Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
Thread: unexpected T_VARIABLE
11-05-2010, 10:15 AM #1
I know I have the following code wrong --- because I get unexpected Tvariable (I can only guess what that might mean)
I think I have misused the mysql_real_escape_string since several of the variables I have are integers
In this instance
Do I need to use the mysql_real_escape_string since i'm getting the variables from paypal?
If i need to use it for strings what do you do about integers?
$full_name = $_POST['last_name'];
$user_name = $_POST['first_name'];
$address = $_POST['address_street'];
$mc_gross = $_POST['mc_gross']; //integer
$country = $_POST['address_country_code'];
$txn_id = $_POST['txn_id']; //not sure--> 6JR189569R234043C
$date = $_POST['payment_date']; //inot sure--> 00:31:02 Nov 03 2010 PDT ??
$user_email = $_POST['payer_email'];
$pwd = mt_rand(1000, 9999); //integer
$approved = 1; //integer
mysql_query("INSERT INTO users (full_name, user_name, user_email, pwd, mc_gross, txn_id, address, country, date, approved)
VALUES('". mysql_real_escape_string($full_name) ."', '". mysql_real_escape_string($user_name) ."', '". mysql_real_escape_string($user_email) ."', '". md5($pwd) ."', '". mysql_real_escape_string($mc_gross) ."', '". mysql_real_escape_string($txn_id) ."', '". mysql_real_escape_string($address) ."', '". mysql_real_escape_string($country) ."', '".mysql_real_escape_string($date)."' '". mysql_real_escape_string($approved) ."' ) ") or die(mysql_error());
Last edited by low tech; 11-06-2010 at 06:00 AM.
11-05-2010, 10:19 AM #2
You should escape or filter all incoming data anyway course your script can be running from outside
by the way you've missed a comma in sql statement
'".mysql_real_escape_string($date)."' '". mysql_real_escape_string($approved) ."
Last edited by poyzn; 11-05-2010 at 10:23 AM.
11-05-2010, 10:25 AM #3
I am trying to do that BUT I have the unexpected T_VARIABLE issue (what is it??)
I used the mysql_real_escape_string BUT I now se that they are not all strings
so what do I do about the variables that are not???
for example is this a string??
$txn_id = $_POST['txn_id']; //this is expected and i'm not sure data type--> 6JR189569R234043C
Last edited by low tech; 11-05-2010 at 10:27 AM.
11-05-2010, 10:31 AM #4
11-05-2010, 10:36 AM #5
Ok thanks poyzn
So I guess my last question is what do I do about integers?
how do I escape or filter them if I can't use mysql_real_escape_string
and what is an unexpected T_VARIABLE?
11-05-2010, 10:38 AM #6
11-05-2010, 10:56 AM #7
and thanks for the replies
Is this data also considered a string then?
00:51:02 Nov 03, 2010 PDT
if so I think I have my DB set up wrong in a couple of places:-(
11-05-2010, 11:09 AM #8
Users who have thanked poyzn for this post:
low tech (11-05-2010)
11-05-2010, 11:45 AM #9
making some progress now
will have a go at your suggestion and see if I can make it work
thanks on the thank you button:-)
Last edited by low tech; 11-06-2010 at 01:50 AM.
11-06-2010, 01:08 AM #10
- Join Date
- Mar 2007
- Florida, USA
- Thanked 406 Times in 398 Posts
The error message will tell you the exact line the preparser realized there is an error, which is a good place to start, but the actual problem might be a few lines before.
11-06-2010, 01:57 AM #11
Actually, I made a few errors
I had the wrong data types in DB and I wasn't handling the data correctly from the start--- mainly DATE trouble.
Hence the errors unexpected T_VARIABLE.
I opened a new thread for that and was kindly helped out
if anybody has similar issue see
thanks for the help