Hi, I am working with PHP and Pos

[BBDan]

Hi,
I am working with PHP and PostgresQL and am trying to insert some information into a database. I have the following code.

$query= "INSERT INTO web
(
products,
companyname,
contactperson,
addressone,
addresstwo,
emailaddress,
dayphone,
numservers,
numclients,
numbranches,
businessarea
)

VALUES
(
"ERROR at this line"->' $HTTP_POST_VARS["prdt"]',
' $HTTP_POST_VARS["companyName"]',
' $HTTP_POST_VARS["contactPerson"]',
' $HTTP_POST_VARS["addressOne"]',
' $HTTP_POST_VARS["addressTwo"]',
' $HTTP_POST_VARS["emailAddress"]',
' $HTTP_POST_VARS["dayphone"]',
$HTTP_POST_VARS["numServers"],
$HTTP_POST_VARS["numClients"],
$HTTP_POST_VARS["numBranches"],
' $HTTP_POST_VARS["businessArea"]'
)";



$table=new my_table($db_handle, $query);


It gives me an error:

Parse error: parse error, unexpected '\"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/bailey/webpurchase3.php on line 26


Does anybody knows what's happening?

Thanks

 

[sleipnir214]

Impossible to say. The backslash character doesn't appear in any of the code you have posted.

"Parse error" is PHP's way of reporting that it has become confused. This is generally caused by some typographical error, but the actual error may not appear on the line where PHP is reporting the error. The line number reported by PHP is only the point at which PHP realized it was confused.

I recommend that you start at line 26 of the file and work your way backwards through your code. Look for unbalanced quotes, doublequotes, parentheses, braces and brackets. Look for missing semicolons at the ends of lines or dollar-signs at the beginning of variables.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[ceco]

in php when you insert arrays like these $HTTP_POST_VARS["companyName"] in string you should surround it with {} i.e. {$HTTP_POST_VARS["companyName"]}

also if you use newer php I recomend you to use $_POST instead of $HTTP_POST_VARS for details why check the php docs

$query= "INSERT INTO web
(
products,
companyname,
contactperson,
addressone,
addresstwo,
emailaddress,
dayphone,
numservers,
numclients,
numbranches,
businessarea
)

VALUES
(
'{$HTTP_POST_VARS["prdt"]}',
'{$HTTP_POST_VARS["companyName"]}',
'{$HTTP_POST_VARS["contactPerson"]}',
'{$HTTP_POST_VARS["addressOne"]}',
'{$HTTP_POST_VARS["addressTwo"]}',
'{$HTTP_POST_VARS["emailAddress"]}',
'{$HTTP_POST_VARS["dayphone"]}',
'{$HTTP_POST_VARS["numServers"]}',
'{$HTTP_POST_VARS["numClients"]}',
'{$HTTP_POST_VARS["numBranches"]}',
'{$HTTP_POST_VARS["businessArea"]}'
)";

of course with $_POST is better as I said ;-)

and also you may notice that I've surrounded the integer values with '' it is a little more sequre, because malitious user can't make values himself and change the query in an unwanted way

 

[BBDan]

Hey Guys,
Thanks for your responses,

Another user helps me out with the following and its works, if you are interested. Thanks again.

VALUES
(
'".$HTTP_POST_VARS['prdt']."',
'".$HTTP_POST_VARS['companyName']."',
'".$HTTP_POST_VARS['contactPerson']."',
'".$HTTP_POST_VARS['addressOne']."',
'".$HTTP_POST_VARS['addressTwo']."',
'".$HTTP_POST_VARS['emailAddress']."',
'".$HTTP_POST_VARS['dayphone']."',
'".$HTTP_POST_VARS['numServers']."',
'".$HTTP_POST_VARS['numClients']."',
'".$HTTP_POST_VARS['numBranches']."',
'".$HTTP_POST_VARS['businessArea']."'
)";

 

[sleipnir214]

BBDan:
Yeah, what you've run into is the fact that PHP doesn't do well when referencing associative arrays when those arrays are inside of quotes.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!