PDA

View Full Version : Help with my comment script


Zombie
June 13th, 2008, 04:17
Here is my script



<?php include "header.php"; ?>
<div id="center">
<h1>Welcome to the Comment Wall!</h1>
<p>The comment wall allows you to post your opinions or comments about us or our

scripts!</p><h1>Recent Comments</h1><BR>
<?php
include "config.php";
$msel = mysql_query("select * from comments order by id asc");
while ($comment = mysql_fetch_array($msel)) {
print "<table><tr><td width=40%>$comment[name]</td><td

width=60%>$comment[comment]</td><tr>";
print "</table>";
}
?>
<body>
<form method=post action=>
Name: <input type="text" name="name" id="name" ><BR>
Email: <input type="text" name="name" id="email" ><br>
Comment: <textarea name=comment id=comment row=60

col=35></textarea><br>
<input type="submit" value="Send Comment to the Wall"

name=submit><br>
</form>


<?php

$name=$_POST['name']
$email=$_POST['email']
$comment=$_POST['comment']
$submit=$_POST['submit']

if(isset($_POST['submit']))
{
if($_POST['name'] || $_POST['email'] || $_POST['comment']) {
echo('One or more required fields are left blank');
}else{
mysql_query("Insert into comments

Values('','$_POST['name']','$_POST['email']','$_POST['comment']')") or die("Error posting

your comment!");
echo('Thank you $_POST['name'] for submitting $_POST['comment'] to the comment

wall! Any replys will be sent to $_POST['email']');
}
}


?>
<div id="show"></div>
</div>
<?php include "footer.php"; ?>


When i try the script on the server i get error


Parse error: syntax error, unexpected T_VARIABLE in /home/=REMOVED=/public_html/commentwall.php on line 25

I have tried everything to get it working i just cant figure out the problem... Think you can help me?
JohnN
June 13th, 2008, 04:29
<?php include "header.php"; ?>
<?php include "config.php"; ?>
<div id="center">
<h1>Welcome to the Comment Wall!</h1>
<p>The comment wall allows you to post your opinions or comments about us or our

scripts!</p><h1>Recent Comments</h1><BR>
<table>
<?php
$msel = mysql_query("select * from comments order by id asc");
while ($comment = mysql_fetch_array($msel))
echo"<tr><td width=40&#37;>".$comment['name']."</td><td width=60%>".$comment['comment']."</td></tr>";
?>
</table>
<body>
<form method=post action=>
Name: <input type="text" name="name" id="name" ><BR>
Email: <input type="text" name="name" id="email" ><br>
Comment: <textarea name=comment id=comment row=60

col=35></textarea><br>
<input type="submit" value="Send Comment to the Wall"

name=submit><br>
</form>


<?php

$name=$_POST['name'];
$email=$_POST['email'];
$comment=$_POST['comment'];
$submit=$_POST['submit'];

if(isset($_POST['submit'])){
if(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment']))
echo('One or more required fields are left blank');
else{
mysql_query("Insert into comments Values('','".mysql_real_escape_string($_POST['name'])."','".mysql_real_escape_string($_POST['email'])."','".mysql_real_escape_string($_POST['comment'])."')") or die("Error posting your comment!");
echo"Thank you ".$_POST['name']." for submitting ".$_POST['comment']." to the comment wall! Any replys will be sent to ".$_POST['email'];
}
}
?>

?>
<div id="show"></div>
</div>
<?php include "footer.php"; ?>
Zombie
June 13th, 2008, 04:31
<?php include "header.php"; ?>
<?php include "config.php"; ?>
<div id="center">
<h1>Welcome to the Comment Wall!</h1>
<p>The comment wall allows you to post your opinions or comments about us or our

scripts!</p><h1>Recent Comments</h1><BR>
<table>
<?php
$msel = mysql_query("select * from comments order by id asc");
while ($comment = mysql_fetch_array($msel))
echo"<tr><td width=40%>$comment['name']</td><td width=60%>$comment['comment']</td></tr>";
?>
</table>
<body>
<form method=post action=>
Name: <input type="text" name="name" id="name" ><BR>
Email: <input type="text" name="name" id="email" ><br>
Comment: <textarea name=comment id=comment row=60

col=35></textarea><br>
<input type="submit" value="Send Comment to the Wall"

name=submit><br>
</form>


<?php

$name=$_POST['name'];
$email=$_POST['email'];
$comment=$_POST['comment'];
$submit=$_POST['submit'];

if(isset($_POST['submit'])){
if($_POST['name'] || $_POST['email'] || $_POST['comment'])
echo('One or more required fields are left blank');
else{
mysql_query("Insert into comments Values('','".mysql_real_escape_string($_POST['name'])."','".mysql_real_escape_string($_POST['email'])."','".mysql_real_escape_string($_POST['comment'])."')") or die("Error posting your comment!");
echo"Thank you ".$_POST['name']." for submitting ".$_POST['comment']." to the comment wall! Any replys will be sent to ".$_POST['email'];
}
}
?>

?>
<div id="show"></div>
</div>
<?php include "footer.php"; ?>


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/-removed-/public_html/commentwall.php on line 12

New error =[
JohnN
June 13th, 2008, 04:34
ok, some pointers. when echoing and you want to use an array, you must remember to do this. for example echo "hi $row['me']"; will not work. echo "hi ".$row['me'].""; will, (so would echo "hi ".$row['me'];)

always use $row['me'], not $row[me], its 4 times faster
echo is faster than print

if the if statement is only one like, no need for brackets: eg

if(1=1)
echo"hi";
}else{
echo"wow";
echo"i beat maths";
}

and lastly, allways use mysql_real_escape string, or you'll end up with a sql injection.

updated the code, should work.
Zombie
June 13th, 2008, 04:39
ok, some pointers. when echoing and you want to use an array, you must remember to do this. for example echo "hi $row['me']"; will not work. echo "hi ".$row['me'].""; will, (so would echo "hi ".$row['me'];)

always use $row['me'], not $row[me], its 4 times faster
echo is faster than print

if the if statement is only one like, no need for brackets: eg

if(1=1)
echo"hi";
}else{
echo"wow";
echo"i beat maths";
}

and lastly, allways use mysql_real_escape string, or you'll end up with a sql injection.

updated the code, should work.

Thank you for the pointers! I will keep them in mind for the next script i work on :) lol a download script XD :) Thanks!
JohnN
June 13th, 2008, 04:40
glad to be of help, some +rep wouldn't hurt:p
Zombie
June 13th, 2008, 04:42
glad to be of help, some +rep wouldn't hurt:p
I shared some rep to ya :) but... something else has come up...

I always get

One or more required fields are left blank

Idk why =[
JohnN
June 13th, 2008, 05:41
ok updated it to not do that.
themoose
June 13th, 2008, 13:14
always use $row['me'], not $row[me], its 4 times faster

I didn't know that, so thanks :) +rep if I can.
Tree
June 13th, 2008, 13:20
and lastly, allways use mysql_real_escape string, or you'll end up with a sql injection.

Also if the data is going to be displayed on an HTML page later in its life, be sure to strip_tags() or properly protect from XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) somehow.
JohnN
June 14th, 2008, 11:14
good point tree.

mentok thanks for the +rep, It just sent my rep through the roof;)

http://reinholdweber.com/?p=3 for more. Some of the statistics clash with my what I've read elsewhere and my own tests but all of them improve speed.