1

So I'm writing HTML code for form inside my PHP block like below: Add New Record in PostgreSQL Database .error {color: #FF0000;} 

$con= pg_connect("host=$host port= $port dbname=$db user=$user password=$pass") 
    or die ("Could not connect to server\n");
if(empty($_POST['title']))
{
    $titleErr= "Title is required";
    displayForm();
}
else
{
    processForm();

}
}

else
{
displayForm();
}

function processForm(){
$title = $_POST['title'];
$author = $_POST['author'];
$status = $_POST['status'];
$remark = $_POST['remark'];
$story = $_POST['story'];
$art = $_POST['art'];
if($story=='')
{
$story=0;
}
if($art=='')
{
$art=0;
}

$query = "INSERT INTO rating ".
   "(title,author,story,art, status, remarks) ".
   "VALUES('$title','$author',$story, $art,'$status','$remark')";
$rs= pg_query($con, $query) or die ("Cannot execute query:$query because".pg_last_error()."\n");

/************************************************
Save uploaded image in server
************************************************/
echo "Entered data successfully\n";
pg_close($con);
}

function displayForm()
{
print<<<END
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Title</td>
<td><input name="title" type="text" id="title"><span class="error">* <?php echo $titleErr;?></span></td>
</tr>
<tr>
<td width="100">Author</td>
<td><input name="author" type="text" id="author"></td>
</tr>
<tr>
<td width="100">Story Rating</td>
<td><input name="story" type="text" id="story"></td>
</tr>
<tr>
<td width="100">Art Rating</td>
<td><input name="art" type="text" id="art"></td>
</tr>
<tr>
<td width="100">Remarks</td>
<td><input name="remark" type="text" id="remark"></td>
</tr>
<tr>
<td width="100">Status</td>
<td><input name="status" type="text" id="status"></td>
</tr>
<tr>
<td width="100">Image</td>
<td><input name="file" type="file" id="file"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="add" type="submit" id="add" value="Add Entry">
</td>
</tr>
</table>
</form>
END;
}
?>
</body>
</html>

In the function displayForm(), I keep getting this error: Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING), specifically in this line: " enctype="multipart/form-data">

I made sure already there's no leading space at the closing of the Heredoc and the beginning of the Heredoc, and I can't find any solution on the net. What I'm trying to achieve is displaying the error message besides the required fields after the user click submit (display the form once again, now with error message). Please suggest me a solution on this as well in case the structure of my code is wrong.

Improve this question
1
  • please remove the unneeded part of your code and show just the line throwing the error (maybe some context, but not all code). Commented May 21, 2014 at 11:35

3 Answers 3

Reset to default
1

You should encapsulate your indexed variable like this inside your quoted string or heredoc: {$_SERVER["PHP_SELF"]}

But that is not your only problem. Your next problem is that you are trying to open a <?php tag inside the heredoc. Though this should not give you an error, it will also not work. You are already inside PHP! So this will just literally output that code.

You can use variables within heredoc as I already stated. If it's an indexed variable (meaning it uses []), use curly braces {} around the variable. But you cannot call functions (such as htmlspecialchars()) from within the heredoc. Call the function before you start your heredoc. (edit: As Marcin Nabialek shows us in his answer, there is a work-around to call functions from within the heredoc. But you then have to first put the function name in another variable again.)

So what you need to do is change :

print<<<END
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">

into:

$phpself = htmlspecialchars($_SERVER["PHP_SELF"]);
print<<<END
<form method="post" action="$phpself" enctype="multipart/form-data">

And change:

<td><input name="title" type="text" id="title"><span class="error">* <?php echo $titleErr;?></span></td>

into:

<td><input name="title" type="text" id="title"><span class="error">* $titleErr</span></td>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

OK, it does fix the problem. However, I get Access Forbidden upon submitting. The URL is now appended with the string inside the action
@DawinWidjaja I don't understand what you mean. What do you mean with "The URL is now appended with the string inside the action" ?
Don't mind it, it's before you modified you solution. I understand now and it worked already with some tweaking in the parameter. The problem was putting <?php?> inside php.
1

In heredoc syntax you cannot use <?php to display variables.

You cannot use functions directly, but you can store function name in variable if you want to use it. So your function could be simple defined as below:

function displayForm()
{
$htmlspecialchars = 'htmlspecialchars';
print <<<END
<form method="post" action="{$htmlspecialchars($_SERVER["PHP_SELF"])}" enctype="multipart/form-data">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Title</td>
<td><input name="title" type="text" id="title"><span class="error">* {$titleErr}</span></td>
</tr>
<tr>
<td width="100">Author</td>
<td><input name="author" type="text" id="author"></td>
</tr>
<tr>
<td width="100">Story Rating</td>
<td><input name="story" type="text" id="story"></td>
</tr>
<tr>
<td width="100">Art Rating</td>
<td><input name="art" type="text" id="art"></td>
</tr>
<tr>
<td width="100">Remarks</td>
<td><input name="remark" type="text" id="remark"></td>
</tr>
<tr>
<td width="100">Status</td>
<td><input name="status" type="text" id="status"></td>
</tr>
<tr>
<td width="100">Image</td>
<td><input name="file" type="file" id="file"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="add" type="submit" id="add" value="Add Entry">
</td>
</tr>
</table>
</form>
END;
}
?>

You should also look at Heredoc documentation

Improve this answer

2 Comments

You just took out the htmlspecialchars() ? That is probably the entire reason why OP even tried to resort to opening <?php tags inside the heredoc. -1
I've simple missed it. I've just corrected the code
-1

The " before PHP_SELF closes the initial one.

"<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"

You should write:

"<?php echo htmlspecialchars($_SERVER[\"PHP_SELF\"]);?>"

or

"<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"

Improve this answer

1 Comment

did your solution. It gives me this error instead: Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.