php error - i need help!

[enox10mx]

hello. I have a problem. my site http://eno.x10.mx/admin/edit.php/edit.php (Which is password protected, mind you.) has some php code and it returns this error:

[B]Parse error[/B]:  syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in [B]/home/enox10mx/public_html/admin/edit.php/edit.php[/B] on line [B]18[/B]

This is the code:

<a href="..">Home</a>
<br />
<a href="index.php">Edit/make another page</a>
<br />
<?php
$edit = "edit.php";
$filename = $_get['urltoedit']; // This is what you want to save the file as.
$content = $_post['code']; // This is the stuff that you want to put into the file.
if (empty($content)) {
$html = file_get_contents($filename');    
}
else
{
file_put_contents($filename, $content);?>
}
?>
<?php
echo "<form method='post' action='edit.php'>";
echo "<textarea name='code'>$html</textarea>";
echo "<input type='submit' value='save'>";
echo "</form>";
?>

May somebody tell me exactly what's wrong with this code?

 

[descalzo]

file_put_contents($filename, $content);?>

 

[enox10mx]

THANK YOU!your help is greatly appreciated.

---------- Post added at 09:58 PM ---------- Previous post was at 09:56 PM ----------

by the way how do you close a topic, or disable others from replying?

 

[misson]

There's no way to close a thread yourself. You can ask and hope that a forum admin will do it. To be sure of bringing it to an admin's attention, you could report your post and specify that you're just asking for the thread to be closed in the message.

Note that if you use

 instead of the more general [code] (there's also an [html] tag), vBulletin will perform syntax highlighting, which will make mistakes such as this one obvious.

[php]<a href="http://x10hosting.com/forums/programming-help/programming-help/programming-help/..">Home</a>
<br />
<a href="index.php">Edit/make another page</a>
<br />
<?php
$edit = "edit.php";
$filename = $_get['urltoedit']; // This is what you want to save the file as.
$content = $_post['code']; // This is the stuff that you want to put into the file.
if (empty($content)) {
    $html = file_get_contents($filename');    
}
else
{
    file_put_contents($filename, $content);?>
}
?>
<?php
echo "<form method='post' action='edit.php'>";
echo "<textarea name='code'>$html</textarea>";
echo "<input type='submit' value='save'>";
echo "</form>";
?>

See all that red code, starting after $filename'? Once you remove the extraneous quotation mark, you'll see:

<?php [...]
if (empty($content)) {
    $html = file_get_contents($filename);    
} else {
    file_put_contents($filename, $content);?>
}
?>
<?php
echo "<form method='post' action='edit.php'>";

It's subtle, but the "}\n?>" is black, meaning it's not within a PHP block. A good code editor/IDE will feature code highlighting, catching syntax errors as you make them.

The sample code is terribly insecure. A malicious person (or program) could use it to read or overwrite any file on your site. You should sanitize $filename to prevent this.

<br/> isn't being used semantically; use something more appropriate, such as a paragraph or list element.

There's no need to have a sequence of echo statements, which makes the code more cluttered and less readable. You can use commas:

echo "<form method='post' action='edit.php'>",
     "<textarea name='code'>$html</textarea>",
     "<input type='submit' value='save'>",
     "</form>";

or (more readable still) a heredoc:

echo <<<EOS
  <form method="post" action="edit.php">
    <textarea name="code">$html</textarea>
    <input type="submit" value="save" />
  </form>
EOS;