• PHP Help PHP Coding

  • [RESOLVED] Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING

Here is the full error Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING on line 13

Line 13 States:

$search = mysql_query("SELECT * FROM searchengine WHERE pageurl = '$_POST['url']'");

The code is for a search engine to check if the url exists and if it dosen't add it to the data base

The whole code is

<?php
$mysql_host = "host";
$mysql_database = "database";
$mysql_user = "user";
$mysql_password = "pass";


mysql_connect($mysql_host, $mysql_user, $mysql_password) or die(mysql_error()); 
mysql_select_db($mysql_database) or die("ERROR"); 

$pagedata = htmlspecialchars(file_get_contents($_POST['url']));
$pagedata = str_replace("'","",$pagedata);
$search = mysql_query("SELECT * FROM searchengine WHERE pageurl = $_POST['url']"); // Here we select the rows with the id of 1
while($row = mysql_fetch_array($search)){ // We loop through the data

if($_POST['url'] == $row['pageurl']){ // Check if the id exists in the table

echo " IT DOES!!!"; // yes it does

}
else
{

echo " The url doesnt exist adding it"; //else 




mysql_query("INSERT INTO searchengine VALUES ('','$_POST[url]','$pagedata')");
echo "URL Added.<br><a href='./addurl.php'>Continue...</a>";
}
}
?>

Thanks!

Chase

    add a line before the line that says

    $search = mysql_query("SELECT * FROM searchengine WHERE pageurl = '$_POST['url']'");

    That says

     $url = $_POST['url'];

    then use '$url' in place of $_POST['url'] (in the line that gives you the error)

    dno why this error happens, but i just tested it in my code and get the same error until i do that.

    Hope this helps,
    Paul

      this one like the last can also be fixed by referring to the string section of the manual, look specificity at the A banana is example

        Also note that your code is vulnerable to SQL injection attacks. User-supplied data should never be placed directly into a SQL query string. Instead, it must first be sanitized with a function such as [man]mysql_real_escape_string/man.

        EDIT: Also note that there is a more efficient (and cleaner) way of doing what you're trying to do. Since you don't want duplicate rows for the same URL, you should add a UNIQUE key on the 'url' column.

        That way, you'd simply perform an INSERT (without first SELECT'ing to test for a pre-existing row); if the INSERT query fails with error code 1062 (duplicate entry for a key), then you know that the URL already existed.

          Write a Reply...