Help with Escaping string - Webmaster Forum - Web Design, Programming and SEO forums

04-12-2009, 03:05 AM

The_Return

Status: Member
Join date: Apr 2009
Location:
Expertise: Web Design, xHtml, php
Software: Photoshop, Dreamweaver

Posts: 206

iTrader: 11 / 100%

The_Return is on a distinguished road

Help with Escaping string

I get a Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in D:\xampp1\htdocs\header.php on line 181

line 181 is line 6 on pastebin;
http://pastebin.com/d1eeabdb0

PHP Code:


			
    <?php

    mysql_select_db($db_name);

    $linkovi  = mysql_query("SELECT title,link,tooltip FROM pages WHERE position = '1' ORDER BY orderby ASC") or die (mysql_error());

    while ($linkovi2=mysql_fetch_assoc($linkovi))

    {

        print '<a href="'.$linkovi2['link'].'" title="" onmouseover="$WowheadPower.showTooltip(event, '.$linkovi2['tooltip'].')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();">'.$linkovi2['title'].'</a>';

    }

    ?>

// example tooltip link for regular html
<a href="./quest.php?name=shoutbox" onmouseover="$WowheadPower.showTooltip(event, 'Chat with other b3ckswow users Live!')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();">Shoutbox </a>

I can tell you the way I have been using to pull info from the DB using PHP is
'.$linkovi2['tooltip'].'
but
onmouseover="$WowheadPower.showTooltip(event, 'Chat with other b3ckswow users Live!')"
the event uses '' already to enclapse the tooltip info, I am pretty lost right about now, any help would be greatly appriciated.

04-12-2009, 03:22 AM

46Bit

Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:

Posts: 275

iTrader: 10 / 100%

46Bit is on a distinguished road

print is a function - you need to enclose anything you want to output using it with brackets. In this scenario anyway you want to use echo. The fixed code below also includes some changes from the original to speed up the script (and a few bug fixes) that are detailed below.

PHP Code:


			
                    <?php
                    mysql_select_db($db_name);
                    $linkovi  = mysql_query('SELECT `title`, `link`, `tooltip` FROM `pages` WHERE `position` = 1 ORDER BY `orderby` ASC') or die (mysql_error());
                    while ($linkovi2=mysql_fetch_assoc($linkovi))
                    {
                        echo '<a href="'.$linkovi2['link'].'" title="" onmouseover="$WowheadPower.showTooltip(event, '.$linkovi2['tooltip'].')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();">'.$linkovi2['title'].'</a>';
                    }
                    ?>

<!-- example toolip link for regular html -->
<a href="./quest.php?name=shoutbox" onmouseover="$WowheadPower.showTooltip(event, 'Chat with other b3ckswow users Live!')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();">Shoutbox</a>

Also, a few tips:
In an SQL Statement, you don't need to enclose integers in quotes.

Code:

SELECT title,link,tooltip FROM pages WHERE position = '1' ORDER BY orderby ASC

Would be better written as:

Code:

SELECT `title`, `link`, `tooltip` FROM `pages` WHERE `position` = 1 ORDER BY `orderby` ASC

I've also enclosed table and field names in ` characters. You can insert these by pressing the key just below the ESC key on your keyboard, and whilst not strictly necessary they help to make your code easier to read.

There is no need to put the SQL Statement in double quotes, single will do in this case.

PHP Code:


			
$linkovi  = mysql_query("SELECT title,link,tooltip FROM pages WHERE position = '1' ORDER BY orderby ASC") or die (mysql_error());

Would be better written as:

PHP Code:


			
$linkovi  = mysql_query('SELECT `title`, `link`, `tooltip` FROM `pages` WHERE `position` = 1 ORDER BY `orderby` ASC') or die (mysql_error());

There's no point to using double quotes unless you wish to embed variables directly into the string.
As you're not doing this, you should use single quotes - it's (slightly) faster. If you do want to put variables into the statement, insert them as you do in the echo statement - that is, like ' . $variable . ' - which provides a speed boost over using double quotes to insert variables into the string.
When putting variables into the sql though, make sure to use mysql_real_escape_string() to prevent any malicious users making your query do something unexpected (search google for 'sql injection php' or similar for more information on this).

Finally, make sure you check that mysql_select_db() doesn't produce an error. I assume you've used mysql_connect() prior to including this file, otherwise it *probably* won't work.

04-12-2009, 01:18 PM

The_Return

Status: Member
Join date: Apr 2009
Location:
Expertise: Web Design, xHtml, php
Software: Photoshop, Dreamweaver

Posts: 206

iTrader: 11 / 100%

The_Return is on a distinguished road

Thank you