WordPress.org

Forums

Syntax error after downloading a php plugin (2 posts)

  1. kerryf888
    Member
    Posted 2 years ago #

    I've just downloaded "Allow PHP in Posts and Pages" plugin to allow me to enter php code in wordpress pages.

    here's my php code in my wordpress page:
    [php]
    $con = mysql_connect("localhost", "root", "abc");
    if (!con)
    {
    die('Could not connect: '.mysql_error());
    }
    mysql_select_db("wp", $con);
    $sql= "INSERT INTO 'orderform' ('Cake', 'Quantity', 'Method', 'Date', 'Title', 'Fname', 'Lname', 'Email', 'Phone', 'Address') VALUES ('".$Cake."','".$Quantity."','".$Method."','".$Date."','".$Title."','".$Fname."','".$Lname."','".$Email."','".$Phone."','".$Address."');
    if (!mysql_query($sql, $con))
    {
    die('Error: '.mysql_error());
    }
    mysql_close($con);
    [/php]

    What I am trying to do is to output user entered data from the form in the wordpress page into mySql database. But I get an error: Parse error: "syntax error, unexpected end of file in C:\xampp\htdocs\wordpress\wp-content\plugins\allow-php-in-posts-and-pages\allowphp.php(373) : eval()'d code on line 14"

  2. michael.mariart
    Member
    Posted 2 years ago #

    When you take your code out of the page there, and put it into an editor that has proper syntax highlighting, the problem is immediately obvious! You've missed the closing quote " on the end of your INSERT statement and there's a coling braket that shouldn't be there. This should be:

    $sql= "INSERT INTO 'orderform' ('Cake', 'Quantity', 'Method', 'Date', 'Title', 'Fname', 'Lname', 'Email', 'Phone', 'Address') VALUES ('".$Cake."','".$Quantity."','".$Method."','".$Date."','".$Title."','".$Fname."','".$Lname."','".$Email."','".$Phone."','".$Address."'";

    One thing that I'll add here, just in case... Have you done proper escaping on the values that you are inserting into the database? if not you're opening up your system to a huge security problem. Unless you sanitise the values that are going into the database, you'll leave that script open for pretty much anyone with a tiny bit of SQL knowledge to insert their own DB code into your query.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.