Forum Moderators: coopster
<html>
<body>
<?
$ID = $_GET[ID#];
$con; <----------------line 5
$con = mysql_connect('', '', '');mysql_select_db('jhskeyclub_members', $con);
mysql_query("INSERT INTO Attendance VALUES($ID)");
?>
and of course the required closing tags.
[edited by: eelixduppy at 3:20 am (utc) on Oct. 5, 2008]
[edit reason] removed db specifics [/edit]
Not sure if you should have your connection info in there. You should probably edit that post and put some false values in their place.
Often when you get an error and can't find it on the specified line, you should look to the line before it. $ID = $_GET[ID#]; is the error. Should probably be $ID = $_GET['ID'];
Note that it is always a good idea, probably more of a requirement to validate all variables that come from user input. That means anything in the $_GET and $_POST array should definitely be filtered before being used for anything ... especially a mysql query.
Since the $ID is more than likely a number, you should check to see that it is a number, and not some hack injection statement. an if statement like this:
if(is_int($_GET['ID'])){
$ID = $_GET['ID'];
} else {
// redirect out or simply echo an error message without querying
}
Hope this helps ...
Ironic, too; i didn't tell you the rest of the error message b/c of security, yet i left my database info just in there. Strange.'
OK, here we go again.
How would I do this? (this time i'm not going to publicly display my db info)
"Parse error: syntax error, unexpected $end line 21"
<html>
<body>
<?
if(is_int($_REQUEST['ID#']))
{
$ID = $_REQUEST['ID#'];
}
else
{
echo "Gaaa! you've infiltrated the system! OH NOOOOes!";
echo "just kidding...";
$goto=1;//how i get around the absence of goto()
if($goto!=1)
{
$con;
$con = mysql_connect('yoursql.example.com, 'username', 'password');
mysql_select_db('db_name', $con);
mysql_query("INSERT INTO table_name VALUES($ID)");
}
?>
//line 21
Odd; the problem line appears to be one beyond the ?>. Is this, like, normal?
Can you help? Thx in advance. (if of course you see this post)
To password protect the site, you should use a login\registration script. I don't know of any pre-written ones, though I amm aware that some good pre-built scripts exist out there. Take a look on a site like hotscripts.com.
Depending on whether you needed automated registration or not, this could be a very easy fix, or a somewhat more complicated matter.
I can't go through an entire rundown on logging in registered members, though I can give you some pointers.
User sessions have their own array like $_POST or $_GET. It is $_SESSION. You have a form on your site that allows users to enter their username and password pair. That form redirects to a script that validates the user login. Once validated, you assign values to the $_SESSION array in an associative manner like so: [b]$_SESSION['username'] = $row['username'];[\b]
Then, at the top of any page you wish to protect, you use a bit of code to check to see if the user is logged in, or in other words, if the user has certain $_SESSION array values set, something like this:
if(!isset($_SESSION['username'])){
// redirect out
header("Location: index.php");
die();
}
Here's a link to a thread that may help you [webmasterworld.com]
else
{
echo "Gaaa! you've infiltrated the system! OH NOOOOes!";
echo "just kidding...";
$goto=1;//how i get around the absence of goto()
if($goto!=1)
{
$con;
$con = mysql_connect('yoursql.example.com, 'username', 'password');
mysql_select_db('db_name', $con);
mysql_query("INSERT INTO table_name VALUES($ID)");
}
}// need a bracket here to close the ELSE
?>
Goto statements are extinct as far as I'm concerned. They lead to bad coding habits, so you should try to write your code without them if possible.
Instead of a goto, you could use something like this:
header("Location: whereever.php");
die();
The header() function redirects the page to whatever page you specify. Notice you dont need the domain? If the page is on your server, you're only required to enter in the filename and any paths you may need to get there. die() or exit() are required to stop the rest of the script from executing.
You could also set an error message to a variable. Check if that variable is empty or not with if(empty($errorVariable)) ... if the variable is not empty, do not insert into the database, and later in your script you can check for its existence one more time and echo it if needed.
Those are just a few basic ways to handle the validation.
Hope this helps ...
It would be better to generate some other code here, probably one from the 4xx series.
Yes, i'm a cheater, i know.
And yes, I would check for javascript enabled-ness.
Using a HEADER of 404 is a good idea at this point.
