0

Hey I would like to add a simple contact box to my web site. I have followed on line tutorials but they never seem to work the way they are meant to: I have set up a table on phpMyadmin called comment with table called comment and 3 columns: id,name and comment. I have used this code for the comment box page...index.php

    <html>
<form action="post_comment.php" method="POST">
<input type="text" name="name" value="Your Name"><br>
<textarea name="comment" cols="50" rows="2">Enter your query and contact details</textarea><br>
<input type="submit" value="Submit">
</form>

Then i have another page called post_comment.php with the mysql coding on it...

    <?php

     mysql_connect("localhost","root","");
     mysql_select_db("comment");

     $name = $_POST["name"];
     $comment = $_POST["comment"];

     $comment_length = strlen($comment);

     if($comment_length > 100)

    {
    header("location: index.php?error=1")
    }
    else
   {
   mysql_query("INSERT INTO comment VALUES('','$name','$comment')")
   header("location: index.php")
   }

   ?>

BUT once i enter details in the input boxes instead of the details being sent to my table i get this error

Parse error: syntax error, unexpected end of file, expecting variable 

(T_VARIABLE) or ${ (T_DOLLAR_OPEN_CURLY_BRACES) or {$ (T_CURLY_OPEN) 
in C:\xampp\htdocs\tutorials\contact1.php on line 16

Line 16 of my code only has the else statement written on it. Could someone have a look as i know it's basic but I'm just starting out. Thanks in Advance.Paul

Improve this question
2
  • You are missing several ; (last 3 function calls) Commented Mar 4, 2015 at 0:36
  • Thanks a lot for your answer. Ive got the code working from the answer's I have received. I am a bit of a simpleton just starting out with php so this advice was invaluable. Cheers Commented Mar 4, 2015 at 16:52

2 Answers 2

Reset to default
2

PLEASE, please, look up and understand SQL Injection. Do not put user-text directly into your queries or you're just asking for someone to screw with you. And if "root" is really your login, even worse...utilize a user account with less permissions. Also, you should use PDO or mysqli, as the mysql extension is deprecated.

That said, here is your code, somewhat fixed to sanitize the user-input and fixed syntax errors:

<?php

$conn = mysql_connect("localhost","root","");
mysql_select_db("comment");

$name           = mysql_real_escape_string($_POST["name"], $conn);
$comment        = mysql_real_escape_string($_POST["comment"], $conn);

$comment_length = strlen($comment);

if($comment_length > 100)
{
    header("location: index.php?error=1");
}
else
{
    mysql_query("INSERT INTO comment VALUES('','$name','$comment')");
    header("location: index.php");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks a lot for your advice. I have just read about sql injection and will make sure when I code a site I will be very careful with database security. This code is only for me to test site on my pc but when i am uploading ill make sure it's secure. I will start using bdo or mysqli if that is now standard. Again I appreciate your help and advise. I am excited now that the code works. Cheers
0

Watch your syntax. I have corrected it below but every function call in the if statement had no ';'. 

<?php

 mysql_connect("localhost","root","");
 mysql_select_db("comment");

 $name = $_POST["name"];
 $comment = $_POST["comment"];

 $comment_length = strlen($comment);

 if($comment_length > 100)
 {
     header("location: index.php?error=1");
 }
 else
 {
     mysql_query("INSERT INTO comment VALUES('','$name','$comment')");
     header("location: index.php");
}

?>
Improve this answer

1 Comment

Thanks for your help and advice. I though it must be a basic syntax but I just could not see the problem. I will keep an eye out for this. Anyway your code worked perfect. I was so excited to see my entries entered in my database. I have been messing about with web design for year's but the development side always seemed frightening. I am going to muddle on with php though and try to pick up information on the way. Thanks again you made my day! Cheers

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.