current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
stack overflow careers
Sign up ×
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute:
up vote -2 down vote favorite

I'm trying to avoid an SQL injection attack and thanks to @Matthew Johnson, I'm nearly there ( I think ).

Getting a syntax error on the "$stmt->execture();" line:

PHP Parse error:  syntax error, unexpected '$stmt' (T_VARIABLE)

I have 24 fields and there are 24 "?" and "s" or "i" so I don't think there is a mismatch.

 <?php

 if (isset($_POST['submit'])) {

 include ('cc_connect.php');

 if (!$dbcon) {
die("Can not Connect: " . mysql_error());

}

mysql_select_db("cooperstown",$dbcon);

$first_name = isset($_POST['first_name']) ? $_POST['first_name'] : '';
$last_name = isset($_POST['last_name']) ? $_POST['last_name'] : '';
$street = isset($_POST['street']) ? $_POST['street'] : '';
$city = isset($_POST['city']) ? $_POST['city'] : '';
$state = isset($_POST['state']) ? $_POST['state'] : '';
$zip = isset($_POST['zip']) ? $_POST['zip'] : '';
$home_phone = isset($_POST['home_phone']) ? $_POST['home_phone'] : '';
$email = isset($_POST['email']) ? $_POST['email'] : '';
$birth_month = isset($_POST['birth_month']) ? $_POST['birth_month'] : '';
$birth_day = isset($_POST['birth_day']) ? $_POST['birth_day'] : '';
$birth_year = isset($_POST['birth_year']) ? $_POST['birth_year'] : '';
$grade = isset($_POST['grade']) ? $_POST['grade'] : '';
$school = isset($_POST['school']) ? $_POST['school'] : '';
$tryout_date = isset($_POST['tryout_date']) ? $_POST['tryout_date'] : '';
$guard1_first_name = isset($_POST['guard1_first_name']) ? $_POST['guard1_first_name'] : '';
$guard1_last_name = isset($_POST['guard1_last_name']) ? $_POST['guard1_last_name'] : '';
$guard1_email = isset($_POST['guard1_email']) ? $_POST['guard1_email'] : '';
$guard1_phone = isset($_POST['guard1_phone']) ? $_POST['guard1_phone'] : '';
$guard1_cell = isset($_POST['guard1_cell']) ? $_POST['guard1_cell'] : '';
$guard2_first_name = isset($_POST['guard2_first_name']) ? $_POST['guard2_first_name'] : '';
$guard2_last_name = isset($_POST['guard2_last_name']) ? $_POST['guard2_last_name'] : '';
$guard2_email = isset($_POST['guard2_email']) ? $_POST['guard2_email'] : '';
$guard2_phone = isset($_POST['guard2_phone']) ? $_POST['guard2_phone'] : '';
$guard2_cell = isset($_POST['guard2_cell']) ? $_POST['guard2_cell'] : '';


if ($first_name && $last_name && $street && $city && $state && $zip && $home_phone && $email && $birth_month && $birth_day && $birth_year && $grade && $school && $tryout_date && $guard1_first_name && $guard1_last_name && $guard1_email && $guard1_phone && $guard1_cell && $guard2_first_name && $guard2_last_name && $guard2_email && $guard2_phone && $guard2_cell) {

$stmt = $mysqli->prepare("INSERT INTO cobra_registration (first_name,last_name,street,city,state,zip,home_phone,email,birth_month,birth_day,birth_year,grade,school,tryout_date,guard1_first_name,guard1_last_name,guard1_email,guard1_phone,guard1_cell,guard2_first_name,guard2_last_name,guard2_email,guard2_phone,guard2_cell) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssiisiiiisssssiisssii", $first_name, $last_name, $street, $city, $state, $zip, $home_phone, $email, $birth_month, $birth_day, $birth_year, $grade, $school, $tryout_date, $guard1_first_name, $guard1_last_name, $guard1_email, $guard1_phone, $guard1_cell, $guard2_first_name, $guard2_last_name, $guard2_email, $guard2_phone, $guard2_cell)
$stmt->execute();
}


}

?>
share|improve this question

closed as off-topic by vol7ron, asawyer, Álvaro González, rahilwazir, Gumbo Jul 11 '14 at 17:19

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • "This question was caused by a problem that can no longer be reproduced or a simple typographical error. While similar questions may be on-topic here, this one was resolved in a manner unlikely to help future readers. This can often be avoided by identifying and closely inspecting the shortest program necessary to reproduce the problem before posting." – asawyer, Álvaro González, rahilwazir, Gumbo
If this question can be reworded to fit the rules in the help center, please edit the question.
    
What's your question? – vol7ron Jul 11 '14 at 17:09
    
Is "syntax error" the complete information provided by the DBMS? – Álvaro González Jul 11 '14 at 17:11
    
What is the error? – ssergei Jul 11 '14 at 17:11
1  
Have you heard of ; – AbraCadaver Jul 11 '14 at 17:13
    
Cool, the error message was fake. I've edited the question to add the actual message so at least others who google here in the future don't get confused. (Of course, Stack Overflow is not an animal traction spell checker so the question is off-topic.) – Álvaro González Jul 11 '14 at 17:39

1 Answer 1

up vote 1 down vote

You forgot a semi-colon at the end of the line.
Replace:

$stmt->bind_param("sssssiisiiiisssssiisssii", $first_name, $last_name, $street, $city, $state, $zip, $home_phone, $email, $birth_month, $birth_day, $birth_year, $grade, $school, $tryout_date, $guard1_first_name, $guard1_last_name, $guard1_email, $guard1_phone, $guard1_cell, $guard2_first_name, $guard2_last_name, $guard2_email, $guard2_phone, $guard2_cell)

With:

$stmt->bind_param("sssssiisiiiisssssiisssii", $first_name, $last_name, $street, $city, $state, $zip, $home_phone, $email, $birth_month, $birth_day, $birth_year, $grade, $school, $tryout_date, $guard1_first_name, $guard1_last_name, $guard1_email, $guard1_phone, $guard1_cell, $guard2_first_name, $guard2_last_name, $guard2_email, $guard2_phone, $guard2_cell);
share|improve this answer
    
Grrr... it was that ; ! thanks!!! – jd5 Jul 11 '14 at 17:16
    
So the syntax error is gone but the data is not inserting into the table when it is submitted. Any help is appreciated! – jd5 Jul 11 '14 at 17:23

Not the answer you're looking for? Browse other questions tagged or ask your own question.