and a replace would work. Note that a replace updates any values that have changed as opposed to actually rejecting an insertion. __________________ Code: struct User upFou; userInit(upFou, "Fou-Lu", 1); printf("%s has %s to %s\n", (upFou).Name, !quitSmoking(upFou) ? "FAILED" : "SUCCEEDED", (upFou).Smoker == 1 ? "FAIL" : "PASS"); // Fou-Lu has FAILED to FAIL? Lol*

11-05-2009, 06:19 AM	PM User \| #9
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 5,123 Thanks: 2 Thanked 554 Times in 542 Posts	Mkay, what you can do for that then without changing you're structure is to first query for the productName, and insert only if the count is 0. PHP Code: `$sQry = 'SELECT idnum FROM Inventory WHERE productName = \'' . $_POST['pro_name'] . '\''; if ($result = mysql_query($sQry)) { if (mysql_num_rows($result) > 0) { // This indicates that a record exists die('Cannot insert a new product with name ' . $_POST['pro_name']); } else { // Proceed with the insertion } }` The other option would be to alter you're table and flag pro_name as the primary key. Also, normally I wouldn't give this much help for a homework assignment since I just noticed it was one. For that reason, I'll say you shouldn't be too worried about SQL injections by this point unless thats already been covered in you're course. __________________ Code: struct User upFou; userInit(upFou, "Fou-Lu", 1); printf("%s has %s to %s\n", (upFou).Name, !quitSmoking(upFou) ? "FAILED" : "SUCCEEDED", (upFou).Smoker == 1 ? "FAIL" : "PASS"); // Fou-Lu has FAILED to FAIL? Lol*

11-05-2009, 08:51 AM	PM User \| #13
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 5,123 Thanks: 2 Thanked 554 Times in 542 Posts	While it shouldn't be based on the 's (that would trigger the error at line 28 from the looks of it), I'm not certain what the problem is. Mine is almost identical (I shifted some things so that I could actually use some data, you'll need to rename to match you're tables): PHP Code: <html> <head> <title> </title> </head> <body> <h3>Add a new product to the Inventory</h3> <form method="post" action="<?php $_SERVER['php_self'];?>"> Enter Category<br /> <input type="text" name="category" size="20"><p /> Enter Product Name<br /> <input type="text" name="pro_name" size="20"><p /> Enter Price<br /> <input type="text" name="price" size="20"><p /> Enter Amount On-Hand<br /> <input type="text" name="onhand" size="20"><p /> <input type="hidden" name="do_php" value="true"> <input type="submit" value="Add Product"> </form> <?php $con = mysql_connect('localhost', 'root', 'root'); mysql_select_db('productDatabase'); if( isset($_POST['do_php'] ) ) { $sQry = "SELECT idnum FROM Inventory WHERE pro_name='" . $_POST['pro_name'] . "'"; if ($result = mysql_query($sQry) or die(mysql_error())) { if (mysql_num_rows($result) > 0) printf('A product with the name %s already exists!', $_POST['pro_name']); else { $in_query = "INSERT INTO Inventory VALUES ("; $in_query .= "NULL,'" .$_POST['category']. "',"; $in_query .= "'" .$_POST['pro_name'] ."', '" . (float)$_POST['price'] . "'"; $in_query .= "," . (int)$_POST['onhand'] .")"; $in_result = mysql_query( $in_query ) or die("Could not connect " . mysql_error() ); if( !$in_result ) //btw, this will never be true since you died in the line above. echo "Sorry, an error occurred\n"; else echo "New Inventory was successfully added to the database!"; } } } ?> </body> </html> And this worked fine: Code: <html> <head> <title> </title> </head> <body> <h3>Add a new product to the Inventory</h3> <form method="post" action=""> Enter Category<br /> <input type="text" name="category" size="20"><p /> Enter Product Name<br /> <input type="text" name="pro_name" size="20"><p /> Enter Price<br /> <input type="text" name="price" size="20"><p /> Enter Amount On-Hand<br /> <input type="text" name="onhand" size="20"><p /> <input type="hidden" name="do_php" value="true"> <input type="submit" value="Add Product"> </form> A product with the name test prod already exists!</body> </html> Notice the source of the form action, I have my error reporting disabled on this, but the notice is: Notice: /test.php line 8 - Undefined index: php_self __________________ Code: struct User upFou; userInit(upFou, "Fou-Lu", 1); printf("%s has %s to %s\n", (upFou).Name, !quitSmoking(upFou) ? "FAILED" : "SUCCEEDED", (upFou).Smoker == 1 ? "FAIL" : "PASS"); // Fou-Lu has FAILED to FAIL? Lol

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

11-05-2009, 04:52 AM	PM User \| #3
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	thank you soo much for catching that!! and php_self does work and thats what we use...but thanks for finding that missing echo as well...wudda driven me crazy!!

11-05-2009, 05:15 AM	PM User \| #4
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	now im wondering if i could get some more help...i have to check if the data being added already exists and if it does then dont add it..if it doesnt add it...i've been googling it and cant understand most of whats out there...im just learning sql

11-05-2009, 05:45 AM	PM User \| #6
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	my primary key is the null field...its idnum...and auto incrementing...how would i use the replace command?? what more info would u need to help me??

11-05-2009, 06:02 AM	PM User \| #8
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	well i guess what would be unique would be product name thats basically what we dont want repeated

11-05-2009, 06:23 AM	PM User \| #10
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	its a really long story..yes it is a hmwk assignment..no the teacher hasnt gone over some of this yet...and he encourages us to find the answer whereever we can...and most of the sql we were suppose to learn in a different class..but that teacher decided he doesnt know sql and is not going to teach it to us...go figure...but i really do appreciate your help

11-05-2009, 06:38 AM	PM User \| #12
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	there are no * in my code...i dont know why they showed up here

11-05-2009, 09:08 AM	PM User \| #14
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	is printf the same as echo??

11-05-2009, 09:18 AM	PM User \| #15
puglover New Coder Join Date: Oct 2008 Posts: 27 Thanks: 0 Thanked 0 Times in 0 Posts	i copied urs exactly and its still coming up with an error at line 29