PHP ELSE error

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
Hi I'm working on an upload process for my project and keep receiving this error:
Parse error: syntax error, unexpected T_ELSE in /home/mediaedi/public_html/roxanne/uploadprocess.php on line 29

The error is for the last ELSE that I have used could any of you explain to me why this is occurring, could there be too many ELSE's or am i missing some code, I'm fairly new to PHP sorry if its a dumb post

PHP:
if (file_exists("fileupload/" . $newfilename))
        {
        echo "You have already uploaded this file.";
        }
        else
        {
                //old code below if it doesnt work add the if( to the m
        if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
        //$newfilename = rand(1,99999).end(explode(".",$_FILES["myfile"]["name"]));
            //move_uploaded_file($_FILES["myfile"]["tmp_name"], "fileupload/" . $newfilename;
        echo "$newfilename has been uploaded";
        }
        else                            //if an error occurred
        {
        /*header('Location: '.$redirect); */
        echo "There was an error uploading the file, please try again!";
        }
 

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
Moved to programming forum, as it is not directly hosting related.

It looks like on this line...
Code:
        if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
... there's no opening curly bracket at the end {
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
Moved to programming forum, as it is not directly hosting related.

It looks like on this line...
Code:
        if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
... there's no opening curly bracket at the end {

i can't believed i've spent 2 hours looking at this code and it was only { thanks for the help do you know if the end tag <? can cause issues I tend to get errors from it
 

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
i can't believed i've spent 2 hours looking at this code and it was only { thanks for the help do you know if the end tag <? can cause issues I tend to get errors from it
No problem :)

The end tag in PHP is ?>, not the other way round - could you try it this way?
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
No problem :)

The end tag in PHP is ?>, not the other way round - could you try it this way?

PHP:
$query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
$result2=mysql_query($query2);
    if ($handle = opendir('fileupload/')) {
    while (false !== ($entry = readdir($handle))) {
    if ($entry != "." && $entry != "..") {
    echo "$entry<br>";
    }
    }
    closedir($handle);
    } 
/*header('Location:userpage.php');*/
?>

there is an error could the error be before the tag and hence is affecting the last line??
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
there is an error could the error be before the tag and hence is affecting the last line??

Where is the opening <?php tag?

1. Post the error message
2. Post all your code. The system tells you where it notices an error in parsing. The actual error can be many lines earlier. It also helps to be able to figure out what "Line 23" actually is.
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
Where is the opening <?php tag?

1. Post the error message
2. Post all your code. The system tells you where it notices an error in parsing. The actual error can be many lines earlier. It also helps to be able to figure out what "Line 23" actually is.

PHP:
<?session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"]; // The file name
$fileTmpLoc = $_FILES["myfile"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["myfile"]["type"]; // The type of file it is
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
                      //path to which images are to be uploaded
                     
$filename=basename($_FILES['myfile']['name']); //create complete
$path = $path . basename($_FILES['myfile']['name']); //create complete
  //upload path
  //sample code below
  if (file_exists("fileupload/" . $newfilename))
        {
        echo "You have already uploaded this file.";
        }
        else
        {
                //old code below if it doesnt work add the if( to the m
        if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
        {
        //$newfilename = rand(1,99999).end(explode(".",$_FILES["myfile"]["name"]));
            //move_uploaded_file($_FILES["myfile"]["tmp_name"], "fileupload/" . $newfilename;
        echo "$newfilename has been uploaded";
        }
        else                            //if an error occurred
        {
        /*header('Location: '.$redirect); */
        echo "There was an error uploading the file, please try again!";
        }
//$query = ("INSERT INTO subfolder (subfolderid,foldername,timest)VALUES ('$subfolderid', '$foldername', '$timest')");
//$result=mysql_query($query);
$query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
$result2=mysql_query($query2);
    if ($handle = opendir('fileupload/')) {
    while (false !== ($entry = readdir($handle))) {
    if ($entry != "." && $entry != "..") {
    echo "$entry<br>";
    }
    }
    closedir($handle);
    } 
    ?>

this is my entire code for the file upload and heres the error:Parse error: syntax error, unexpected $end in /home/mediaedi/public_html/roxanne/uploadprocess.php on line 47

thanks for your help :)
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
You have an end PHP tag, but you don't actually have a start tag. You are using a short tag (<?), which is not enabled on most servers for a whole bunch of reasons (mostly having to do with conflicts with XML). You need to start with <?php.

(Note that short echo tags (<?=) are allowed, since they are not part of XML syntax.)
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
You have an end PHP tag, but you don't actually have a start tag. You are using a short tag (<?), which is not enabled on most servers for a whole bunch of reasons (mostly having to do with conflicts with XML). You need to start with <?php.

(Note that short echo tags (<?=) are allowed, since they are not part of XML syntax.)
Hi thanks for the help i made the changes but still receiving this error
Parse error: syntax error, unexpected $end in /home/mediaedi/public_html/roxanne/uploadprocess.php on line 48
line 48 is where the end tag is but i changed it as you said in the previous post
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
Are you still missing whitespace between the opening tag and session_start()? (<?phpsession_start() isn't a valid open tag either.)
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
Are you still missing whitespace between the opening tag and session_start()? (<?phpsession_start() isn't a valid open tag either.)

PHP:
<?php
session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"]; // The file name
$fileTmpLoc = $_FILES["myfile"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["myfile"]["type"]; // The type of file it is
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
                      //path to which images are to be uploaded
                     
$filename=basename($_FILES['myfile']['name']); //create complete
$path = $path . basename($_FILES['myfile']['name']); //create complete
  //upload path
  //sample code below
  if (file_exists("fileupload/" . $newfilename))
        {
        echo "You have already uploaded this file.";
        }
        else
        {
                //old code below if it doesnt work add the if( to the m
        if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
        {
        //$newfilename = rand(1,99999).end(explode(".",$_FILES["myfile"]["name"]));
            //move_uploaded_file($_FILES["myfile"]["tmp_name"], "fileupload/" . $newfilename;
        echo "$newfilename has been uploaded";
        }
        else                            //if an error occurred
        {
        /*header('Location: '.$redirect); */
        echo "There was an error uploading the file, please try again!";
        }
//$query = ("INSERT INTO subfolder (subfolderid,foldername,timest)VALUES ('$subfolderid', '$foldername', '$timest')");
//$result=mysql_query($query);
$query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
$result2=mysql_query($query2);
    if ($handle = opendir('fileupload/')) {
    while (false !== ($entry = readdir($handle))) {
    if ($entry != "." && $entry != "..") {
    echo "$entry<br>";
    }
    }
    closedir($handle);
    } 
php?>

i removed the session start from the open tag could the error be within the query
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
The end tag is just ?>, not php?>.

The query will be a problem because you haven't established a connection to issue the query over.

By the way, mysql_xxxx() is deprecated from PHP, and will be removed altogether before too much more time goes by. (It was broken to begin with - see things like mysql_real_escape_string(), since it seems that mysql_escape_string() was "just kidding" - and is the source of a lot of vulnerabilities, including but not limited to SQL injection attacks.) There are two supported alternatives you can use: mysqli_xxxx() and PDO (PHP Data Objects).
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
1. Copy your code to a new file
2. Remove all the comments
3. INDENT PROPERLY

I get ...

PHP:
<?session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"];  
$fileTmpLoc = $_FILES["myfile"]["tmp_name"];  
$fileType = $_FILES["myfile"]["type"];  
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
                       
                     
$filename=basename($_FILES['myfile']['name']);  
$path = $path . basename($_FILES['myfile']['name']);  
   
   
if (file_exists("fileupload/" . $newfilename))
{
    echo "You have already uploaded this file.";
}
else
{
             
    if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename))  
    {
     
         
        echo "$newfilename has been uploaded";
    }
    else                            
    {
     
        echo "There was an error uploading the file, please try again!";
    }


$query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
$result2=mysql_query($query2);
if ($handle = opendir('fileupload/')) {
    while (false !== ($entry = readdir($handle))) {
        if ($entry != "." && $entry != "..") {
            echo "$entry<br>";
        }
    }
    closedir($handle);
} 
    ?>

Do you see your problem now?
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
The end tag is just ?>, not php?>.

The query will be a problem because you haven't established a connection to issue the query over.

By the way, mysql_xxxx() is deprecated from PHP, and will be removed altogether before too much more time goes by. (It was broken to begin with - see things like mysql_real_escape_string(), since it seems that mysql_escape_string() was "just kidding" - and is the source of a lot of vulnerabilities, including but not limited to SQL injection attacks.) There are two supported alternatives you can use: mysqli_xxxx() and PDO (PHP Data Objects).

in terms of the connection do you mean connecting to the database as I have it included within the code as conninfo.php
I have been looking at PDO just not the best person at understanding PHP
1. Copy your code to a new file
2. Remove all the comments
3. INDENT PROPERLY

I get ...

PHP:
<?session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"]; 
$fileTmpLoc = $_FILES["myfile"]["tmp_name"]; 
$fileType = $_FILES["myfile"]["type"]; 
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
                      
                    
$filename=basename($_FILES['myfile']['name']); 
$path = $path . basename($_FILES['myfile']['name']); 
  
  
if (file_exists("fileupload/" . $newfilename))
{
    echo "You have already uploaded this file.";
}
else
{
            
    if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) 
    {
    
        
        echo "$newfilename has been uploaded";
    }
    else                           
    {
    
        echo "There was an error uploading the file, please try again!";
    }


$query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
$result2=mysql_query($query2);
if ($handle = opendir('fileupload/')) {
    while (false !== ($entry = readdir($handle))) {
        if ($entry != "." && $entry != "..") {
            echo "$entry<br>";
        }
    }
    closedir($handle);
}
    ?>

Do you see your problem now?

The problem is still appearing it doesn't seem to like the end tag
Parse error: syntax error, unexpected $end
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
i


The problem is still appearing it doesn't seem to like the end tag
Parse error: syntax error, unexpected $end

So, you apparently did not bother to look at the code I posted. Really look at it.
 

Skizzerz

Contributors
Staff member
Contributors
Messages
2,928
Reaction score
118
Points
63
@descalzo: you indented it how it should be, not how it actually is, allow me to try (I also fixed some mismatched open braces, you had some on newlines, others on the same line. I moved them all to newlines. I also removed the ?> tag entirely as it is not required for pure-PHP files).

Unrelatedly, I hope that you are also doing the following:
a) Using a .htaccess to prevent direct access to your "fileupload" directory (or if direct access is required, e.g. for image files, that you whitelist allowed file types so that people can't upload php scripts to your account and then run them)
b) Not making a public file sharing service, as file hosting is strictly disallowed by our Terms of Service.
c) Sanitizing the filename before inserting it into the database. As of now your code is vulnerable to a SQL Injection attack.
d) Don't use mysql_* functions, they are deprecated and will be removed in a later version of PHP. Use mysqli_* or PDO instead.

PHP:
<?php
session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"]; // The file name
$fileTmpLoc = $_FILES["myfile"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["myfile"]["type"]; // The type of file it is
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
//path to which images are to be uploaded
                     
$filename=basename($_FILES['myfile']['name']); //create complete
$path = $path . basename($_FILES['myfile']['name']); //create complete
//upload path
//sample code below
if (file_exists("fileupload/" . $newfilename))
{
    echo "You have already uploaded this file.";
}
else
{
    if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
    {
        echo "$newfilename has been uploaded";
    }
    else                            //if an error occurred
    {
        echo "There was an error uploading the file, please try again!";
    }
    $query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
    $result2=mysql_query($query2);
    if ($handle = opendir('fileupload/'))
    {
        while (false !== ($entry = readdir($handle)))
        {
            if ($entry != "." && $entry != "..")
            {
                echo "$entry<br>";
            }
        }
        closedir($handle);
    }
(hint: look at indentation of very last line, if your program was well-formed there should not be any indentation there at all)
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
@descalzo: you indented it how it should be, not how it actually is, allow me to try (I also fixed some mismatched open braces, you had some on newlines, others on the same line. I moved them all to newlines. I also removed the ?> tag entirely as it is not required for pure-PHP files).

Unrelatedly, I hope that you are also doing the following:
a) Using a .htaccess to prevent direct access to your "fileupload" directory (or if direct access is required, e.g. for image files, that you whitelist allowed file types so that people can't upload php scripts to your account and then run them)
b) Not making a public file sharing service, as file hosting is strictly disallowed by our Terms of Service.
c) Sanitizing the filename before inserting it into the database. As of now your code is vulnerable to a SQL Injection attack.
d) Don't use mysql_* functions, they are deprecated and will be removed in a later version of PHP. Use mysqli_* or PDO instead.

PHP:
<?php
session_start();
$usid=$_SESSION["usersid"];
include "conninfo.php";

$fileName = $_FILES["myfile"]["name"]; // The file name
$fileTmpLoc = $_FILES["myfile"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["myfile"]["type"]; // The type of file it is
$fileSize = $_FILES["myfile"]["size"];

$path = "fileupload/";
//path to which images are to be uploaded
                    
$filename=basename($_FILES['myfile']['name']); //create complete
$path = $path . basename($_FILES['myfile']['name']); //create complete
//upload path
//sample code below
if (file_exists("fileupload/" . $newfilename))
{
    echo "You have already uploaded this file.";
}
else
{
    if(move_uploaded_file($_FILES['myfile']['tmp_name'], $path . $newfilename)) //upload file
    {
        echo "$newfilename has been uploaded";
    }
    else                            //if an error occurred
    {
        echo "There was an error uploading the file, please try again!";
    }
    $query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");
    $result2=mysql_query($query2);
    if ($handle = opendir('fileupload/'))
    {
        while (false !== ($entry = readdir($handle)))
        {
            if ($entry != "." && $entry != "..")
            {
                echo "$entry<br>";
            }
        }
        closedir($handle);
    }
(hint: look at indentation of very last line, if your program was well-formed there should not be any indentation there at all)

thanks for the help the upload function is running however it does not print the file onto the database, i adds the user and creates a fileid through

I am not creating a file sharing system we covered php uploads in class and our task is to develop i secure upload that enables files to be uploaded on the server with security from mySQLinjection
 

Attachments

  • databasenotprintingfilename.png
    databasenotprintingfilename.png
    11.3 KB · Views: 2

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Why do you have two different variables $fileName and $filename ?

Where does $newfilename get its value?

Does the uploaded file end up on your file system?

By "does not print the file onto the database, i adds the user and creates a fileid through" are you saying that "the script creates a new entry in the database table with the userID, but the filename field is blank"?
 

PHPnewbie25

New Member
Messages
17
Reaction score
0
Points
1
yes it enters the user whose upload but the filename field is blank, Ive adapted the code though attempting PDO
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Code:
 $query2 = ("INSERT INTO files (filename,usid,subfolder)VALUES ('$filename', $usid, 0)");

The filename field is given the contents of $filename

If the filename field is blank, then $filename is blank.

Figure out why $filename is blank.

Throw in some
echo $filename ;
to see where you think you have given it a value.
 
Top