I got this error from my php code... Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Program Files\xampp\htdocs\projko\sign_in_sub.php on line 11

here is my code:

<?php
    ini_set('display_errors', 1);
    function sign_in(){
        $con = mysql_connect("localhost", "root", "dodong");
        if(!$con){
            die('Could not connect: ' . mysql_error());
        }
        
        mysql_select_db("dbko", $con);
        
        mysql_query("insert into person values($_POST['user'], $_POST['first'], $_POST['last'], $_POST['middle'])");
        mysql_query("insert into profile values($_POST['user'], $_POST['add'], $_POST['likes'], $_POST['dislike'])");
        mysql_query("insert into birthday values($_POST['month'], $_POST['day'], $_POST['year'], $_POST['user'])");
        mysql_query("insert into password values($_POST['user'], $_POST['pass'])");
        
        mysql_close($con);
        echo "You succesfully created your profile!!!";
        echo "Continue to main page by clicking ".'<'."a href ".'='.'"'."home.php".'"'.'>'."here".'<'.'/'."a".'>';
    }
?>

IMO, you should always keep $_POST outside of MySQL statements..

Define your variables above prior, and apply some error checking..

Look at strip_tags, it has some good examples on that page, and that way you can define the mySQL statement knowing that its slightly protected..

Change the var's in the mysql_query to be $var instead of $_POST;

HTH

This article has been dead for over six months. Start a new discussion instead.