1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:19 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Parse error: parse error, unexpected T VARIABLE in line 8

I'm trying to create a guestbook that will by dynamic on my site.

         

aust_liadon

1:47 pm on Mar 9, 2007 (gmt 0)

10+ Year Member



I got the code on how to do it by a friend av hes coding works, but mine don't can anyone please help

here is line 7 and out on mye guestbook. Some of the spelling is in norwegian so don't mind

$query = "INSERT INTO Gjestebok ( 'Name', 'E-mail', 'Homepage', 'Comments')
VALUES ("'" . $_POST["Name"] . "'", "'" . $_POST["E-mail"] . "'", "'" . $_POST["Homepage"] . "'", "'" . $_POST["Comments"] . "'")";
if(!@mysql_query($query))
{echo("f00! feilmelding: fra mysql er: " . mysql_error());}
else
{echo("Thank You.<br><br>");}
mysql_close($connection);

aust_liadon

1:51 pm on Mar 9, 2007 (gmt 0)

10+ Year Member



umm... it's more like this:

<?php
$hostname = "localhost";
$user = "#*$!#*$!x";
$password = "#*$!#*$!x";
$db = "#*$!#*$!x";
$connection = @mysql_connect($hostname, $user, $password) or die("Umulig å få kontakt med database");
@mysql_select_db($db)
$query = ("INSERT INTO Gjestebok ( 'Name', 'E-mail', 'Homepage', 'Comments');
VALUES ('" . $_POST["Name"] . "', '" . $_POST["E-mail"] . "', '" . $_POST["Homepage"] . "', '" . $_POST["Comments"] . "'));
if(!@mysql_query($query))
{echo("f00! feilmelding: fra mysql er: " . mysql_error());}
else
{echo("Thank You.<br><br>");}
mysql_close($connection);
?>

mcibor

1:59 pm on Mar 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



unexpected T_Variable usually means, that you are missing a semicolon line above:

<?php
$hostname = "localhost";
$user = "#*$!#*$!x";
$password = "#*$!#*$!x";
$db = "#*$!#*$!x";
$connection = @mysql_connect($hostname, $user, $password) or die("Umulig å få kontakt med database");
@mysql_select_db($db);
$query = ("INSERT INTO Gjestebok ( 'Name', 'E-mail', 'Homepage', 'Comments');
VALUES ('" . $_POST["Name"] . "', '" . $_POST["E-mail"] . "', '" . $_POST["Homepage"] . "', '" . $_POST["Comments"] . "'));
if(!@mysql_query($query))
{echo("f00! feilmelding: fra mysql er: " . mysql_error());}
else
{echo("Thank You.<br><br>");}
mysql_close($connection);

moreover I spotted few security breaches in your code:

always use mysql_real_escape_string [php] when inputting external data to db (regardless if it's insert or select):

$query = ("INSERT INTO Gjestebok ( 'Name', 'E-mail', 'Homepage', 'Comments');
VALUES ('" . mysql_real_escape_string($_POST["Name"]) . "', '" . mysql_real_escape_string($_POST["E-mail"]) . "', '" . mysql_real_escape_string($_POST["Homepage"]) . "', '" . mysql_real_escape_string($_POST["Comments"]) . "'));

also you could validate email before sending it to db, and filter comments, so they don't contain bad word nor spam.
Moreover as this is form I would use some CAPTCHA to disable bots.

Hope this helps you
Regards
Michal

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:19 am May 2, 2026