Parse error

candle21428

On first page (register.php),

   $userid = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['ausername']); // protect against sql injection

$_SESSION['username'] = $userid;

When I click submit, it will bring me to the second page:

<?
session_start();
$con = sa_db_connect();
if(!$con){
	echo "Database error on clicks.php";
}
if (!$row = mysql_select_db($dbName)) {
     print (mysql_error());
}

$q2 = mysql_query("SELECT ID FROM People WHERE Username = '$_SESSION['username']'");
if (!$row2 = mysql_fetch_array($q2)) {
     print (mysql_error());

Then IE shows:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /.../user/tellfriend.php on line 33

line 33 should be

$q2 = mysql_query("SELECT ID FROM People WHERE Username = '$_SESSION['username']'");

What's going wrong here??

ClarkF1

 $q2 = mysql_query("SELECT ID FROM People WHERE Username = '".$_SESSION['username']."'");

candle21428

Thx for your reply. Here is what I got when I was directed to the second page (from register.php):

The content of the page was correct but there is a line above the content:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/c/a/n/candle21428/html/affiliate/user/tellfriend.php on line 21

ClarkF1

I know you have error reporting later but try this:

echo $_SESSION['username']; //just to be sure what's in it.
$username = mysql_real_escape_string($_SESSION['username']); // protect from SQL injection
$query = "SELECT ID FROM People WHERE Username = '$username'";
echo $query; // check the query looks okay
 $q2 = mysql_query($query) or die ('SQL Error: '.mysql_error()); // I know you have this later but try this

Do your fields and tables have initial capital letters as mysql is case sensitive?

candle21428

SELECT ID FROM People WHERE Username = 'dfsa'

Show up just above my email table on tellfriend.php

candle21428

This bug was fixed~~ Thank you so much ClarkF1

ClarkF1

Yeah, I just put the echo in so you could see whether there was a problem with the SQL query or not.

I prefer to store the query in a variable before calling mysql_query cause it's easier to debug.