SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot
    Join Date
    Jul 2008
    Posts
    184
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What is an 'unexpected $end'?

    Hi, I am trying to create an IPN for Paypal payments on my site but am having a few problems. I found a simple IPN template on the web and so have started with that but am getting this error in my log file. It is currently writing nothing to the MySQL database and not sending any e-mails.

    Code:
    PHP Parse error:  syntax error, unexpected $end in /home/danamarf/public_html/ipn/ipn.php on line 120
    Line 120 is the very last line of the code. Why is it unexpected? I'm not sure I understand.

    This is my code in full:
    Code:
    <?php
    //------------------------------------------------------------------
    // Open log file (in append mode) and write the current time into it.
    // Open the DB Connection. Open the actual database.
    //-------------------------------------------------------------------
    $log = fopen("ipn.log", "a");
    fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()) . "\n");
    $db = mysql_connect("localhost", "db_user", "pass");
    mysql_select_db("db_name",$db);
    
    //------------------------------------------------
    // Read post from PayPal system and create reply
    // starting with: 'cmd=_notify-validate'...
    // then repeating all values sent - VALIDATION.
    //------------------------------------------------
    $postvars = array();
    while (list ($key, $value) = each ($HTTP_POST_VARS)) {
    $postvars[] = $key;
    }
    $req = 'cmd=_notify-validate';
    for ($var = 0; $var < count ($postvars); $var++) {
    $postvar_key = $postvars[$var];
    $postvar_value = $$postvars[$var];
    $req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
    }
    
    //--------------------------------------------
    // Create message to post back to PayPal...
    // Open a socket to the PayPal server...
    //--------------------------------------------
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
    $fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);
    
    //---------------------------------------------
    fwrite($log, "Vals: ". $invoice." ". $receiver_email." ". $item_name." ". $item_number." ". $quantity." ". $payment_status." ". $pending_reason." ".$payment_date." ". $payment_gross." ". $payment_fee." ". $txn_id." ". $txn_type." ". $first_name." ". $last_name." ". $address_street." ". $address_city." ". $address_state . " ".$address_zip." ". $address_country." ". $address_status." ". $payer_email. " ". $payer_status." ". $payment_type." ". $notify_version." ". $verify_sign. "\ n"); 
    
    
    //----------------------------------------------------------------------
    // Check HTTP connection made to PayPal OK, If not, print an error msg
    //----------------------------------------------------------------------
    if (!$fp) {
    echo "$errstr ($errno)";
    fwrite($log, "Failed to open HTTP connection!");
    $res = "FAILED";
    }
    
    
    //--------------------------------------------------------
    // If connected OK, write the posted values back, then...
    //--------------------------------------------------------
    else {
    fputs ($fp, $header . $req);
    //-------------------------------------------
    // ...read the results of the verification...
    // If VERIFIED = continue to process the TX...
    //-------------------------------------------
    while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
    
    //----------------------------------------------------------------------
    // If the payment_status=Completed... Get the password for the product
    // from the DB and email it to the customer.
    //----------------------------------------------------------------------
    if (strcmp ($payment_status, "Completed") == 0) {
    $qry = "SELECT password FROM products WHERE pid = \"$item_number\" ";
    $result = mysql_query($qry,$db);
    while ($myrow = mysql_fetch_row($result)) { $passwd = $myrow[0]; }
    
    
    $message .= "Dear Customer,\n Thankyou for your order.\n\nThe password f or the item you ordered is: $row[0]\n\nIf you have any problems, please contact us: \n\ninfo\@thg.co.uk";
    
    mail($payer_email, "Your Book Password...", $message, "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");
    }
    
    
    //----------------------------------------------------------------------
    // If the payment_status is NOT Completed... You'll have to send the
    // password later, by hand, when the funds clear...
    //----------------------------------------------------------------------
    else {
    $message .= "Dear Customer,\n Thankyou for your order.\n\nThe password for the item you ordered will be sent to you when the funds have cleared.\n\nThankyou \n\ninfo\@thg.co.uk";
    
    mail($payer_email, "Your Book Password...", $message, "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");
    
    mail($receiver_email, "Incomplete PayPal TX...", "An incomplete transaction requires your attention.");
    }
    
    //----------------------------------------------------------------
    // ..If UNVerified - It's 'Suspicious' and needs investigating!
    // Send an email to yourself so you investigate it.
    //----------------------------------------------------------------
    // else {
    // mail($payer_email, "An Error Occurred...", "Dear Customer,\n an error occurred while PayPal was processing your order. It will be investigated by a human at the earliest opportunity.\n\nWe apologise for any inconvenience.", "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");
    
    // mail($receiver_email, "Invalid PayPal TX...", "An invalid transaction requires your attention.");
    
    // }
    }
    }
    
    //--------------------------------------
    // Insert Transaction details into DB.
    //--------------------------------------
    $qry = "INSERT into sales (
    invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
    VALUES
    ( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip\", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status\", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) ";
    
    $result = mysql_query($qry,$db);
    
    //-------------------------------------------
    // Close PayPal Connection, Log File and DB.
    //-------------------------------------------
    fclose ($fp);
    fclose ($log);
    mysql_close($db);
    ?>

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The number of opening curly braces "{" does not match the number closing curly braces "}" in your code. The error is telling you PHP did not expect the end of file since it hasn't found the closing "}" yet.

    Proper indentation would not only make your code easier to read, but help you identify mismatched curly braces.

    So would using single quotes around your string column names, and no quotes around numeric column names, rather than double quotes in your SQL queries. MySQL is being very forgiving to you.

  3. #3
    SitePoint Zealot
    Join Date
    Jul 2008
    Posts
    184
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey thanks,
    I'm trying to make it easier to read and therefore easier to troubleshoot as we speak. However, what do you mean by numeric column names? And the string column names, are these the instances where I refer to the columns in the MySQL database?

    Thanks
    Russ

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    For example, this query of yours:

    PHP Code:
    $qry "INSERT into sales (
    invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
    VALUES
    ( \"
    $invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip\", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status\", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) "
    You don't need double quotes around any of the values that are numeric, and you should use single quotes instead of double quotes around the values that aren't numeric. For example, just guessing at what's what:

    PHP Code:
    $qry "INSERT into sales 
    (invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign) 
    VALUES 
    ('
    $invoice', '$receiver_email', '$item_name', $item_number$quantity, '$payment_status', '$pending_reason', '$payment_date', $payment_gross$payment_fee, '$txn_id', '$txn_type', '$first_name', '$last_name', '$address_street', '$address_city', '$address_state', '$address_zip', '$address_country', '$address_status', '$payer_email', '$payer_status', '$payment_type', $notify_version, '$verify_sign')"

  5. #5
    SitePoint Addict
    Join Date
    Apr 2009
    Posts
    248
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Grossman View Post

    You don't need double quotes around any of the values that are numeric, and you should use single quotes instead of double quotes around the values that aren't numeric. For example, just guessing at what's what:

    You don't need any quotes if you correctly parameterize the SQL. That method has the side effect of being about a trillion times more secure, as well.

  6. #6
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,094
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SituationSoap View Post
    You don't need any quotes if you correctly parameterize the SQL. That method has the side effect of being about a trillion times more secure, as well.
    Can you explain more, I use single quotesand didn't know there was an alternative
    What I lack in acuracy I make up for in misteaks

  7. #7
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    213
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Parametrized statements prevent SQL injection.

    You can either use the MySQL Improved Extension or PHP Data Objects (PDO) to parametrize your statements. However, PDO seems to be the recommended choice.

    http://www.sitepoint.com/forums/showthread.php?t=612080


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •