I am trying to make it harder for people to hack my mysql-server with url-hacking. I was trying to set it up to test for numeric input.
I am now getting:
Parse error: parse error, unexpected '{' in /home/wwwfulc/public_html/st/races2.php on line 15
My code looks like this:
<?php
/*This document Copyright 2003 Scar's Legion ([url]http://st.fulco.net[/url]).
There is no warranty expressed or implied by the use of this script.
It is published as linkware, and must retain all copyrights and
links as they where originally programmed. If you are caught using
this script without meeting these standards you will be prosecuted.*/
require("racesetup.php");
$con = mysql_connect($host, $user, $pass) or die(mysql_error());
error_reporting(E_ALL);
mysql_select_db($db, $con) or die(mysql_error());
// display individual record
if(isset($id) && is_numeric($id)
{
$result = mysql_query("SELECT * FROM nuke_race WHERE id=$id",$con) or
die(mysql_error());
$myrow = mysql_fetch_array($result) or die(mysql_error());
printf ("<html><head><title>%s\n</title></head><body>", $myrow["race"]);
printf ("<b>Race:</b> %s\n<br>", $myrow["race"]);
echo "<br>";
printf("<b>Description:</b> %s\n<br>", $myrow["racetxt"]);
echo "<br>";
echo "<br><h3><a href=\"javascript:history.go(-1)\">Back</a></h3></body></html>";
}
elseif ($submit)
{
$result = mysql_query("SELECT * FROM nuke_race WHERE race LIKE '$alpha%'",$con) or die(mysql_error());
if ($myrow = mysql_fetch_array($result))
{ // display list if there are records to display
do {
printf ("<html><head><title>%s's - Xenology Database</title></head><body>", $alpha);
printf("<a href=\"%s?id=%s\">%s</a><br>\n", $PHP_SELF, $myrow["id"], $myrow["race"]);
}
while ($myrow = mysql_fetch_array($result));
}
}
else
// no records to display
echo "Sorry, no records were found!";
?>
The variable
$alpha
is provided by an external form using get.
Any help in finding my mistake would be appreciated.
Thanks.
