PARSE ERROR

I try to Post a job to my database, but I get this error on click the

Page 1 of 1

5 Replies - 1228 Views - Last Post: 08 November 2009 - 02:26 AM Rate Topic: -----

#1 oaluyi  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 67
  • Joined: 04-November 09

PARSE ERROR

Posted 07 November 2009 - 04:04 PM

I get this error on clicking the submit button when I try to Submit my Post to my database. Please Advice...

<?php
 include_once("dbconfig.php");  
 include_once('inc_thumbnail.php'); 
 include_once('inc_functions.php'); 
 include_once('admin/config.php');
 include_once($languageFile);

$ip = GetHostByName($REMOTE_ADDR);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";

if ($op == "newItem"){

	$email = $_POST["md_email"]; 
	
		if ($email != 'md_email')
		header("" . GetHostByName($REMOTE_ADDR));
				
	foreach ($_POST as $secvalue){
	 	if(ereg_replace()("<[^>]*script.*\"?[^>]*>",$secvalue)) ||
		(ereg_replace()("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
		(ereg_replace()("<[^>]*img.*\"?[^>]*>", $secvalue))) {
			die ("There was a problem with your post");
		}
	}
	
	$title		  = ($_POST["md_title"]);
	$md_description	= ($_POST["md_description"]);
	$price 			= ($_POST["md_price"]);
	$email 			= ($_POST["md_email2"]);
	$city 			= ($_POST["city"]);
	$namer 			= ($_POST["namer"]);
	$category		= ($_POST["category"]);
	$type			= ($_POST["type"]);
	
	// upload the file if it exists
	$file	= uploadImage($_POST["filetoupload"]);
	// Create a Thumbnail if an image exists
	if ($file != "no file")
	{	
		$date = date("YmdHis");
		$imgArr = split('[/]', $file);
		$imgNameOnly = $imgArr[sizeof($imgArr)-1];
		$folderPath = "";
		for ($i=0; $i<sizeof($imgArr)-1; $i++)
			$folderPath .=  $imgArr[$i] . "/";	
			
		$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
		$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
		$imgType = getImgType($imgNameOnly);
		// Create a resized image of the orig. a mx of 400 pixels
		$photo=new Thumbnail(400,400);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$photo->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$photo->buildThumb($photoPathName);	
		// Instantiate the thumbnail
		$tn=new Thumbnail(50,50);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$tn->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$tn->buildThumb($thumbNailPathName);
		// delete the source file that is potentially large
		unlink($file);
	}

	// Creates a 7 character random string
	$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));	

	$sql = "INSERT INTO md_postings SET email='$email', type='$type', name='$namer', city='$city', category='$category', title='$title', description='$description', price='$price', ip='$ip', confirmPassword='$confirmPassword', imgURL='$photoPathName', imgURLThumb='$thumbNailPathName'";
	
	if (mysql_query($sql)) // If all is good, send the email
		{
			include_once("admin/email_newItem.php");
			mail($email, STR_CONFIRMPOSTING, $message, $headers);
			header("Location:newItemConfirm.php");
		} else {
			print("Hmmm... something went wrong trying to create a new item:<br>" . mysql_error());
		}	
}

if ($op == "md_email2"){

	$botEmail = $_POST["md_email2"];
	
	if ($botEmail != 'md_email2')
		header("" . GetHostByName($REMOTE_ADDR));

	foreach ($_POST as $secvalue) {
		if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
			die ("There was a problem with your post. Please do not include code.");
		}
	}
	// end hacker defense 	
		
	$postId 	= mysql_real_escape_string($_POST["postId"]);
	$title 		= mysql_real_escape_string(addslashes(trim($_POST["title"])));
	$name 		= mysql_real_escape_string(addslashes(trim($_POST["name"])));
	$email 		= mysql_real_escape_string(trim($_POST["email2"]));
	$message 	= "From: $name \n\n" . $_POST["md_message"];
	$emailTitle = STR_ABOUTYOURPOST . $title;
	$headers 	= 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();	
	
	$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Hmmm... Error getting email address: " . mysql_error());	
		
	$row 		= mysql_fetch_array($result);
	$toEmail 	= $row["email"];
	mail($toEmail, $emailTitle, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}

if ($op == "emailReminder"){
	$postId = mysql_real_escape_string($_POST["postId"]);

	$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Error performing query: " . mysql_error());	
	$row 		= mysql_fetch_array($result);
	$confirmPassword = $row["confirmPassword"];
	$toEmail 	= $row["email"];
	
	include_once("admin/email_reminder.php");
	mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>


Is This A Good Question/Topic? 0
  • +

Replies To: PARSE ERROR

#2 AdaHacker  Icon User is offline

  • Resident Curmudgeon

Reputation: 452
  • View blog
  • Posts: 811
  • Joined: 17-June 08

Re: PARSE ERROR

Posted 07 November 2009 - 04:34 PM

That's because in the first foreach loop, every single one of your ereg_replace calls has an extra, empty set of parentheses before that actual parameters.
Was This Post Helpful? 0
  • +
  • -

#3 oaluyi  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 67
  • Joined: 04-November 09

Re: PARSE ERROR

Posted 07 November 2009 - 05:36 PM

I removed it and has same error.
Was This Post Helpful? 0
  • +
  • -

#4 Dannyboy997  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 64
  • View blog
  • Posts: 258
  • Joined: 17-April 09

Re: PARSE ERROR

Posted 07 November 2009 - 06:50 PM

Whats the error?
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is online

  • Admiral Fancy Pants
  • member icon

Reputation: 5356
  • View blog
  • Posts: 27,315
  • Joined: 10-May 07

Re: PARSE ERROR

Posted 07 November 2009 - 07:14 PM

Why don't you verify the values in your sql statement, & then you'll find which one is the offensive.

$sql = "INSERT INTO md_postings SET email='$email', type='$type', name='$namer', city='$city', category='$category', title='$title', description='$description', price='$price', ip='$ip', confirmPassword='$confirmPassword', imgURL='$photoPathName', imgURLThumb='$thumbNailPathName'";

echo "<p>attempting to send :</p><p>".$sql."</p>";

	if (mysql_query($sql)) // If all is good, send the email
		{




Chances are, one of your variables is empty.
Was This Post Helpful? 0
  • +
  • -

#6 oaluyi  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 67
  • Joined: 04-November 09

Re: PARSE ERROR

Posted 08 November 2009 - 02:26 AM

This is the error I now get

Notice: Undefined index: filetoupload in C:\wamp\www\P\controller.php on line 28

Warning: mysql_query() [function.mysql-query]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\P\controller.php on line 67

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\wamp\www\P\controller.php on line 67
Hmmm... something went wrong trying to create a new item:
Access denied for user 'SYSTEM'@'localhost' (using password: NO)

<?php
 include_once("dbconfig.php");  
 include_once('inc_thumbnail.php'); 
 include_once('inc_functions.php'); 
 include_once('admin/config.php');
 include_once($languageFile);

$ip = GetHostByName($REMOTE_ADDR);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";

if ($op == "newItem"){

	$md_email = $_POST["md_email2"]; 
	
		if ($md_email != 'md_email2')
		header("" . GetHostByName($REMOTE_ADDR));	
	$title		  = ($_POST["md_title"]);
	$md_description	= ($_POST["md_description"]);
	$md_price 			= ($_POST["md_price"]);
	$md_email2		= ($_POST["md_email2"]);
	$md_city 		= ($_POST["md_city"]);
	$namer 			= ($_POST["namer"]);
	$category	= ($_POST["category"]);
	$type			= ($_POST["type"]);
	
	// upload the file if it exists
	$filetoupload= uploadImage($_POST["filetoupload"]);
	// Create a Thumbnail if an image exists
	if ($filetoupload != "no file")
	{	
		$date = date("YmdHis");
		$imgArr = split('[/]', $file);
		$imgNameOnly = $imgArr[sizeof($imgArr)-1];
		$folderPath = "";
		for ($i=0; $i<sizeof($imgArr)-1; $i++)
			$folderPath .=  $imgArr[$i] . "/";	
			
		$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
		$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
		$imgType = getImgType($imgNameOnly);
		// Create a resized image of the orig. a mx of 400 pixels
		$photo=new Thumbnail(400,400);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$photo->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$photo->buildThumb($photoPathName);	
		// Instantiate the thumbnail
		$tn=new Thumbnail(50,50);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$tn->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$tn->buildThumb($thumbNailPathName);
		// delete the source file that is potentially large
		unlink($file);
	}

	// Creates a 7 character random string
	$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));	

	$sql = ("INSERT INTO md_postings SET md_email='$md_email2', type='$type', namer='$namer', md_city='$md_city', category='$category', md_title='$md_title', md_description='$md_description', md_price='$md_price', filetoupload='$filetoupload'");
	
	if (mysql_query($sql)) // If all is good, send the email
		{
			include_once("admin/email_newItem.php");
			mail($email, STR_CONFIRMPOSTING, $message, $headers);
			header("Location:newItemConfirm.php");
		} else {
			print("Hmmm... something went wrong trying to create a new item:<br>" . mysql_error());
		}	
}

if ($op == "md_email2"){

	$botEmail = $_POST["md_email2"];
	
	if ($botEmail != 'md_email2')
		header("" . GetHostByName($REMOTE_ADDR));

	foreach ($_POST as $secvalue) {
		if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
			die ("There was a problem with your post. Please do not include code.");
		}
	}
	// end hacker defense 	
		
	$postId 	= mysql_real_escape_string($_POST["postId"]);
	$title 		= mysql_real_escape_string(addslashes(trim($_POST["title"])));
	$name 		= mysql_real_escape_string(addslashes(trim($_POST["name"])));
	$email 		= mysql_real_escape_string(trim($_POST["email2"]));
	$message 	= "From: $name \n\n" . $_POST["md_message"];
	$emailTitle = STR_ABOUTYOURPOST . $title;
	$headers 	= 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();	
	
	$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Hmmm... Error getting email address: " . mysql_error());	
		
	$row 		= mysql_fetch_array($result);
	$toEmail 	= $row["email"];
	mail($toEmail, $emailTitle, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}

if ($op == "emailReminder"){
	$postId = mysql_real_escape_string($_POST["postId"]);

	$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Error performing query: " . mysql_error());	
	$row 		= mysql_fetch_array($result);
	$confirmPassword = $row["confirmPassword"];
	$toEmail 	= $row["email"];
	
	include_once("admin/email_reminder.php");
	mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1