Code error, cant figure it out

ace2109

ace2109

ace2109

Associate
Joined
28 Dec 2002
Posts
2,400
Location
Northern Ireland
Hi guys, could u have a look at this for me, cant figure it out at all.

I keep getting an error on line 51???

This is line 51:
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main_no_links.dwt.php" codeOutsideHTMLIsLocked="false" -->

And this is all the code:


<?php
// Connect to the database
require_once "db.php";

// Check to ensure the form was submitted to this page
if(isset($_POST['fname']))
{
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$cnumber = mysql_real_escape_string($_POST['cnumber']);
$address = mysql_real_escape_string($_POST['address']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$dob = mysql_real_escape_string($_POST['dob']);
$email = mysql_real_escape_string($_POST['email']);
$addinfo = mysql_real_escape_string($_POST['addinfo']);
$mnumber = mysql_real_escape_string($_POST['mnumber']);

// Query the database to see if the email is already in the records
$query = "SELECT * FROM wlist WHERE email='$email'";
$result = mysql_query($query) or die(mysql_error());
$nor = mysql_num_rows($result);

if($nor == 0)
{
// There is no record of the email in the database, so add the details
$query = "INSERT INTO wlist " .
"(fname,lname,cnumber,address,postcode,dob,email,addinfo,mnumber) " .
"VALUES " .
"('$fname','$lname','$cnumber','$address','$postcode','$dob','$email','$addinfo','$mnumber')";
$result = mysql_query($query) or die(mysql_error());
$message = "Thank you. Your details have been added to our waiting list, if a position becomes available we will contact you using the details you have provided.";
}// if($nor == 0)
else
{
// The email is already in the database
$message = "Thank you. Your details are already on our waiting list, if a position becomes available we will contact you using the details you have provided.";
}// else to if($nor == 0)

}// if(isset($_POST['fname']))
else
{
// The form was not submitted to this page
$message = "Please complete the registration form first";
}// else to if(isset($_POST['fname']))

// Optional: Close the connection to the database as it is no longer required
mysql_close($connection);

echo "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main_no_links.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<link rel="apple-touch-icon" href="/apple-icon-glossy.png"/>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Portadown Liverpool Supporters Club</title>
<meta http-equiv="refresh" content="6; url=http://www.plfsc.co.uk">
<!-- InstanceEndEditable -->
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
<style type="text/css">
<!--
body {
background-image: url(images/grass.jpg);
background-repeat: repeat-x;
font-family: Verdana, Geneva, sans-serif;
}
body,td,th {
font-family: Verdana, Arial, Helvetica, sans-serif;
}
a:link {
color: #DD0000;
text-decoration: none;
}
a:visited {
color: #DD0000;
text-decoration: none;
}
a:hover {
color: #0075cb;
text-decoration: none;
}
a:active {
color: #DD0000;
text-decoration: none;
}
-->
</style>
<link href="main.css" rel="stylesheet" type="text/css" />

<script type="text/javascript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a.indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a;}}
}
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a)&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers.document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>

<style type="text/css">
<!--
.style1 {font-size: small}
.style2 {color: #FFFFFF}
.style3 {font-size: x-small}
-->
</style>
</head>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-7642494-6");
pageTracker._trackPageview();
} catch(err) {}</script>
<body onload="MM_preloadImages('images/kickout.jpg','images/hillsborough.jpg')">
<p><img src="plsc title bar.png" width="1000" height="130" /></p>
<br />
<!-- InstanceBeginEditable name="Main_region" -->
<table width="610" border="0" align="center">
<tr>
<td width="604" height="74" class="body_text_red_medium"><?php echo $message; ?>
<div align="center"></div>
<div align="center"></div></td>
</tr>
<tr>
<td class="body_text_black"><div align="center" class="body_text_red_medium">You will now be returned to our homepage. Please click <a href="http://www.plfsc.co.uk">here</a> if you are not automatically returned.</div></td>
</tr>
</table>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<!-- InstanceEndEditable -->
<table width="815" border="0" align="center">
<tr>
<td width="155"><a href="http://www.kickitout.org/" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Image3','','images/kickout.jpg',1)"><img src="images/kickout.jpg" name="Image3" width="155" height="90" border="0" id="Image3" /></a></td>
<td width="500"><img src="images/anfield_panoramic.jpg" width="500" height="104" /></td>
<td width="146" height="60"><div align="center"><a href="http://www.liverpoolfc.tv/lfc_story/memorial/" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Image4','','images/hillsborough.jpg',1)"><img src="images/hillsborough.jpg" name="Image4" width="155" height="86" border="0" id="Image4" /></a></div></td>
</tr>
<tr>
<td colspan="3"><p align="center" class="style3">Site Designed and Maintained by <a href="http://www.pcsupergeeks.co.uk">PC SuperGeeks</a><br />
Copyright &copy; 2009 Portadown Liverpool Football Supporters Club</p></td>
</tr>
</table>

</body>
<!-- InstanceEnd --></html>
 
You're trying to echo it as a string literal inside double quotes, which means you'll have to escape every double quote character that occurs in the markup. This is hugely impractical, so you're better off just outputting it implicitly by not putting it in a PHP execution block, i.e.:

PHP: 
<?php

// ...stuff...

// Optional: Close the connection to the database as it is no longer required
mysql_close($connection);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main_no_links.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>

...more stuff...

Also, please use code tags in future! (Preferably PHP tags for PHP code)
 
Just as a heads up are you doing any regex checks on the variables? as if its a serious site security is so important and it is quite easy for anyone to just do an SQL injection and delete your whole DB.
 
You must log in or register to reply here.
Back
Top Bottom