Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2015-03-30 10:29:00

joel
Member
Registered: 2014-07-04
Posts: 440

( ! ) Parse error: syntax error, unexpected ')'

Hello,

its been long i have been here, i have a project i am correctly working on, this is outside of flub.there are some issues i am having about 3 to 4. and this is one of them. kindly assist on what is wrong with this code.

thanks




( ! ) Parse error: syntax error, unexpected ')' in C:\wamp\www\project\changepin.php on line 37

<?php require_once('Connections/osdbc.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"));
                       GetSQLValueString($_POST['newpin'], "text"));
                       GetSQLValueString($_POST['confirmpin'], "text"));

GetSQLValueString($_POST['newpin'], "text")); is the line 37

Last edited by joel (2015-03-30 10:59:00)


Warning! be informed and be forewarned. <p>
<?php
I'm not a native English Man. So my comments might contain some grammatical explosive (ELD), missapropreation of words (dinamyt), The use of wrong words (missiles), & mis spelling of words (war drones). Any of the occurrence can cause havoc. So be warned
?>

Offline

#2 2015-03-30 10:55:04

Smurf
Member
From: Wales - UK
Registered: 2010-09-19
Posts: 37
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

Hi

I've only given it a quick look but as reported you have an extra ) on line 37, also on 38 and 39
Take a look at the following:-
                       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"));
                       GetSQLValueString($_POST['newpin'], "text"));
                       GetSQLValueString($_POST['confirmpin'], "text"));

accountid has one opening ( and one closing )
currentpin, newpin and confirmpin have one opening ( and TWO closing )

Also accountid ends with a , Are you sure it shouldn't be a ; ?

Last edited by Smurf (2015-03-30 10:56:39)

Offline

#3 2015-03-30 11:04:59

joel
Member
Registered: 2014-07-04
Posts: 440

Re: ( ! ) Parse error: syntax error, unexpected ')'

Smurf wrote:

Hi

I've only given it a quick look but as reported you have an extra ) on line 37, also on 38 and 39
Take a look at the following:-
                       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"));
                       GetSQLValueString($_POST['newpin'], "text"));
                       GetSQLValueString($_POST['confirmpin'], "text"));

accountid has one opening ( and one closing )
currentpin, newpin and confirmpin have one opening ( and TWO closing )

Also accountid ends with a , Are you sure it shouldn't be a ; ?

i did everything and its still not working. remove one closing and also chaning the , to ; but the problem keep changing from one line to other within. 34 35 36 37 38 39


Warning! be informed and be forewarned. <p>
<?php
I'm not a native English Man. So my comments might contain some grammatical explosive (ELD), missapropreation of words (dinamyt), The use of wrong words (missiles), & mis spelling of words (war drones). Any of the occurrence can cause havoc. So be warned
?>

Offline

#4 2015-03-30 11:23:41

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

I'm quite confused by what you're trying to do, especially with the case/switch statement. You're checking if it equals a certain value, if it does you're setting $theValue to the same value with quotes - which later shows you're inserting it straight into a database query. But you're never actually defining all the values when calling the function.

$theDefinedValue and $theNotDefinedValue = "" are always going to be nothing.

You should be using htmlspecialchars on $_SERVER['PHP_SELF'] to avoid XSS attacks. While you're at it, explain what good you think breaking out of and back in to PHP again on lines #1 & #2 will do.

I'm sure I've already pointed this out to you, but you should be using prepared statements. These alleviate the need to escape anything and are much more secure because the data is kept separate from the query. The chance of SQL Injection using prepared statements is zero compared to about 95% in your current code.

You should not be using vulnerable and outdated code if you're handling payments!

Last edited by chris98 (2015-03-30 11:28:11)

Offline

#5 2015-03-30 11:31:08

Smurf
Member
From: Wales - UK
Registered: 2010-09-19
Posts: 37
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

Are you trying to add the values of       

$_POST['accountid'] (and the other 3 currentpin, newpin,confirmpin) followed by the word 'text' after each to the string   $insertSQL ?

Offline

#6 2015-03-30 11:38:24

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

What he's trying to do is add the values into the query checked with the function above with the 'text' case.

Offline

#7 2015-03-30 11:39:06

joel
Member
Registered: 2014-07-04
Posts: 440

Re: ( ! ) Parse error: syntax error, unexpected ')'

this code worked.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"));
                       GetSQLValueString($_POST['newpin'], "text");
                       GetSQLValueString($_POST['confirmpin'], "text");

but when changing the pin it bring this error

( ! ) Warning: sprintf() [function.sprintf]: Too few arguments in C:\wamp\www\project\changepin.php on line 36
Call Stack
#    Time    Memory    Function    Location
1    0.0037    402744    {main}( )    ..\changepin.php:0
2    0.0110    403992    sprintf ( )    ..\changepin.php:36
Query was empty


Warning! be informed and be forewarned. <p>
<?php
I'm not a native English Man. So my comments might contain some grammatical explosive (ELD), missapropreation of words (dinamyt), The use of wrong words (missiles), & mis spelling of words (war drones). Any of the occurrence can cause havoc. So be warned
?>

Offline

#8 2015-03-30 11:42:56

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

Read advice given. Stop using deprecated functions and use prepared statements to secure your queries.

I'm not going to help someone use insecure code which poses a security risk not only to their own website, but other accounts on the server - which is even more important to the legitimate users of any of those websites, who may get their financial details stolen through SQL Injection.

Last edited by chris98 (2015-03-30 11:43:38)

Offline

#9 2015-03-30 11:44:53

GWR
Member
From: Germany
Registered: 2010-08-06
Posts: 194

Re: ( ! ) Parse error: syntax error, unexpected ')'

Your "code worked"-code:

$insertSQL = sprintf(
  "INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin)
   VALUES (%s, %s, %s, %s, %s)",
-value 1               GetSQLValueString($_POST['accountid'], "text"),
-value 2 + ");"        GetSQLValueString($_POST['currentpin'], "text"));
-a new command         GetSQLValueString($_POST['newpin'], "text");
-another new command   GetSQLValueString($_POST['confirmpin'], "text");

So the problem is the first ");" instead of a ",", the next command should have a "," instead of ";" and the last should be "));" instead of ");"

Edit: as Chris stated: If you do not have a clue of what you are doing: do not do it and ask someone who knows it (you might have to pay for this "hints").

bye
Ron

Last edited by GWR (2015-03-30 11:46:01)

Offline

#10 2015-04-01 19:20:50

joel
Member
Registered: 2014-07-04
Posts: 440

Re: ( ! ) Parse error: syntax error, unexpected ')'

GWR wrote:

Your "code worked"-code:

$insertSQL = sprintf(
  "INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin)
   VALUES (%s, %s, %s, %s, %s)",
-value 1               GetSQLValueString($_POST['accountid'], "text"),
-value 2 + ");"        GetSQLValueString($_POST['currentpin'], "text"));
-a new command         GetSQLValueString($_POST['newpin'], "text");
-another new command   GetSQLValueString($_POST['confirmpin'], "text");

So the problem is the first ");" instead of a ",", the next command should have a "," instead of ";" and the last should be "));" instead of ");"

Edit: as Chris stated: If you do not have a clue of what you are doing: do not do it and ask someone who knows it (you might have to pay for this "hints").

bye
Ron

getting error from that first. after changing from  ",'" to ";"


Warning! be informed and be forewarned. <p>
<?php
I'm not a native English Man. So my comments might contain some grammatical explosive (ELD), missapropreation of words (dinamyt), The use of wrong words (missiles), & mis spelling of words (war drones). Any of the occurrence can cause havoc. So be warned
?>

Offline

#11 2015-04-01 19:46:03

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

You are not ready for this. Instead of rushing ahead, learning all the bad coding techniques from ten years ago (maybe longer), take the time to learn beneficial, more modern coding practices.

getting error from that first. after changing from  ",'" to ";"

I think this translates to that you want your hand held. Rather than asking people to fix the errors for you, why not try putting forth some effort and show good will yourself? You've been around in the coding industry (or at least on this forum) for long enough now to realise that vulnerable & outdated code won't fix itself.

There are far too many error messages or problems you can create to consult a forum every time you get one. The error you get is pretty self explanatory - syntax error, unexpected ')'. If you're not prepared to help yourself, and the security of the application, and for other users using it, I don't see any reason for us to help you.

Offline

#12 2015-04-02 08:17:18

joel
Member
Registered: 2014-07-04
Posts: 440

Re: ( ! ) Parse error: syntax error, unexpected ')'

i did it, here is the problem there was "id" in there,

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin) VALUES (%s, %s, %s, %s, %s)",
		       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"),
                       GetSQLValueString($_POST['newpin'], "text"),
                       GetSQLValueString($_POST['confirmpin'], "text"));

so i added the id line on it

correction that made it worked.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO changepin (id, accountid, currentpin, newpin, confirmpin) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['id'], "text"),
		       GetSQLValueString($_POST['accountid'], "text"),
                       GetSQLValueString($_POST['currentpin'], "text"),
                       GetSQLValueString($_POST['newpin'], "text"),
                       GetSQLValueString($_POST['confirmpin'], "text"));

Warning! be informed and be forewarned. <p>
<?php
I'm not a native English Man. So my comments might contain some grammatical explosive (ELD), missapropreation of words (dinamyt), The use of wrong words (missiles), & mis spelling of words (war drones). Any of the occurrence can cause havoc. So be warned
?>

Offline

#13 2015-04-02 09:39:29

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

For anyone reading this in the future, the solution is wrong. Any solution that does not use prepared statements is wrong.

Offline

#14 2015-04-02 12:14:11

seven
Member
From: Torino, Italy
Registered: 2010-08-19
Posts: 314
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

Not using prepared statements is not wrong per se. It's a matter of escaping user input.

Also, prepared statements != PDO. PDO being quite limited, it's not always the best choice over the database-specific driver (mysqli).

Mysqli prepared statements: http://php.net/manual/en/mysqli.quickst … ements.php

PHP PDO: http://php.net/manual/en/intro.pdo.php


gamezoo.org - serious gaming services for serious gamers.

Offline

#15 2015-04-03 08:01:55

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: ( ! ) Parse error: syntax error, unexpected ')'

The reason I suggested PDO over MySQLi is because it's easier to use more efficiently with prepared statements, and you have more flexibility, for example, the ability to use named parameters rather than just question marks.

It's a matter of escaping user input.

That leaves open the possibility of SQL Injection. With prepared statements, you can never have the possibility of SQL Injection because the data is kept separate from the query. You prepare the query, then execute an array with the data in, always kept separate.

Another benefit of PDO over MySQLi is that it supports 12 different database drivers, opposed to MySQLi only supporting MySQL.

EDIT: Just to sum up, I do agree with you in that MySQLi could be used as well, but PDO is a better choice for people new because it's slightly more flexible and easier.

Last edited by chris98 (2015-04-03 08:03:06)

Offline

Board footer

Powered by FluxBB