o_oe Posted February 4, 2008 Share Posted February 4, 2008 Hi Friends,Please I have a form on my website designed to deposite filled content to a database. Everything has been set-up but onclicking on the submit button, an error message occurs.This is the error message:Parse error: syntax error, unexpected T_STRING in /home/beamz/public_html/career.php on line 4This is the content of line 4:$full name = $_POST['full name'];Thanks for your time. Link to comment Share on other sites More sharing options...
boen_robot Posted February 4, 2008 Share Posted February 4, 2008 Variables can only be one word long. Use $fullname, or perhaps $fullName or $full_name. You decide, but keep it a single word - no spaces. Link to comment Share on other sites More sharing options...
Lulzim Posted February 4, 2008 Share Posted February 4, 2008 $full name = $_POST['full name'];variable names CANNOT contain space$fullname = $_POST['full name']; would be ok. Link to comment Share on other sites More sharing options...
o_oe Posted February 4, 2008 Author Share Posted February 4, 2008 Many thanks. It worked. Link to comment Share on other sites More sharing options...
o_oe Posted February 4, 2008 Author Share Posted February 4, 2008 But I don't find the data in my database. This the the code that I used.<?php// Pick up the form data and assign it to variables$position = $_POST['position'];$full_name = $_POST['full_name'];$e_mail = $_POST['e_mail'];$phone = $_POST['phone'];$address = $_POST['address'];$city = $_POST['city'];$country = $_POST['country'];$comment = $_POST['comment'];// Open database connection$conn = mysql_connect('localhost', 'username', 'password');mysql_select_db('database');// Insert data$query = "INSERT INTO table (position,full_name, e_mail, phone, address, city, country, comment) ... VALUES ('$position','$full_name', '$e_mail', '$phone', '$address', '$city', '$country', '$comment')";mysql_query($query);// Close connectionmysql_close($conn);// Redirectheader("Location: confirmation.htm"); Link to comment Share on other sites More sharing options...
Lulzim Posted February 4, 2008 Share Posted February 4, 2008 does it show any error message?and what are these three ... doing there?$query = "INSERT INTO table (position,full_name, e_mail, phone, address, city, country, comment) ...VALUES ('$position','$full_name', '$e_mail', '$phone', '$address', '$city', '$country', '$comment')"; Link to comment Share on other sites More sharing options...
justsomeguy Posted February 4, 2008 Share Posted February 4, 2008 You need to escape all of the variables from $_POST. If there is a single quote anywhere the SQL statement will fail.$position = mysql_real_escape_string($_POST['position']);$full_name = mysql_real_escape_string($_POST['full_name']);etc Link to comment Share on other sites More sharing options...
o_oe Posted February 4, 2008 Author Share Posted February 4, 2008 You need to escape all of the variables from $_POST. If there is a single quote anywhere the SQL statement will fail.$position = mysql_real_escape_string($_POST['position']);$full_name = mysql_real_escape_string($_POST['full_name']);etcDo you mean that $position = $_POST['position'];for instance should be replaced with$position = mysql_real_escape_string($_POST['position']);Thanks for your time. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 4, 2008 Share Posted February 4, 2008 That's right, all of the lines where you get the data from $_POST need to use mysql_real_escape_string. The same thing goes for $_GET and $_COOKIE. You only need to do that if you are using the values in a SQL statement. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.