How do i fix a unexpected T string? - PHP_问答_开发者

How do i fix a unexpected T string? - PHP

开发者 https://www.devze.com 2023-03-06 03:06 出处：网络

My script comes on with an unexpected t string on line five how do i fix this? <?php include_once(\"../scripts/config.php\");

相关专题：php

My script comes on with an unexpected t string on line five how do i fix this?

<?php
include_once("../scripts/config.php");


$开发者_如何学Pythonurl = mysql_real_escape_string('$_POST['url']'); // LINE 5!

preg_match("/id=(\\d+)/", $url, $matches);
$like = $matches[1];
$current_pop = mysql_query("SELECT pop FROM likes WHERE id=$like") or die ("Query failed: " . mysql_error());


$pop = $current_pop + 1;  

$update = mysql_query("UPDATE likes SET pop = ".$pop." WHERE id = ".$like."") or die ("Query failed: " . mysql_error());

?>

It should be:

$url = mysql_real_escape_string($_POST['url']);

Otherwise PHP sees '$_POST['url']', and thinks of it as consisting of 3 parts:

'$_POST[' - a string,
url - a token of some sort
']' - another string

This confuses the interpreter, as it doesn't know what to do when a string is followed by an url-token.

Your code has SQL injection vulnerabilities. Please review this before someone steals all your customer's info off of your site: http://en.wikipedia.org/wiki/SQL_injection