Phase Error

Anon

Hiya I've been scrating my head over this for nearly 1/2 a day trying to figure out why i have yet another phase error if some one could look and let me know i will be very greatful

Code below

Peter

<head>
<title>Erentals</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF">
<?
$db = mysql_connect("172.16.201.6", "root");

mysql_select_db("erentals", $db);

if ($submit) {

// here if no ID then addin else we're editing

if ($id){
$sql = "update users set name='$name',email='$email',username='$username',userpass='$userpass',company='$company',address='$address',state='$state',post='post'";
} else {
$sql = "insert into users (name,email,username,userpass,company,address,state,post) values ('$name','$email','$username','$userpass','$company','$address','$state','$post')";
}

// run sql against the db
$result = mysql_query($sql);
echo "Record updated/edited<p>";
} elseif ($delete) {

// delete a record
$sql = "delete from users where id=$id";
$result = mysql_query($sql);
echo "$sql Record deleted! <p>";

} else {
// this part happens if we don't press submit

if (!$id) {
  // print the list is there is not editing
  $result = mysql_query("select * from users",$db);
  while ($myrow = mysql_fetch_array($result)) {
    printf("<a href=\"%s?id=%s\">%s %s</a> \n","$php_self",$myrow["member_id"],$myrow["name"],$myrow["email"],$myrow["username"],$myrow["userpass"],$myrow["company"],$myrow["address"],$myrow["state"],$myrow["post"]");
	   printf("<a href=\"%s?id=%s&delete=yes\">delete</a><br>","$php_self",$myrow["member_id"],$myrow["name"],$myrow["email"],$myrow["username"],$myrow["userpass"],$myrow["company"],$myrow["address"],$myrow["state"],$myrow["post"]");
	 }
}

<a href="<? echo "$php_self"?>">Add A Record</a>
<p>
<form method="post" action="<? "php echo "$php_self" ?>">
<?

if ($id) {
//editing so select a record
$sql = "select * from users where id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$id = $myrow["member_id"];
$name = $myrow["name"];
$email = $myrow["email"];
$username = $myrow["username"];
$userpass = $myrow["userpass"];
$company = $myrow["company"];
$address = $myrow["address"]
$state = $myrow["state"];
$post = $myrow["post"]);
// print id for editing
?>
<input type="hidden" name="member_id" value="<? echo "member_id" ?>">
<?
} //very sus may have to move into the ?> tag

?>
<table width="750" border="0">
<tr>
<td width="98">Name:</td>
<td width="642">
<input type="text" name="name" value="<? echo $name ?>">
</td>
</tr>
<tr>
<td width="98">Email:</td>
<td width="642">
<input type="text" name="email" value="<? echo $email ?>">
</td>
</tr>
<tr>
<td width="98">User Name:</td>
<td width="642">
<input type="text" name="username" value="<? echo $username ?>">
</td>
</tr>
<tr>
<td width="98">User Password</td>
<td width="642">
<input type="text" name="userpass" value="<? echo $userpass ?>">
</td>
</tr>
<tr>
<td width="98">Company</td>
<td width="642">
<input type="text" name="company" value="<? echo $company ?>">
</td>
</tr>
<tr>
<td width="98">Address</td>
<td width="642">
<input type="text" name="address" value="<? echo $address ?>">
</td>
</tr>
<tr>
<td width="98">State</td>
<td width="642">
<input type="text" name="state" value="<? echo $state ?>">
</td>
</tr>
<tr>
<td width="98">Post</td>
<td width="642">
<input type="text" name="post" value="<? echo $post ?>"size="4" maxlength="4">
</td>
</tr>
</table>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="reset" value="Reset">
<br>
</form>
<?

}

?>
</body>

Anon

opps sorry the error i get is around line 40 the
printf("<a href=\"%s?id=%s&delete=yes\">delete</a><br>","$php_self",$myrow["member_id"],$myrow["name"],$myrow["email"],$myrow["username"],$myrow["userpass"],$myrow["company"],$myrow["address"],$myrow["state"],$myrow["post"]");

line

Thanks again Peter

Anon

It's hard to see what you actually want with that code.

Start by re-formatting your code, so that it's easier to see what happens.

Also, take advantage of both the " and ' chars.

In other words, I suggest that you format and write your code like this:

printf(
'<a href="%s?id=%s&delete=yes">delete</a><br>',
$php_self,
$myrow['member_id']
);

Also, note that you may need to use the htmlspecialchars() and rawurlencode() funtions on all the involved values in order to prevent a X-site scripting security problem. For more information about the latter, see:
http://www.apache.org/info/css-security/
http://www.apache.org/info/css-security/encoding_examples.html

Generally, your code is a security nightmare! NEVER use unchecked, external variables (like data returned from a form) in SQL SELECT, DELETE or UPDATE expressions, unless your PHP is configured to run with the "magic_quotes_gpc" turned on. What do you think will happen in the deletion stage if someone passes this as the value of the $id varible:
5 or 1=1

Do yourself a favour and take some time to look into that - including related functions like

intval()
addslashes()

Finally, you seem to miss a WHERE clause in your SQL update-expression.

Your code REALLY needs work. Sorry.

Anon

points taken .. things to remember i am very very new to this and programming in general..

2 as u saying i am missing a where statement on my $SQL update i'm not .. the way i've done is so i dont use the where statement .. this is covered by SET name=$name etc.

and right now i want to know that i can get this working before adding the security to it

Peter