Thread: Syntax problem

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    1
    Rep Power
    0

    Syntax problem


    I don't see why this message:
    "; $stat = mysql_query($query) or die('Query failed: ' . mysql_error()); mysql_close(); ?>
    PHP Code:
    <?php
    if (isset( $_POST['payrec']) ) 
    {
    $recur=$_POST['recur'];
    $pd=$_POST['pd'];
    $payrec=$_POST['payrec'];
    $acctno=$_POST['acctno'];
    $ordno=$_POST['ordno'];
    $bname=$_POST['bname'];  
    $bstreet=$_POST['bstreet'];  
    $bcity=$_POST['bcity'];
    $bstate=$_POST['bstate'];
    $bzip=$_POST['bzip'];
    $bemail=$_POST['bemail'];
    $phone=$_POST['phone'];
    $contact=$_POST['contact'];
    $sname=$_POST['sname'];  
    $sstreet=$_POST['sstreet'];
    $scity=$_POST['scity'];
    $sstate=$_POST['sstate'];
    $szip=$_POST['szip'];
    $semail=$_POST['semail'];
    $terms=$_POST['terms'];
    $fob=$_POST['fob'];
    $shipdate=$_POST['shipdate'];
    $shipamt=$_POST['shipamt'];  
    $dateord=$_POST['dateord'];
    $datecomp=$_POST['datecomp'];
    $duedate=$_POST['duedate'];  
    $datepaid=$_POST['datepaid'];
    $qty=$_POST['qty'];  
    $descr=$_POST['descr'];  
    $charges=$_POST['charges'];
    $tax=$_POST['tax'];  
    $paidamt=$_POST['paidamt'];
    $dayslate=$_POST['dayslate'];
    $checkno=$_POST['checkno'];
    $amtdue=$_POST['amtdue'];
    $prevbal=$_POST['prevbal'];
    $baldue=$_POST['baldue'];
    }
    mysql_connect('localhost','root','');
    mysql_select_db('oodb') or die( "Unable to select database");
    print 
    $_POST['acctno'];
    $query "
    INSERT INTO oocust (recur,pd,payrec,acctno,ordno,bname,bstreet,bcity,bstate,bzip,bemail,phone,contact,
    sname,sstreet,scity,sstate,szip,semail,terms,fob,shipdate,shipamt,dateord,datecomp,
    duedate,datepaid,qty,descr,charges,tax,paidamt,dayslate,checkno,amtdue,prevbal,baldue)
    VALUES ('
    $recur','$pd','$payrec','$acctno',ordno','$bname','$bstreet','$bcity','$bstate',
    '
    $bzip','bemail','$phone','$contact','$sname','$sstreet','$sscity','$sstate','$szip',
    '
    $semail','$terms','$fob','$shipdate','$shipamt','$dateord','$datecomp','$duedate',
    '
    $datepaid','$qty','$descr','$charges','$tax','$paidamt','$dayslate','$checkno,
    '
    $amtdue','$prevbal,','$baldue')";
    echo 
    "data inserted</font><br /><br />"
    $stat mysql_query($query) or die('Query failed: ' mysql_error()); 
    mysql_close();
    ?>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,232
    Rep Power
    593
    1) Do not use the deprecated MySQL extensions. Switch to PDO and use prepared statements. Your code is vulnerable to injection.

    2) If you look at the formatted code you can see it is pretty obvious you have a problem with your quotes.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,749
    Rep Power
    9397
    Your script is not running as PHP code. Either it doesn't have a .php extension or you don't have PHP set up properly/at all on the server. Or sometimes it's because someone tries to run a file without a web server at all - directly from the drive.

IMN logo majestic logo threadwatch logo seochat tools logo