I am trying to build a PHP Form with MySQL. The problem is that I get an error every time if I try to add some long Text into the field.
The error
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near.....at line 1
The PHP code generating the query is this:
<?php
if ( $_GET['aktion'] == "speichern" )
{
$title = $_GET['title'];
$description = $_GET['description'];
$applepart = $_GET['applepart'];
$partnumber = $_GET['partnumber'];
$productcode = $_GET['productcode'];
$compatibility = $_GET['compatibility'];
$url_bild = $_GET['url_bild'];
$price = $_GET['price'];
$sql = "INSERT INTO adressbuch ";
$sql .= " SET ";
$sql .= " title = '$title', ";
$sql .= " description = '$description', ";
$sql .= " applepart = '$applepart', ";
$sql .= " partnumber = '$partnumber', ";
$sql .= " productcode = '$productcode', ";
$sql .= " compatibility = '$compatibility', ";
$sql .= " url_bild = '$url_bild', ";
$sql .= " price = '$price' ";
require_once ('konfiguration.php');
$db_erg = mysql_query($sql)
or die("Anfrage fehlgeschlagen: " . mysql_error());
echo '<h1>Adresse wurde speichert</h1>';
echo 'Auflistung anzeigen';
exit;
}
?>
<form name="" action="" method="GET" enctype="text/html">
<p>Title:<br />
<input type="text" name="title" value="" size="60" />
</p>
<p>description:<br />
<input type="text" name="description" value="" size="60" />
</p>
<p>applepart:<br />
<input type="text" name="applepart" value="" size="60" />
</p>
<p>partnumber:<br />
<input type="text" name="partnumber" value="" size="60" />
</p>
<p>productcode:<br />
<input type="text" name="productcode" value="" size="60" />
</p>
<p>compatibility:<br />
<input type="text" name="compatibility" value="" size="60" />
</p>
<p>Bild:<br />
<input type="text" name="url_bild" value="" size="60" />
</p>
<p>price:<br />
<input type="text" name="price" value="" size="60" />
</p>
<input type="hidden" name="aktion" value="speichern" />
<input type="Submit" name="" value="speichern" />
</form>
Thanks for your help
Your code is susceptible to SQL injection, and your problem is only a hint as to why.
The rule we always use is: "Never trust data from the user-agent" (i.e. consider anything in $_GET or $_POST as potentially problematic or worse). At a minimum, we should always escape these values using mysqli_real_escape_string or else a more robust DB framework.
Your problem is that when you have long enough input, it has a single quote in it somewhere, or a newline. You can't simply concatenate user input like this and expect it to work. Worse, you are wide-open for SQL injection attacks. Find the right way to use your framework to build SQL queries.
Regardless of the SQL injection vulnerability, it seems like you are sending a query which is too long for MySQL to handle.
You can try to overcome this by changing some configuration: try and raise the parameter "max_allowed_packet" in your MySQL's configuration file. For example:
[mysqld]
max_allowed_packet = 64M
This will set it to 64MB, which means the longest single query you will be allowed to issue is 64MB, and the longest single row you will be able to retriever from a query is 64MB in size.
<?php
require_once ('konfiguration.php');
if(isset($_POST['title']))
{
$title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
$description = mysql_real_escape_string(htmlspecialchars($_POST['description']));
$applepart = mysql_real_escape_string(htmlspecialchars($_POST['applepart']));
$partnumber = mysql_real_escape_string(htmlspecialchars($_POST['partnumber']));
$productcode = mysql_real_escape_string(htmlspecialchars($_POST['productcode']));
$compatibility = mysql_real_escape_string(htmlspecialchars($_POST['compatibility']));
$url_bild = mysql_real_escape_string(htmlspecialchars($_POST['url_bild']));
$price = mysql_real_escape_string(htmlspecialchars($_POST['price']));
$insert = mysql_query("INSERT INTO `adressbuch` (`title`,`description`,`applepart`,`partnumber`,`productcode`,`compatibility`,`url_bild`,`price`) VALUES ('$title','$description','$applepart','$partnumber','$productcode','$compatibility','$url_bild','$price')");
if (!$insert)
{
die('Eintrag konnte nicht gespeichert werden: ' . mysql_error());
}
}
?>
<form method="POST" action="?page= ">
<span>Neuer Gästebucheintrag verfassen:</span> <br />
<span>Title</span><input type="text" name="title" /> <br />
<span>Description</span><textarea cols="16" rows="5" name="description"></textarea> <br />
<span>Apple Part</span><input type="text" name="applepart" /> <br />
<span>Part Number</span><input type="text" name="partnumber" /> <br />
<span>Product Code</span><input type="text" name="productcode" /> <br />
<span>Compatibility</span><input type="text" name="compatibility" /> <br />
<span>Image</span><input type="text" name="url_bild" /> <br />
<span>Price</span><input type="text" name="price" /> <br />
<input type="submit" value="Speichern"/> <br />
</form>
Related
For some reason or another the date and time in my date column shows 0000-00-00 00:00:00 when I submit my form to my DB. Only way I can get the date right is by updating it manually. It just started doing it and I'm not sure what I changed. I'm having a real hard time troubleshooting this.
Edit form:
<?php
if(!defined('IN_ADMIN')) exit;
?>
<div class="page">
<h1 class="edit"><?=ucfirst($mode)?> post</h1>
<span class="error-text"><?=$response_text?></span>
<form action="admin.php?mode=<?=$mode?>&id=<?=$post['post_id']?>" method="post">
<p>
<label for="title">Post title:</label><br />
<input type="text" size="80" id="title" name="data[post_title]" value="<?=htmlspecialchars(stripslashes($post['post_title']))?>" />
</p>
<p>
<label for="title">Upload Image:</label><br />
<input type="text" size="80" id="title" name="data[image]" value="<?=htmlspecialchars(stripslashes($post['image']))?>" />
</p>
<p>
<label for="title">Image Alt:</label><br />
<input type="text" size="80" id="title" name="data[image_alt]" value="<?=htmlspecialchars(stripslashes($post['image_alt']))?>" />
</p>
<p>
<label for="title">Post Category:</label><br />
<input type="text" size="80" id="title" name="data[post_category]" value="<?=htmlspecialchars(stripslashes($post['post_category']))?>" />
</p>
<p>
<label for="content">Post Insert:</label><br />
<textarea cols="77" rows="10" id="insert" name="data[post_insert]"><?=htmlspecialchars(stripslashes($post['post_insert']))?></textarea><br />
<span class="form-text">Brief little tid-bit about the article for home page</span>
</p>
<p>
<label for="content">Post content:</label><br />
<script>edToolbar('mytxtarea'); </script>
<textarea cols="77" rows="10" id="mytxtarea" class="ed" name="data[post_content]"><?=htmlspecialchars(stripslashes($post['post_content']))?></textarea><br />
<span class="form-text">To format just use raw HTML.. <strong>, <span>, etc</span>
</p>
<p>
<label for="status">Post status:</label><br />
<select id="status" name="data[published]">
<?=generate_option_list(array('0' => 'Unpublished', '1' => 'Published'), $post['published'])?>
</select>
</p>
<p>
<input class="button" type="submit" name="miniblog_PostBack" value="<?=ucfirst($mode)?>" />
</p>
</div>
That's the form that I use, and here is the index.php that the form is in:
case 'add':
if(isset($_POST['miniblog_PostBack']))
{
$data = $_POST['data'];
$data['post_slug'] = mb_slug($_POST['data']['post_title']);
$data['date'] = time();
$sql ='';
$i = 1;
foreach($data as $field => $value)
{
if($value == '')
{
$failed = true;
break;
}
$fields .= "`" . mysql_real_escape_string($field) . "`";
$values .= "'" . mysql_real_escape_string($value) . "'";
$values .= ($i == sizeof($data)) ? '' : ', ';
$fields .= ($i == sizeof($data)) ? '' : ', ';
$i++;
}
$post = $_POST['data'];
if($failed)
{
$response_text = 'Error: You must fill out all fields';
}
else
{
$result = mysql_query("INSERT INTO `db` ({$fields}) VALUES({$values})");
$response_text = ($result) ? 'Post added' : 'Post could not be added';
}
}
include('edit.php');
break;
$data['date'] = time();
Should be:
$data['date'] = date("Y-m-d H:i:s");
The time() function returns the current time in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT).
The date() function formats a local date and time (by default the current one), and returns the formatted date string, in this case, in the format MYSQL needs it.
what is the type of the field for the date in your table? you are sending the timestamp as a strIng instead of an integer, perhaps that's the issue, you should also consider taking a look at the NOW() function provided by the mysql engine.
I'm always getting error when inserting the value to my database. but it's working when i'm using mySQL only, I'm new to SQLi so please be gentel.
insert.php
<?php
include("dbinfo.inc.php");
//connect to mysql server
$mysqli = new mysqli("localhost", $username, $password, $database);
//check if any connection error was encountered
if(mysqli_connect_errno()) {
echo "Error: Could not connect to database.";
exit;
}
//insert
$query = "insert into client_info set (
id = '".$mysqli->real_escape_string('')."',
first = '".$mysqli->real_escape_string($_POST['first'])."',
last = '".$mysqli->real_escape_string($_POST['last'])."',
phone = '".$mysqli->real_escape_string($_POST['phone'])."',
mob = '".$mysqli->real_escape_string($_POST['mob'])."',
fax = '".$mysqli->real_escape_string($_POST['fax'])."',
email = '".$mysqli->real_escape_string($_POST['email'])."',
web = '".$mysqli->real_escape_string($_POST['web'])."',
com = '".$mysqli->real_escape_string($_POST['com'])."',
address = '".$mysqli->real_escape_string($_POST['address'])."',
city = '".$mysqli->real_escape_string($_POST['city'])."',
state = '".$mysqli->real_escape_string($_POST['state'])."',
zip = '".$mysqli->real_escape_string($_POST['zip'])."',
zone = '".$mysqli->real_escape_string($_POST['zone'])."',
office = '".$mysqli->real_escape_string($_POST['office'])."',
office_num = '".$mysqli->real_escape_string($_POST['office_num'])."',
ext_mob = '".$mysqli->real_escape_string($_POST['ext_mob'])."',
ext_phone = '".$mysqli->real_escape_string($_POST['ext_phone'])."',
ext_office = '".$mysqli->real_escape_string($_POST['ext_office'])."',
srv = '".$mysqli->real_escape_string($_POST['srv'])."',
stype = '".$mysqli->real_escape_string($_POST['stype'])."',
voip = '".$mysqli->real_escape_string($_POST['voip'])."',
vpass = '".$mysqli->real_escape_string($_POST['vpass'])."',
regDate = '".$mysqli->real_escape_string($_POST['regDate'])."',
acct = '".$mysqli->real_escape_string($_POST['acct'])."',
Nagents = '".$mysqli->real_escape_string($_POST['Nagents'])."',
agents = '".$mysqli->real_escape_string($_POST['agents'])."',
password = '".$mysqli->real_escape_string($_POST['password'])."'
)";
//execute the query
if( $mysqli->query($query) ) {
//if saving success
echo "User was created.";
}else{
//if unable to create new record
echo "Database Error: Unable to create record.";
}
//close database connection
$mysqli->close();
?>
create.php
<html>
<head>
<title></title>
<script language="JavaScript">
var today=new Date();
var jran=today.getTime();
function random() {
ia=9301;
ic=49297;
im=233280;
jran = (jran*ia+ic) % im;
return jran/(im*1.0);
};
function rand(number) {
return Math.ceil(random()*number);
};
function makearray(n) {
this.length = n;
for (var i = 1; i <= n; i++) this[i] = 0;
return this;
}
var asciitable = new makearray (128);
asciitable.length=128;
for (var i=0;i<=127;i++) asciitable[i]="";
asciitable[33]="!"; asciitable[34]="\"";
asciitable[35]="#"; asciitable[36]="$";
asciitable[37]="%"; asciitable[38]="&";
asciitable[39]="'"; asciitable[40]="(";
asciitable[41]=")"; asciitable[42]="*";
asciitable[43]="+"; asciitable[44]=",";
asciitable[45]="-"; asciitable[46]=".";
asciitable[47]="/"; asciitable[48]="0";
asciitable[49]="1"; asciitable[50]="2";
asciitable[51]="3"; asciitable[52]="4";
asciitable[53]="5"; asciitable[54]="6";
asciitable[55]="7"; asciitable[56]="8";
asciitable[57]="9"; asciitable[58]=":";
asciitable[59]=";"; asciitable[60]="<";
asciitable[61]="="; asciitable[62]=">";
asciitable[63]="?"; asciitable[64]="#";
asciitable[65]="A"; asciitable[66]="B";
asciitable[67]="C"; asciitable[68]="D";
asciitable[69]="E"; asciitable[70]="F";
asciitable[71]="G"; asciitable[72]="H";
asciitable[73]="I"; asciitable[74]="J";
asciitable[75]="K"; asciitable[76]="L";
asciitable[77]="M"; asciitable[78]="N";
asciitable[79]="O"; asciitable[80]="P";
asciitable[81]="Q"; asciitable[82]="R";
asciitable[83]="S"; asciitable[84]="T";
asciitable[85]="U"; asciitable[86]="V";
asciitable[87]="W"; asciitable[88]="X";
asciitable[89]="Y"; asciitable[90]="Z";
asciitable[91]="["; asciitable[92]="\\";
asciitable[93]="]"; asciitable[94]="^";
asciitable[95]="_"; asciitable[96]="`";
asciitable[97]="a"; asciitable[98]="b";
asciitable[99]="c"; asciitable[100]="d";
asciitable[101]="e"; asciitable[102]="f";
asciitable[103]="g"; asciitable[104]="h";
asciitable[105]="i"; asciitable[106]="j";
asciitable[107]="k"; asciitable[108]="l";
asciitable[109]="m"; asciitable[110]="n";
asciitable[111]="o"; asciitable[112]="p";
asciitable[113]="q"; asciitable[114]="r";
asciitable[115]="s"; asciitable[116]="t";
asciitable[117]="u"; asciitable[118]="v";
asciitable[119]="w"; asciitable[120]="x";
asciitable[121]="y"; asciitable[122]="z";
asciitable[123]="{"; asciitable[124]="|";
asciitable[125]="}"; asciitable[126]="~";
function nchar(num) {
if ((num>=33) && (num<=127)) return asciitable[num];
}
function doit() {
var i;
var n;
var s = "";
for (i=1;i<=8;i++) {
n=0;
while ( (n<=47) ||
((n>=58) && (n<=96)) ||
(n>=123)) n = rand(126);
s = s + nchar(n);
}
document.gen.password.value = s;
}
</script>
</head>
<body>
<form method="post" action="insert.php" name="gen">
<b>Personal Info:</b>
<p>First Name:<input type="text" name="first" size="20" /></p>
<p>Last Name:<input type="text" name="last" size="20" /></p>
<p>Mob:<input type="text" name="mob" size="20" />
ext:<input type="text" name="ext_mob" size="4" /></p>
<p>Phone:<input type="text" name="phone" size="20" />
ext:<input type="text" name="ext_phone" size="4" /></p>
<p>Fax:<input type="text" name="fax" size="20" /></p>
<p>E-mail:<input type="text" name="email" size="35" />
<p>Address:<input type="text" name="address" size="40" /></p>
<p>City:<input type="text" name="city" size="20" /></p>
<p>State:<input type="text" name="state" size="20" /></p>
<p>Zip Code:<input type="text" name="zip" size="5" /></p>
<p>Zone:<input type="text" name="zone" size="5" /></p>
<br>
<b>Office Info:</b>
<p>Company:<input type="text" name="com" size="40" /></p>
<p>Office Address:<input type="text" name="office" size="40" /></p>
<p>Office Num #:<input type="text" name="office_num" size="15" />
ext:<input type="text" name="ext_office" size="4" /></p>
<p>Website:<input type="text" name="web" size="30" /></p><br>
<b>Account Info:</b>
<p>Registry Date:<input type="text" name="regDate" size="30" /></p>
<p>Account:<input type="text" name="acct" size="20" /></p>
<p>Service:<input type="text" name="srv" size="15" /></p>
<p>Service Type:<input type="text" name="stype" size="40" /></p>
<p>Number of Agents:<input type="text" name="Nagents" size="3" /></p><br>
<b>Agent Info:</b>
<p>Agents:<input type="text" name="agents" size="40" /></p>
<p>VOID:<input type="text" name="voip" size="20" /></p>
<p>VOIP Password:<input type="text" name="vpass" size="20" /></p>
<br>
<input type="hidden" size="20" name="password">
<input type="submit" name="go" value="Insert to Database" onclick="doit()">
</form>
</body>
</html>
the error i get is when the scripts tries to insert the query to the DB
"Database Error: Unable to create record."
i tried to see if there are any output on my form, and there is, even tried to insert just one variable "first" still getting errors, don't know what I'm doing wrong here
If you are using SET syntax in INSERT statement, you should not use parenthesis around it.
-- One way to insert
INSERT INTO table SET col1 = 'val1', col2 = 'val2';
-- other way
INSERT INTO table(col1,col2) VALUES('val1','val2');
Also use native errors provided by the driver to see what's wrong with your query
I coded some Form to send Text to MySql. One of my Problem is to keep the line break. Found some Code over Google but i don't have any idea how i could use it. Some tries was not really successful.
The Code i found is that below which i don't know how to set up.
function my_nl2br($string){
$string = str_replace("\n", "<br />", $string);
if(preg_match_all('/\<pre\>(.*?)\<\/pre\>/', $string, $match)){
foreach($match as $a){
foreach($a as $b){
$string = str_replace('<pre>'.$b.'</pre>', "<pre>".str_replace("<br />", "", $b)."</pre>", $string);
}
}
}
return $string;
}
Another code i found is this but if i try to read it from database the line break will not work.
if (isset($_POST['submit']))
{
$text = trim($_POST['text']);
$text = stripslashes($text);
$text = htmlspecialchars($text);
echo 'you entered:<br><br>' . nl2br($text);
}
This is my Code where i want to implant it.
if(isset($_POST['title']))
{
$title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
$description = mysql_real_escape_string(htmlspecialchars($_POST['description']));
$applepart = mysql_real_escape_string(htmlspecialchars($_POST['applepart']));
$partnumber = mysql_real_escape_string(htmlspecialchars($_POST['partnumber']));
$productcode = mysql_real_escape_string(htmlspecialchars($_POST['productcode']));
$compatibility = mysql_real_escape_string(htmlspecialchars($_POST['compatibility']));
$url_bild = mysql_real_escape_string(htmlspecialchars($_POST['url_bild']));
$price = mysql_real_escape_string(htmlspecialchars($_POST['price']));
$insert = mysql_query("INSERT INTO `adressbuch` (`title`,`description`,`applepart`,`partnumber`,`productcode`,`compatibility`,`url_bild`,`price`) VALUES ('$title','$description','$applepart','$partnumber','$productcode','$compatibility','$url_bild','$price')");
if (!$insert)
{
die('Eintrag konnte nicht gespeichert werden: ' . mysql_error());
}
}
?>
<form method="POST" action="?page= ">
<span>Neuer Eintrag:</span> <br />
<span>Title</span><input type="text" name="title" /> <br />
<span>Description</span><textarea cols="16" rows="5" name="description"></textarea> <br />
<span>Apple Part</span><input type="text" name="applepart" /> <br />
<span>Part Number</span><input type="text" name="partnumber" /> <br />
<span>Product Code</span><input type="text" name="productcode" /> <br />
<span>Compatibility</span><input type="text" name="compatibility" /> <br />
<span>Image</span><input type="text" name="url_bild" /> <br />
<span>Price</span><input type="text" name="price" /> <br />
<input type="submit" value="Speichern"/> <br />
</form>
cheers guys
To store title in the database, try:
$title = real_escape_string(nl2br(htmlspecialchars($_POST['title'])));
I was trying to get variable in Query String from URL. But somehow, its just got one variable instead of getting all variables from querystring. I really don't know what goes wrong with my code. Here is the code I want to print out error from the invalidate form:
<?php
displayForm();
function displayForm(){
?>
<form action="./prod_add_action.php" method="post" name="addproductForm">
<fieldset>
<legend>Online Ordering System Setup</legend>
<label for="product_name">Product Name: </label><input type="text" name="product_name" value="" /><?php echo $_GET["name_error"]; ?>
<label for="product_date">Product Date: </label><input type="text" name="product_date" value="" /><?php echo $_GET["date_error"]; ?>
<label for="product_price">Product Price: </label><input type="text" name="product_price" value="" /><?php echo $_GET["price_error"]; ?>
<input name="add_button" type="submit" value="Add" />
<input name="reset_button" type="reset" value="Clear" />
</fieldset>
</form>
<?php
}
?>
And here is the code I created the querystring:
$query_string = "name_error=" .urlencode($name_error) ."&date_error=" .urlencode($date_error) ."&price_error=" .urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();
In the first code, the page only print the first $_GET['name_error'], while it should be include $_GET['date_error'] and $_GET['price_error. ']
This is the address:
http://example.com/prod_add.php?name_error=Product+name+must+be+characters+only&date_error=Product+date+must+be+input+as+this+formate+DD-MM-YYYY&price_error=Product+price+must+be+float+number+only
You should use & instead of &'s ?
$query_string = "name_error=" .urlencode($name_error) ."&date_error=" .urlencode($date_error) ."&price_error=" .urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();
Change & to & as:
$query_string = "name_error=" . urlencode($name_error) . "&date_error=" . urlencode($date_error) . "&price_error=" . urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();
I'm designing a fairly simple reporting system. Right now using php(and later some Jquery) to let user log in and calculate totals and post to a database. My problems began of course when I tested the page in IE8. It has major problems with the echo <<<_END statement at line 75. Anyone know an alternate to coding the nested HTML in the PHP besides this. any help is appreciated.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="OPSstyle.css" />
</HEAD>
<BODY>
<div id="wrapper">
<div id="bodyContent">
<div id="header">
<img id="logo" src="OPS_logo.gif" alt="OPS Logo"/>
<p>OPS ASSESSMENT</p>
</div>
<div id="leftNav">
<p>To begin please login</p>
Test Login<br/>
Form Test<br/>
</div>
<div id="content">
<?php
//Connects to database
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if(!$db_server) die("Unable to connect to MySQL: " .mysql_error());
mysql_select_db($db_database)
or die ("unable to select database: " .mysql_error());
//deletes record
if(isset($_POST['delete']) && isset($_POST['AssessmentID']))
{
$AssessmentID = get_post('AssessmentID');
$query2 = "DELETE FROM assessmentscores WHERE AssessmentID='$AssessmentID'";
if(!mysql_query($query2, $db_server))
echo "Delete Failed: $query(br />" .
mysql_error() . "<br /><br />";
}
//Inserts record
if (isset ($_POST['AssessmentID'])&&
isset($_POST['Date']) &&
isset($_POST['Inspector']) &&
isset($_POST['PlantAssist']) &&
isset($_POST['Safety_Total'])
)
{
$AssessmentID = get_post('AssessmentID');
$Date = get_post('Date');
$Inspector = get_post('Inspector');
$PlantAssist =get_post('PlantAssist');
$Safety_Total = get_post('Safety_Total');
;
$query = "INSERT INTO opsassessment.assessmentscores(AssessmentID, Date, Inspector, PlantAssist, `Safety_Total`) VALUES" .
"('$AssessmentID', '$Date', '$Inspector', '$PlantAssist', '$Safety_Total')";
if (!mysql_query($query, $db_server))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}
echo <<<_END
<form action = "sqltest.php" method="post"><pre>
AssessmentID <input type="text" name="AssessmentID" /><br>
Date <input type="text" name="Date" /><br>
Inspector <input type="text" name="Inspector" /><br>
PlantAssist <input type="text" name="PlantAssist" /><br>
Safety_Total <input type="text" name="Safety_Total" /><br>
<input type="submit" value="ADD RECORD" /><br>
</pre></form>
_END;
$query = "SELECT * FROM assessmentscores";
$result = mysql_query($query);
if (!$result) die("Database access failed: " .mysql_error());
$rows = mysql_num_rows($result);
for($j = 0; $j < $rows; ++$j)
{
$row= mysql_fetch_row($result);
echo <<<_END
<pre>
AssessmentID: $row[0]
Date: $row[1]
Inspector: $row[2]
PlantAssist: $row[3]
Safety_Total: $row[4]
</pre>
<form action="sqltest.php" method="post">
<input type ="hidden" name="delete" value ="yes" />
<input type = "hidden" name="AssessmentID" value = "$row[0]" />
<input type ="submit" value="DELETE RECORD" /></form>
_END;
}
mysql_close($db_server);
function get_post($var)
{
return mysql_real_escape_string($_POST[$var]);
}
?>
</div>
Login Form<br><br>
OPS Assessment
</div>
</body>
</html>
The Heredoc identifier must on a line of itself and must be the only thing on this line (including indentation and such). Remove the leading whitespace and make sure the newline is direct after _END;.
However, in your case I suggest you to just leave the PHP-mode to output the plain html
For example instead of
echo <<<_END
<form action = "sqltest.php" method="post"><pre>
AssessmentID <input type="text" name="AssessmentID" /><br>
Date <input type="text" name="Date" /><br>
Inspector <input type="text" name="Inspector" /><br>
PlantAssist <input type="text" name="PlantAssist" /><br>
Safety_Total <input type="text" name="Safety_Total" /><br>
<input type="submit" value="ADD RECORD" /><br>
</pre></form>
_END;
this
?>
<form action = "sqltest.php" method="post"><pre>
AssessmentID <input type="text" name="AssessmentID" /><br>
Date <input type="text" name="Date" /><br>
Inspector <input type="text" name="Inspector" /><br>
PlantAssist <input type="text" name="PlantAssist" /><br>
Safety_Total <input type="text" name="Safety_Total" /><br>
<input type="submit" value="ADD RECORD" /><br>
</pre></form>
<?php
Its usually more readable and many IDEs are capable to recognize it and highlight the "other stuff" as html.
As the commenter says, the HEREDOC (the <<< and _END;) bits are server side PHP related, the browser should know nothing of them.
One major, easily forgettable golden rule of HEREDOC tags is that the closing tag CAN NOT BE INDENTED, EVER! Or it will break.
Heres a read about them:
http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc
If its really breaking things, and its really this thats doing it (though, no reason why it should be) - remember its just a block of output, so you could replace it at a stroke with:
$out = "blah blah";
$out .= "more blah blah";
$out .= "more blah blah";
$out .= "more blah blah";
$out .= "more blah blah";
echo $out;