#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13

    Struggling with some PHP


    Hi

    Sorry am struggling with some PHP coding, I am trying to make a feedback automatically add testimonials to a webpage, the first lot of coding I had was unsecure so took it off the page that was on a domain and wa given a very good link by jacques on here but am struggling to get the following coding error free as keeps coming up in Dreamweaver I have a error on the following line

    I can't work out how to correct it

    PHP Code:
    echo '<p style='"margin: 0; padding: 5px 0 0 0; height: 100px; font-family: arial; border-bottom: 1px solid black; color: #000000;"'>' html_escape($text['comment']) . '</p>'
    Below is the full coding

    PHP Code:
    <?php require_once dirname(__FILE__) . 'database.inc.php';    // change this to actual location

    $entries_stmt $database->prepare('SELECT * FROM `testimonials` ORDER BY `id`');

    require_once 
    dirname(__FILE__) . 'functions.inc.php';    // change this to actual location 


    echo '<h2>comments</h2>'
    foreach (
    $name as $name)
    foreach (
    $email as $email)
    foreach (
    $text as $text) { 
        echo 
    '<p style='"margin: 0; padding: 5px 0 0 0; height: 100px; font-family: arial; border-bottom: 1px solid black; color: #000000;"'>' html_escape($text['comment']) . '</p>'

    ?>
    Please can someone help on this part

    I am trying to learn more safer and secure PHP

    Ian
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    I don't know what error message Dreamweaver displays (you didn't tell us), but the code you posted is syntactically incorrect. You can't have single quotes inside a single quoted string, because then the PHP parser cannot tell where the string starts and where it ends. When you need literal single quotes, you must escape them with a backslash:

    PHP Code:
    echo 'I\'m so excited, and I just can\'t hide it.'
    But what are the single quotes doing there, anyway? That's not what an HTML tag looks like. In HTML, attributes are delimited by either double quotes or single quotes. But not both. So simply remove the single quotes inside the string.

    The database code doesn't work like that. I'm not even sure what you're trying to do. What are those three strange loops supposed to do? Where do $name, $email and $text come from? I don't see you defining them anywhere.

    Doing queries with the PDO extension isn't really different from doing queries with the old mysql_* functions: You send a query to the database system. You get back a result set. And then you can loop through the rows. So you have one loop, not three of them!

    This is what your code might look like:

    PHP Code:
    <?php

    require_once dirname(__FILE__) . '/functions.inc.php';
    require_once 
    dirname(__FILE__) . '/database.inc.php';



    // this is where you query the database for the testimonials
    $testimonials_stmt $database->query('
        SELECT
            comment
        FROM
            testimonials
        ORDER BY
            id DESC
    '
    );

    echo 
    '<h2>comments</h2>';

    // this is where you loop through the rows of the result set (each row is a testimonial)
    foreach ($testimonials_stmt as $testimonial) {
        echo 
    '<p>' html_escape($testimonial['comment']) . '</p>';
    }
    Some notes regarding code quality:

    • Don't use SELECT *. It's inefficient, it reduces readability, and it's just sloppy. Always specify the concrete columns you wanna fetch.
    • Don't use those `` backticks in your queries. They reduce readability and tend to cover up errors, because they make MySQL accept invalid names.
    • Format your queries! As long as your queries are short, it may be acceptable to stuff them into a single line. But as they get more complex, you need to make them readable.
    • Don't use inline styles in your HTML elements. They massively reduce the readability of your code and quickly make it unmaintainable. Use CSS selectors instead (you know how to do that, right?)

    I'd also consider giving up Dreamweaver and switching to a professional IDE like Netbeans or Eclipse. But that's a different topic.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo