Linode Forum

webc0der · Joined: 13 Jun 2007 Posts: 13 Location: Florida

Hey guys,

Hoping someone can help me out. On my linode I have mysql, php & apache, and im trying to write a script to pull info from my database, but I keep getting this error:

Quote: PHP Parse error: syntax error, unexpected T_LOGICAL_OR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Heres the script:
Code: <?php
//set database connection variables
$host='localhost';
$dbuser='xxx';
$dbpass='xxx';
$dbname='xxx';

$connection = mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

require('dbconnect.php');
if($_POST['submit']) {
$firstname = $_POST['firstname'];
$middlename = $_POST['middlename'];
$lastname = $_POST['lastname'];
$sex = $_POST($sex);
$emailaddress = $_POST['emailaddress'];
if((empty($firstname)) OR (empty($middlename)) OR (empty($lastname)) OR (empty($sex)) OR (empty($sex)))
{
echo "Please fill in all fields!";
}
if (empty($you)) OR (empty($others));
{
echo "Please agree to both terms or you cannot be a member! (All members are bound by these terms and if they violate them their membership will be revoked.)";
}
else {
$query = "INSERT INTO ifdbt0 (memberid, firstname, middlename, lastname, sex, emailaddress) VALUES ('', '$firstname', '$middlename', '$lastname', '$sex', '$emailaddress;)";
mysql_query($query) or die(mysql_error());
echo "Thank you for your registration $firstname $middlename $lastname! You are now an official member of the Inspiration Foundation.";
}
mysql_close($connection);
?>

But I cant figure out the prob :/ Can anyone help?

Kind Regards,
Justin

____
Edit by Jed Smith: Removed database credentials.

NeonNero · Joined: 04 Jan 2005 Posts: 214 Location: Ålesund, Norway

I think you might have to take a closer look at the file dbconnect.php, around, say, line 24 (or thereabouts). You probably have a missing paranthesis or something on that line or the previous one.

hybinet · Joined: 02 May 2008 Posts: 1058

Code: if (empty($you)) OR (empty($others));
should be
Code: if ((empty($you)) OR (empty($others)))

mjrich · Joined: 16 Jun 2008 Posts: 151

Code: $firstname = $_POST['firstname'];
$middlename = $_POST['middlename'];
$lastname = $_POST['lastname'];
$sex = $_POST($sex);
$emailaddress = $_POST['emailaddress'];
.
.
$query = "INSERT INTO ifdbt0 (memberid, firstname, middlename, lastname, sex, emailaddress) VALUES ('', '$firstname', '$middlename', '$lastname',
I hope you're going to do some sanity checks on these first...

JshWright · Joined: 27 Oct 2008 Posts: 173

Like mjrich said, you're asking for trouble if you don't check your inputs before you feed them to the database.

Also, that second to last semicolon in your insert statement should be a single quote.

~JW

Guspaz · Joined: 26 May 2009 Posts: 1147 Location: Montreal, QC

Also, it's generally a bad idea to post your database hostname, username and password in public.

sweh · Joined: 13 Apr 2004 Posts: 565

webc0der wrote:
$query = "INSERT INTO ifdbt0 (memberid, firstname, middlename, lastname, sex, emailaddress) VALUES ('', '$firstname', '$middlename', '$lastname', '$sex', '$emailaddress;)";

Missing ' after $emailaddress (appears to have been replaced with a ; )

BarkerJr · Joined: 02 Aug 2009 Posts: 220 Location: Connecticut, USA

Yeah, it's much better to not use database passwords and use IP-based authentication instead.

Guspaz · Joined: 26 May 2009 Posts: 1147 Location: Montreal, QC

BarkerJr wrote: Yeah, it's much better to not use database passwords and use IP-based authentication instead.

Woah, no way. IPs can be spoofed, although you'll have trouble getting return traffic unless you're on a LAN. Except Linodes are.

If you want to go the IP-auth route, use it in combination with a password; MySQL makes that easy, especially if you use phpMyAdmin to set it up (it's a dropdown on the create account page).

BarkerJr · Joined: 02 Aug 2009 Posts: 220 Location: Connecticut, USA

I'm pretty sure that you cannot hijack IPs in the Linode networks.

Stever · Joined: 07 Dec 2007 Posts: 337 Location: NC, USA

webc0der wrote: Code: $host='localhost';
Good luck trying to spoof that one from anywhere ;)

Guspaz · Joined: 26 May 2009 Posts: 1147 Location: Montreal, QC

Stever wrote: webc0der wrote: Code: $host='localhost';
Good luck trying to spoof that one from anywhere ;)

You didn't pay enough attention to his post:

Quote: PHP Parse error: syntax error, unexpected T_LOGICAL_OR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Notice the hostname there :P

tronic · Joined: 04 Dec 2004 Posts: 145

Guspaz wrote: Stever wrote: webc0der wrote: Code: $host='localhost';
Good luck trying to spoof that one from anywhere ;)

You didn't pay enough attention to his post:

Quote: PHP Parse error: syntax error, unexpected T_LOGICAL_OR in /var/www/vhosts/xxx.net/httpdocs/Tim/dbconnect.php on line 24, referer: http://xxx.net/Tim/Registration.htm

Notice the hostname there :P

True 'nuff but look at the directory pathname -- possible he had /etc/hosts entry like: 127.0.0.1 xxx.net localhost

Script issue