8 Replies - 379 Views - Last Post: 29 July 2013 - 07:13 AM Rate Topic: -----

#1 codespook  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 141
  • Joined: 31-October 12

syntax errors on form

Posted 26 July 2013 - 07:31 PM

Me again. In continuation of my project....I'm trying to write the script to show the comments, then the form, validate, and then insert the form data into the table. All works fine except the very end (just my luck:) Syntax error on line 53, 57. I suspected the if...else statement but looks like everything is closed properly (), {}, and ended with ; that should be. So if anyone could be an extra set of eyes, I'd really appreciate it! (and code should be optimized for PDO too).

<?php

include './includes/rconnect.php';

$query = "SELECT * FROM `rcomments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC";
 $results = mysqli_multi_query($query);
     if(!$results) die(mysqli_error());
	 
	   $rows = mysqli_stmt_num_rows($query);
if($rows > 0) {
   echo '<h5>Comments:</h5>';
   echo '<table width="95%">';
   
 while($query2 = mysqli_fetch_array($query)) {	
echo '<tr>';   
echo '<td>"'.htmlspecialchars(stripslashes($query2->subject)).'" by: <a href="'.$query2->contact.'">'.htmlspecialchars(stripslashes($query2->username)).'</a></td> <td><div align="right"> @ '.date('h:i:s a', $query2->time).' on '.$query2->date.'</div></td>';
echo '</tr><tr>';
echo '<td colspan="2"> '.htmlspecialchars(stripslashes(nl2br($query2->comment))).' </td>';
echo '</tr>';
}//end while
echo '</table>';
echo '<hr width="95%" noshade>';
} else echo 'No comments for this page. Feel free to be the first <br>';

if(isset($_POST['submit'])) {
  if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.');
  if(!addslashes($_POST['contact']))  die('<u>ERROR:</u> enter contact method in contact field.');
  if(!addslashes($_POST['subject']))  die('<u>ERROR:</u> enter a subject to your comment.');
  if(!addslashes($_POST['comment']))  die('<u>ERROR:</u> cannot add comment if you do not enter one!?');
}

//this is for a valid contact 
  if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) {
              if(strstr($_POST['contact'],'@'))
                $_POST['contact'] = "mailto:".$_POST['contact']."";
              else
                $_POST['contact'] = "http://".$_POST['contact']."";
   } //end valid contact


$c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
  $c2 = mysql_query($c);
     while($c3 = mysql_fetch_object($c2)) {
	  $difference = time() - $c3->time;
	 if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>');
      }
	  
	  $q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes($_POST['username'])."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes($_POST['contact'])."', '".addslashes($_POST['subject'])."', '".addslashes($_POST['comment'])."')";

$q2 = mysqli_multi_query($q);
  if(!$q2) die(mysqli_error())

{
//refresh page so they can see new comment
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . "#commentsrn");

} else {  
?>
<form name="comments" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="page" value="<? echo($_SERVER['REQUEST_URI']); ?>">
<input type="hidden" name="date" value="<? echo(date("F j, Y.")); ?>">
<input type="hidden" name="time" value="<? echo(time()); ?>">

}




Is This A Good Question/Topic? 0
  • +

Replies To: syntax errors on form

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3710
  • View blog
  • Posts: 5,958
  • Joined: 08-June 10

Re: syntax errors on form

Posted 26 July 2013 - 09:51 PM

A huge problem in this script is your complete lack of a sane coding style. Your indentation is all over the place and you're mixing PHP and HTML together in a way that makes the code extremely difficult to follow. It's a mess. It's not surprising you are having problem locating a syntax error like this in this snippet.

Code needs to be easily readable. Being able to write code that can be read easily is an essential skill. You really ought to spend some time finding a style you like, and then stick to that style.


As for the actual error. Look closer at the very last line of the code; the one that is mean to close the IF-ELSE block. It's not actually a part of any PHP block, but rather the HTML output.

This is actually an excellent example of why it's a good idea to adopt some sort of templating system, where PHP code and HTML code aren't infused into a single file like this. You may want to read CTphpnwb's Code Separation tutorial.
Was This Post Helpful? 1
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3710
  • View blog
  • Posts: 5,958
  • Joined: 08-June 10

Re: syntax errors on form

Posted 26 July 2013 - 10:06 PM

Looking closer at the code, there are a few things that need to be pointed out.

  • It seems you are using the MySQLi functions incorrectly. You are not passing the correct parameters to them. I suggest you look them up in the PHP docs; they are not exact stand-in replacements for the old MySQL API!


  • Why are you using myqli_multi_query instead of mysqli_query?


  • What is up with all the addslashes and stripslashes calls? It's like you're expecting magic_quotes to be on. The need for regular calls to these functions died out with the magic_quotes feature. The feature has been removed from PHP 5.4 and higher. - The odd server running older versions of PHP still has it enabled, though, but the solution should be to turn it off, not to code around it.


  • The conditions on lines 26 to 29 are nonsensical. That is, those that read like this:
    if(!addslashes($_POST['username'])) ...
    
    

    It makes no sense to run a POST value through the addslashes function when testing for it's existence (or anywhere else, for that matter.) What you should be using there is the isset() function, or possibly the empty() function, depending on the context.

Was This Post Helpful? 1
  • +
  • -

#4 codespook  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 141
  • Joined: 31-October 12

Re: syntax errors on form

Posted 27 July 2013 - 12:32 AM

Thats what happens when I try to learn how to do a script online except in this case, I modified it. I looked at the tutorial. I do that (ok not this time). Like the connection to database script or a main script leave out. Didnt think to do it with this particular one as it is 99% php. But when I looked at the tutorial/explanation atleast he gave a good explanation that I need to (and its possible ) to do it here too. So now css and html are in their files.

As far as the mysqli_multi_query goes I found that as a replacement. but maybe I did misread it.

Now to sort out this PHP.

This post has been edited by codespook: 27 July 2013 - 01:54 AM

Was This Post Helpful? 0
  • +
  • -

#5 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,002
  • Joined: 08-August 08

Re: syntax errors on form

Posted 27 July 2013 - 05:49 AM

There are many bad PHP tutorials on the web. You might say that most are bad, since most are very much out of date. There are some good tutorials here though. Some that I like, and that you should read/study regardless of how they affect this project:
http://www.dreaminco...p-file-browser/
http://www.dreaminco...duction-to-pdo/
http://www.dreaminco...loading-a-file/
http://www.dreaminco...-use-functions/
http://www.dreaminco...es-and-objects/
Was This Post Helpful? 1
  • +
  • -

#6 codespook  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 141
  • Joined: 31-October 12

Re: syntax errors on form

Posted 27 July 2013 - 05:47 PM

Thanks!
Yes, not only are some bad but also out of date, but I dont let that stop me from looking at them. Its true that I could learn something bad (like bad mixing of html.css, and php). But if. thosemistakes are caught anđ. I learn by doing/asking/looking up, my strategy is to become better by getting my hands dirty. I get bored of reading theory and wondering what I can do with so little. I like thinking of ideas and learn by doing.

God help the DIC community:-)
Was This Post Helpful? 0
  • +
  • -

#7 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,002
  • Joined: 08-August 08

Re: syntax errors on form

Posted 28 July 2013 - 06:19 AM

Let's not forget that although you were using mysli (and not deprecated mysql) you were not using prepared statements (leaving your site vulnerable to SQL injection attacks) and you were using tables for formatting.

Count up the errors listed in this thread and compare that to the number of lines of code you have. Seem high? Part of that is that you're just beginning, but another part is the tutorials you're using. If you aren't sure if a tutorial is good and up to date post a new question here, along with a link and a description of what you think it does and what you want to accomplish with it. People here can tell you if it's worth your time. Otherwise you can spend a lot of time and effort learning bad practice and obsolete functions/methods.

This post has been edited by CTphpnwb: 28 July 2013 - 06:20 AM

Was This Post Helpful? 0
  • +
  • -

#8 codespook  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 141
  • Joined: 31-October 12

Re: syntax errors on form

Posted 28 July 2013 - 04:35 PM

Yea you're right and good suggestion.

Going through the intro to pdo before I attmpt to fix the PHP. But as I read, I did think of something. Would it be better to place the mysql queries in functions as opposed to one long php file. What I mean by this is have a function called show() which shows the contents of mysql table, a function called insert() that inserts? And have the functions inside functions.php. The functions would of course include correct, prepared syntax.
Was This Post Helpful? 0
  • +
  • -

#9 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,002
  • Joined: 08-August 08

Re: syntax errors on form

Posted 29 July 2013 - 07:13 AM

Yes it would. One of the links I listed is a tutorial I did about why you should use functions. They're a good first step towards organizing code, making it readable and easier to debug.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1