PHP Mess on My Hands

I’m in my third week ever of writing in PHP for school. Last week we had to make a PHP RSVP form that validated every field. I got a B despite my form not functioning properly. This week we need to take the info from the form and input it into a database. I keep getting this error:

Parse error: syntax error, unexpected T_STRING in …/test/test.php on line 77

Here is the code… I feel like it’s horrible, but the professor isn’t much help. Any idea why I am getting that error?

This is line 77 & 78:
$connectID = mysql_connect($host, $username, $password) or die(mysql_error(Sorry, cannot connect to the database.));
mysql_select_db(‘mverminski’, $connectID) or die(mysql_error(Unable to connect to database.));

// show form fields when submitted
if ($_POST['submitted']) {

	$first_name = @$_POST['first_name'];
	$last_name = @$_POST['last_name'];
	$address = @$_POST['address'];
	$city = @$_POST['city'];
	$state = @$_POST['state'];
	$postal_code = @$_POST['postal_code'];
	$phone_number = @$_POST['phone_number'];
	$rsvp = @$_POST['rsvp'];
	$image = @$_POST['image'];

	// validate
	if ($first_name=="") {
	$error_msg[] ="You must enter your first name<br />";
	if ($last_name=="") {
	$error_msg[] ="You must enter your last name<br />";
	if ($address=="") {
	$error_msg[] ="You must enter your address<br />";
	if ($city=="") {
	$error_msg[] ="You must enter your city<br />";
	if ($state=="") {
	$error_msg[] ="You must enter your state<br />";
	if (strlen($state)>2) {
	$error_msg[] ="State must contain only two letters<br/>";

	if (!strlen($postal_code)<5) {
	$error_msg[] ="You must enter a valid 5 digit postal code<br />";
	if (!eregi('^[[:digit:]]+$',$postal_code)) {
	$error_msg[] ="You must enter a valid postal code<br />";
	if (eregi('^([[:digit:]]| |-)+$', $phone_number)) {
	$error_msg[] = ("Please enter a valid phone number");

	if ($image=="") {
	$error_msg[] ="You must upload an image.<br />";
	foreach ($error_msg as $err) {
	echo ("$err <br />");
	if (!error_msg) {
	header ('Location: thanks.php');
		//database variables
	$tbl_name="Christmas Party";
	//Connect to database
	$connectID = mysql_connect($host, $username, $password) or die(mysql_error(Sorry, cannot connect to the database.));
	mysql_select_db('mverminski', $connectID) or die(mysql_error(Unable to connect to database.));
	//insert data into database
	$query="INSERT INTO $tbl_name (first name, last name, address, city, state, postal code, phone number, rsvp, image) VALUES ('$first_name', '$last_name', '$address', '$city', '$state', '$postal_code', '$phone_number', '$rsvp', '$image')";
	If ($result) {
	echo "Success!";
	echo "<br>";
	echo "<a href='data.php'>View your form</a>";
	echo "ERROR";


<title>Christmas Party</title>

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="POST">
	<h4>Company Christmas Party!</h4>
if ($error_msg) {
echo "<ul>\
	foreach ($error_msg as $err) {
	echo "<li>".$err."</li>\
echo "</ul>\
<label for="first_name">First Name*</label><br />
	<input name="first_name" type="text" size="20" id="first_name" value="<?php echo $first_name ?>"/><br/>
<label for="last_name">Last Name*</label><br />
	<input name="last_name" type="text" size="20" id="last_name" value="<?php echo $last_name ?>" /><br/>
<label for="first_name">Address*</label><br />
	<input name="address" type="text" size="40" id="address" value="<?php echo $address ?>" /><br/>
<label for="first_name">City*</label><br />
	<input name="city" type="text" size="20" id="city" value="<?php echo $city ?>" /><br/>
<label for="first_name">State*</label><br />
	<input name="state" type="text" size="2" id="state" value="<?php echo $state ?>" /><br/>
<label for="first_name">Postal Code*</label><br />
	<input name="postal_codee" type="text" size="5" id="postal_code" value="<?php echo $postal_code ?>" /><br/>
<label for="first_name">Phone Number*</label><br />
	<input name="phone_number" type="text" size="10" id="phone_number" value="<?php echo $phone_number ?>" />
<form action="./result.php" method="post">
  <p>Will you be attending?<br/>
<label for="rsvp_yes">Yes</label> <input type="radio" name="rsvp_yes" value="yes" /><br />
<label for="rsvp_no">No</label> <input type="radio" name="rsvp_no" value="no"  /><br />
<form action="./upload.php" method="post" enctype="multipart/form-data">
      <label for="image">Select an image:</label> <input name="image" type="file" id="image" value="<?php echo $image ?>"> <br />

<input type="hidden" name="submitted" value="1" />
<input type="submit" value="Submit" />

die(mysql_error(Sorry, cannot connect to the database.));

This makes no sense. Why would you pass a string into the [fphp]mysql_error[/fphp] function? Actually because you haven’t put quotes around your message, it’s not a string either.

The only argument mysql_error takes is the connection to the DB (which is optional).

If you want to die with an error you pass a string to die

die('I am dead');

If you want to die with the error from mysql (and for some reason display that for your users to see) you’d use


Your second example is what my professor showed us in class, but I added the message to it, which I guess is wrong. That is line 78 though, and line 77 is the one with the error on it. Or is this causing that line to error? I can’t check to see if that is the resolution because I am at work and my project is at home, but thanks for the help. I will change it later.

You want to show a message as well? Concatenate it to the mysql error:

die(mysql_error() [B][COLOR="Red"]. 'Your message here'[/COLOR][/B]);  

By the way, it looks to me like your script will reach the “insert into database” part only if errors are found…

My validation is backwards?

I fixed the mysql_error, but it still doesn’t work correctly.

Mysql column names with spaces
No protection against sql injection
Incorrect use of error array

I dropped the validation since this weeks project focuses on inserting data into a database, and I started over. I have a form.php that contains only HTML for the form and

<form method="post" action="update.php">

which links to update.php (obviously). Now at least the page loads correctly, but now I get “Error updating database”. Do you see anything obviously wrong here?

// show form fields when submitted
	$first_name = $_POST['first_name'];
	$last_name = $_POST['last_name'];
	$address = $_POST['address'];
	$city = $_POST['city'];
	$state = $_POST['state'];
	$postal_code = $_POST['postal_code'];
	$phone_number = $_POST['phone_number'];

//connect to database
mysql_connect ("..../", "mverminski", "Password")
	or die ('Error: ' . mysql_error());
//Insert data into database
$query="INSERT INTO Christmas_Party (ID, first_name, last_name, address, city, state, postal_code, phone_number)VALUES ('NULL', '".$first_name."', '".$last_name."', '".$address."', '".$city."', '".$state."', '".$postal_code."', '".$phone_number."')";

//execute query
mysql_query($query) or die ('Error updating database');
	echo "Database Updated With: " .$first_name. " ".$last_name." ".$address." ".$city." ".$state." ".$postal_code." ".$phone_number ;

The project is due Sunday and I have enough code written to pull out a B, but I really want it to work and to get an A.

This is my second week writing PHP, I don’t know what you mean.

I thought it was third? :wink:

Your best bet is to really look at what your code is doing, and maybe look up what was mentioned.

  1. MySQL Column names with spaces - if a column name has a space in (which you really should avoid for the sake of ease) then it needs to be enclosed in backquotes:

    sql INSERT INTO $tbl_name (`first name`...

    Otherwise, with what you have above, it would try to find a value in a column first and give it an alias name. This is only really useful in larger queries involving multiple tables.
  2. No protection against SQL injection - At current someone could enter a value in a textbox which screws up the entire query - be it malicious or unintentional. Think about this scenario:

    php <?php $Name = $_POST['name']; $Query = MySQL_Query("SELECT * FROM users WHERE name='{$Name}'");

    If a user posted something to change that query, they could manipulate that query, for example if $_POST[‘name’] was:

    ' OR 1='1

    The query would look like:

    sql SELECT * FROM users WHERE name='' OR 1 = '1'

    Which would select all users. Obviously there are much more serious cases, but you get the point. So to protect against this, use the mysql_real_escape_string function.

Go through your code. Whenever you’re not using a { because of a single-line statement, slap yourself hard (optional) and put one in. You have braces all over the place ending or starting things which haven’t been started or ended, and in some cases in completely wrong places - For example:

foreach ($error_msg as $err) {
	echo ("$err <br />");
	if (!error_msg) {
	header ('Location: thanks.php');

You have a (invalid) method of seeing if the error message array is empty INSIDE a foreach loop - if it’s empty, that statement won’t have ever run because the foreach wouldn’t have run.

eregi functions are outdated. Read the manual before using any new function

Also relying on the @ is a bad move. It is a silencing method which is like telling PHP to walk on broken glass but not to say ‘ouch’. Use proper validation techniques to verify that something has been posted:

$first_name = array_key_exists('first_name', $_POST) ? $_POST['first_name'] : '';

All these things you will pick up. Remember what you’ve learned and you can do well. Though I think it has to be said that any developer often spends long hours trying their own projects, making their own mistakes and learning from them. Though I can guarantee you, you will do much better if you learn PHP as a hobby instead of focusing just on what you’re supposed to do for school (do that too, of course). Most importantly, don’t learn what to use in certain situations. Learn WHY things are used, and mess around with other ideas which may work better in certain situations.

Thanks. I have been playing with this from 5-11 each night since Wednesday and making little progress. The eregi function was in my book which I followed for most of this project. It’s from 2007 so maybe it wasn’t outdated when it was written.

When I started over I removed the @ so it now reads $_POST, like in my second post that contains code, and I also removed the space and everything reads as first_name, last_name, etc.

As for the { } mistakes I got those lines straight from my professor in our live chat session for class. He doesn’t give us much help, but instead just runs through powerpoint presentations. The whole class feels like it is teaching itself how to write this stuff which is overwhelming when you have a week to learn and complete the project.

I’ve started looking into validation functions that I’ve downloaded from the internet, but that was last weeks assignment so I sort of it put it to the side to try to at least have all the code written for this week even if the form doesn’t function properly.

The thing is I found and altered a simple PHP form with validation to use for a website I made for a family friend and I understood it fine. Now this all seems like Russian to me.

Hello, it sounds like we have the same class and same professor only you took it earlier than me. I am not going through the same situation entering into the 4th week of class and still stuck on assignment from week 2. I made the form and all and followed the book and did my own research online and still not able to get it working like it supposed to. I have a big D in this class because im still waiting on grades from professor as he is regrading my Unit 2 assignment. Anyways I really want to make this work not only to pass the class but for my sanity as this is driving me crazy. (also first time handling PHP ever) Professor just keeps telling me to troubleshoot my errors and being zero help. Can you help me? Any help will be appreciate it.

Well, did you?
If not, why not? Do you know what troubleshooting is? How to do it? Do you get any errors?

Don’t ask us (me at least ;)) to do your homework for you. Of course you can ask anything about problems that you can’t solve, but you’ll have to show what you’ve done so far, and explain what specific thing is beyond your reach.

With all due respect Mr. Guido2004, my post was directed to MVerminski. I am not trying to get anyone to do my homework as I can do that myself. To answer your question yes I have troubleshooted my work and yes I know what it means. I showed profesor what I am getting for errors and every time I change something or take something apart it just gives me a new error. I got rid of the part professor said to get rid of to see if that was what was giving me the problem; however the problem still there and a few more. I came to this blog to seek help not to be insulted or being harrased, but thanks for the concern!

If you felt insulted I apologize. I meant to say that you can find lots of help here, but you’ll have to be more specific in your questions. My questions weren’t meant to insult you, they were to understand a bit more of your programming capabilities.

And the comment about homework may have sounded harsh to you, but there are often people that ask exactly that. So it wasn’t an accusation, but to warn you not to ask that (because reading your post it sounded a bit like that).

I showed profesor what I am getting for errors and every time I change something or take something apart it just gives me a new error. I got rid of the part professor said to get rid of to see if that was what was giving me the problem; however the problem still there and a few more.

Feel free to post your code and the errors you’re getting.