Pleas help with this script

eze1410

Good Day everyone,
I have been trying my hands on web design and was formally into Frontpage, but was finally converted to php, mysql and Dreamweaver. Started out with Dreamweaver's automated coding which did not fulfil my desires so I have been burning the midnight candle trying to gte a grip on handcoding php. Now I am trying to develop a site with data input and display with mysql. I have gotten the input stage going correct, but I still have an issue with getting data and displaying it. I have come across some scripts online which I have modified to suit my purpose but it still does not work out well. I get this error when I try to run the login page, which is supposed to display some data: Parse error: syntax error, unexpected T_VARIABLE in C:\inetpub\wwwroot\new\career_display.php on line 4
Please can anyone check this script for me and tell me where I went wrong:

<?php
include("mysql_careers.php");

$query  = "SELECT 'name', 'surname', 'email' FROM careers WHERE 'email' = "$_POST['email']" AND 'surname' = "$_POST['surname']"";
$result = mysql_query($query);

while($row = mysql_fetch_row($result))
{
    $name    = $row[0];
    $surname = $row[1];
    $email = $row[2];


echo "Name :$name <br>" .
     "Surname : $surname <br>" . 
     "Email : $email <br><br>";
} 

include("mysql_close.php");
?>

By the way, the include files are for opening the mysql connection and closing it, they work fine as far as I know. Thank you. I appreciate.

junp

on line 4
check the double quoted🙂

Rodney_H_

To clarify what was written before, you have this:

$query  = "SELECT 'name', 'surname', 'email' FROM careers WHERE 'email' = "$_POST['email']" AND 'surname' = "$_POST['surname']"";
$result = mysql_query($query);

But you should either put the POST array values in curly braces {} and single quotes, or concatenated them into your string:

// I like concatenation:

$query  = "SELECT 'name' FROM careers WHERE 'email' = '" . $_POST['email'] . "' AND ...";

PS: However, I would never run a query using direct input from a user like this.

you MUST clean / validate user input before running the query, or your application will be at risk or hacking and so forth.

Secondly, look at mysql_real_escape_string()function.

SO,

// write a funciton "validate_email()" and use it to check formatting and illegal chars:
$clean['email'] = validate_email($_POST['email']);

$query  = "
SELECT 'name' 
FROM careers 
WHERE 'email' = '" . mysql_real_escape_string($clean['email']) . "' 
AND ...";