What is an 'unexpected $end'?

[slaterino]

Hi, I am trying to create an IPN for Paypal payments on my site but am having a few problems. I found a simple IPN template on the web and so have started with that but am getting this error in my log file. It is currently writing nothing to the MySQL database and not sending any e-mails.

Code:

PHP Parse error:  syntax error, unexpected $end in /home/danamarf/public_html/ipn/ipn.php on line 120

Line 120 is the very last line of the code. Why is it unexpected? I'm not sure I understand.

This is my code in full:

Code:

<?php
//------------------------------------------------------------------
// Open log file (in append mode) and write the current time into it.
// Open the DB Connection. Open the actual database.
//-------------------------------------------------------------------
$log = fopen("ipn.log", "a");
fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()) . "\n");
$db = mysql_connect("localhost", "db_user", "pass");
mysql_select_db("db_name",$db);

//------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
//------------------------------------------------
$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $$postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}

//--------------------------------------------
// Create message to post back to PayPal...
// Open a socket to the PayPal server...
//--------------------------------------------
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
$fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);

//---------------------------------------------
fwrite($log, "Vals: ". $invoice." ". $receiver_email." ". $item_name." ". $item_number." ". $quantity." ". $payment_status." ". $pending_reason." ".$payment_date." ". $payment_gross." ". $payment_fee." ". $txn_id." ". $txn_type." ". $first_name." ". $last_name." ". $address_street." ". $address_city." ". $address_state . " ".$address_zip." ". $address_country." ". $address_status." ". $payer_email. " ". $payer_status." ". $payment_type." ". $notify_version." ". $verify_sign. "\ n"); 


//----------------------------------------------------------------------
// Check HTTP connection made to PayPal OK, If not, print an error msg
//----------------------------------------------------------------------
if (!$fp) {
echo "$errstr ($errno)";
fwrite($log, "Failed to open HTTP connection!");
$res = "FAILED";
}


//--------------------------------------------------------
// If connected OK, write the posted values back, then...
//--------------------------------------------------------
else {
fputs ($fp, $header . $req);
//-------------------------------------------
// ...read the results of the verification...
// If VERIFIED = continue to process the TX...
//-------------------------------------------
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {

//----------------------------------------------------------------------
// If the payment_status=Completed... Get the password for the product
// from the DB and email it to the customer.
//----------------------------------------------------------------------
if (strcmp ($payment_status, "Completed") == 0) {
$qry = "SELECT password FROM products WHERE pid = \"$item_number\" ";
$result = mysql_query($qry,$db);
while ($myrow = mysql_fetch_row($result)) { $passwd = $myrow[0]; }


$message .= "Dear Customer,\n Thankyou for your order.\n\nThe password f or the item you ordered is: $row[0]\n\nIf you have any problems, please contact us: \n\ninfo\@thg.co.uk";

mail($payer_email, "Your Book Password...", $message, "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");
}


//----------------------------------------------------------------------
// If the payment_status is NOT Completed... You'll have to send the
// password later, by hand, when the funds clear...
//----------------------------------------------------------------------
else {
$message .= "Dear Customer,\n Thankyou for your order.\n\nThe password for the item you ordered will be sent to you when the funds have cleared.\n\nThankyou \n\ninfo\@thg.co.uk";

mail($payer_email, "Your Book Password...", $message, "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");

mail($receiver_email, "Incomplete PayPal TX...", "An incomplete transaction requires your attention.");
}

//----------------------------------------------------------------
// ..If UNVerified - It's 'Suspicious' and needs investigating!
// Send an email to yourself so you investigate it.
//----------------------------------------------------------------
// else {
// mail($payer_email, "An Error Occurred...", "Dear Customer,\n an error occurred while PayPal was processing your order. It will be investigated by a human at the earliest opportunity.\n\nWe apologise for any inconvenience.", "From: russ@thg.co.uk\nReply-To: info@thg.co.uk");

// mail($receiver_email, "Invalid PayPal TX...", "An invalid transaction requires your attention.");

// }
}
}

//--------------------------------------
// Insert Transaction details into DB.
//--------------------------------------
$qry = "INSERT into sales (
invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip\", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status\", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) ";

$result = mysql_query($qry,$db);

//-------------------------------------------
// Close PayPal Connection, Log File and DB.
//-------------------------------------------
fclose ($fp);
fclose ($log);
mysql_close($db);
?>

[Dan Grossman]

The number of opening curly braces "{" does not match the number closing curly braces "}" in your code. The error is telling you PHP did not expect the end of file since it hasn't found the closing "}" yet.

Proper indentation would not only make your code easier to read, but help you identify mismatched curly braces.

So would using single quotes around your string column names, and no quotes around numeric column names, rather than double quotes in your SQL queries. MySQL is being very forgiving to you.

[slaterino]

Hey thanks,
I'm trying to make it easier to read and therefore easier to troubleshoot as we speak. However, what do you mean by numeric column names? And the string column names, are these the instances where I refer to the columns in the MySQL database?

Thanks
Russ

[Dan Grossman]

For example, this query of yours:

PHP Code:

$qry = "INSERT into sales (
invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip\", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status\", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) "; 


You don't need double quotes around any of the values that are numeric, and you should use single quotes instead of double quotes around the values that aren't numeric. For example, just guessing at what's what:

PHP Code:

$qry = "INSERT into sales 
(invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign) 
VALUES 
('$invoice', '$receiver_email', '$item_name', $item_number, $quantity, '$payment_status', '$pending_reason', '$payment_date', $payment_gross, $payment_fee, '$txn_id', '$txn_type', '$first_name', '$last_name', '$address_street', '$address_city', '$address_state', '$address_zip', '$address_country', '$address_status', '$payer_email', '$payer_status', '$payment_type', $notify_version, '$verify_sign')"; 


[SituationSoap]

You don't need double quotes around any of the values that are numeric, and you should use single quotes instead of double quotes around the values that aren't numeric. For example, just guessing at what's what:

You don't need any quotes if you correctly parameterize the SQL. That method has the side effect of being about a trillion times more secure, as well.

[lorenw]

You don't need any quotes if you correctly parameterize the SQL. That method has the side effect of being about a trillion times more secure, as well.

Can you explain more, I use single quotesand didn't know there was an alternative

[spiderling]

Parametrized statements prevent SQL injection.

You can either use the MySQL Improved Extension or PHP Data Objects (PDO) to parametrize your statements. However, PDO seems to be the recommended choice.

http://www.sitepoint.com/forums/showthread.php?t=612080