-3

I have been staring at this error for over an hour now, and I can't for the life of me see what's wrong.

here is my error:

Parse error: syntax error, unexpected '(' in C:\web\account.php on line 42

here is my code (Line42 begins with "$searchstring") after the first php tag within the html.

<?php

include_once 'header.php';
include_once 'functions.php';
require_once 'login_users.php';

$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());

mysql_select_db($db_database)
    or die("Unable to find database:" . mysql_error());

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Weapon Build Creator</title>

<link href="styles/main.css" rel="stylesheet" type="text/css" />

<style type="text/css">
.auto-style1 {
    margin-top: 0px;
}
</style>

</head>

<body style="background-image: url('images/bg.jpg')">

<div id="form" style="left: 50%">
<div class="newsdiv">
    <br />
    <p class="title">MY BUILDS</p>

<?php //search result table



   $searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" "; // Line 42

$result = mysql_query($searchstring);

if (!$result) die ("Database access failed: " . mysql_error());

$rows = mysql_num_rows($result);

.... More code down here

Let me know if you can see it!

Thanks a ton!

Daryl Gill
  • 5,464
  • 9
  • 36
  • 69
SteelyDan
  • 61
  • 7
  • What is line 42? Clearly mark it. – Daryl Gill Jul 31 '13 at 01:38
  • @SteelyDan - You've got a lot of answers. You really should mark an answer as accepted :-) – bestprogrammerintheworld Jul 31 '13 at 01:52
  • Noone has said it yet, so i add the mandatory: The mysql-functions in php is being [deprecated](http://php.net/manual/en/function.mysql-db-query.php) so please use [MySqli](http://www.php.net/manual/en/book.mysqli.php) or [PDO](http://www.php.net/manual/en/ref.pdo-mysql.php) instead. And please use [parameterized queries](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php). For your own safety. – Whistletoe Jul 31 '13 at 01:57
  • The error message tells you *exactly* what is wrong. It is on line 42, in account.php, and the *unexpected character* is `(`. There is only one opening parenthesis on that line... it is unexpected... it caused an error... – Sverri M. Olsen Jul 31 '13 at 02:24

6 Answers6

2
$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" ";

should be

$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='" . $_SESSION['username'] . "'";
bestprogrammerintheworld
  • 5,417
  • 7
  • 43
  • 72
2

You have unescaped quotation marks in your sql. Use single quotes inside double quotes or concatenate using dot.

 $searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='($_SESSION['username'])'"; // i don't know why you used `(` to wrap username

or 

 $searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='" . ($_SESSION['username']) . "'";
Konsole
  • 3,447
  • 3
  • 29
  • 39
1

Just escape the double-quotes:

$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=\"{$_SESSION['username']}\" ";
Ruben
  • 5,043
  • 2
  • 25
  • 49
1

Change: 

$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author="($_SESSION['username'])" "; // Line 42

To:

 $searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author='".$_SESSION['username']."'"; // Line 42

What I have done? I have removed the brackets and used concatenation, view this link for assistance on concatenation: http://phphowto.blogspot.co.uk/2006/12/concatenate-strings.html

Daryl Gill
  • 5,464
  • 9
  • 36
  • 69
  • Thanks, this worked perfectly. Thanks for the reference too. – SteelyDan Jul 31 '13 at 01:44
  • @SteelyDan This is just the first link I took off from the google searches..The search term: "PHP string concatenation" should bring up a wider range of tutorials/assistance guides – Daryl Gill Jul 31 '13 at 01:45
0

I think you need to add the period character to concatenate your string correctly.

I.e.

$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=" . ($_SESSION['username']) . " ";

The parentheses aren't actually needed either, so you could just have:

$searchstring = "SELECT buildname,weapon,category,id,author,buildname FROM weapons WHERE author=" . $_SESSION['username'] . " ";
crysallus
  • 358
  • 3
  • 5
0

try this

$username= mysql_real_escape_string($_SESSION['username']);
//You should scapes the variable, if the name was O'relly you get an error in sql syntax

$searchstring = "
SELECT buildname,weapon,category,id,author,buildname 
FROM weapons 
WHERE author='$username' "; // on Line 42

Personally I prefer double quotes for the variable and inside single quotes to avoid " \ ."

NOTE: mysql_* extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used

Emilio Gort
  • 3,475
  • 3
  • 29
  • 44