I have been staring at this error for over an hour now, and I can't for the life of me see what's wrong.
here is my error:
Parse error: syntax error, unexpected '(' in C:\web\account.php on line 42
here is my code (Line42 begins with "$searchstring") after the first php tag within the html.
<?php
include_once 'header.php';
include_once 'functions.php';
require_once 'login_users.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());
mysql_select_db($db_database)
or die("Unable to find database:" . mysql_error());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Weapon Build Creator</title>
<link href="styles/main.css" rel="stylesheet" type="text/css" />
<style type="text/css">
.auto-style1 {
margin-top: 0px;
}
</style>
</head>
<body style="background-image: url('images/bg.jpg')">
<div id="form" style="left: 50%">
<div class="newsdiv">
<br />
<p class="title">MY BUILDS</p>
<?php //search result table
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" "; // Line 42
$result = mysql_query($searchstring);
if (!$result) die ("Database access failed: " . mysql_error());
$rows = mysql_num_rows($result);
.... More code down here
Let me know if you can see it!
Thanks a ton!
Just escape the double-quotes:
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=\"{$_SESSION['username']}\" ";
I think you need to add the period character to concatenate your string correctly.
I.e.
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=" . ($_SESSION['username']) . " ";
The parentheses aren't actually needed either, so you could just have:
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=" . $_SESSION['username'] . " ";
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" ";
should be
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='" . $_SESSION['username'] . "'";
Change:
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" "; // Line 42
To:
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='".$_SESSION['username']."'"; // Line 42
What I have done? I have removed the brackets and used concatenation, view this link for assistance on concatenation: http://phphowto.blogspot.co.uk/2006/12/concatenate-strings.html
You have unescaped quotation marks in your sql. Use single quotes inside double quotes or concatenate using dot.
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='($_SESSION['username'])'"; // i don't know why you used `(` to wrap username
or
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='" . ($_SESSION['username']) . "'";
try this
$username= mysql_real_escape_string($_SESSION['username']);
//You should scapes the variable, if the name was O'relly you get an error in sql syntax
$searchstring = "
SELECT buildname,weapon,category,id,author,buildname
FROM weapons
WHERE author='$username' "; // on Line 42
Personally I prefer double quotes for the variable and inside single quotes to avoid " \ ."
NOTE: mysql_* extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used