View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Script issue
Log in to Ask a Question

Script issue

general

Hey guys,

Hoping someone can help me out. On my linode I have mysql, php & apache, and im trying to write a script to pull info from my database, but I keep getting this error:

> PHP Parse error: syntax error, unexpected TLOGICALOR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Heres the script:

But I cant figure out the prob :/ Can anyone help?

Kind Regards,

Justin

Edit by Jed Smith: Removed database credentials.

12 Replies

I think you might have to take a closer look at the file dbconnect.php, around, say, line 24 (or thereabouts). You probably have a missing paranthesis or something on that line or the previous one.

````
if (empty($you)) OR (empty($others));

should be

if ((empty($you)) OR (empty($others)))
````

$firstname = $_POST['firstname']; $middlename = $_POST['middlename']; $lastname = $_POST['lastname']; $sex = $_POST($sex); $emailaddress = $_POST['emailaddress']; . . $query = "INSERT INTO ifdbt0 (memberid, firstname, middlename, lastname, sex, emailaddress) VALUES ('', '$firstname', '$middlename', '$lastname', I hope you're going to do some sanity checks on these first…

Like mjrich said, you're asking for trouble if you don't check your inputs before you feed them to the database.

Also, that second to last semicolon in your insert statement should be a single quote.

~JW

Also, it's generally a bad idea to post your database hostname, username and password in public.

@webc0der:

$query = "INSERT INTO ifdbt0 (memberid, firstname, middlename, lastname, sex, emailaddress) VALUES ('', '$firstname', '$middlename', '$lastname', '$sex', '$emailaddress;)";

Missing ' after $emailaddress (appears to have been replaced with a ; )

Yeah, it's much better to not use database passwords and use IP-based authentication instead.

@BarkerJr:

Yeah, it's much better to not use database passwords and use IP-based authentication instead.

Woah, no way. IPs can be spoofed, although you'll have trouble getting return traffic unless you're on a LAN. Except Linodes are.

If you want to go the IP-auth route, use it in combination with a password; MySQL makes that easy, especially if you use phpMyAdmin to set it up (it's a dropdown on the create account page).

I'm pretty sure that you cannot hijack IPs in the Linode networks.

@webc0der: 

$host='localhost';


Good luck trying to spoof that one from anywhere ;)

@Stever:

@webc0der: 

$host='localhost';


Good luck trying to spoof that one from anywhere ;)

You didn't pay enough attention to his post:

> PHP Parse error: syntax error, unexpected TLOGICALOR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Notice the hostname there :P

@Guspaz:

@Stever:

@webc0der: 

$host='localhost';


Good luck trying to spoof that one from anywhere ;)

You didn't pay enough attention to his post:

> PHP Parse error: syntax error, unexpected TLOGICALOR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Notice the hostname there :P

True 'nuff but look at the directory pathname – possible he had /etc/hosts entry like: 127.0.0.1 xxx.net localhost

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct