Parse error: syntax error, unexpected T_VARIABLE on line 107

Question

The line 107 in the below code is

$sql="INSERT INTO " $table_name " (confirm_code,name,password,email,address,phone,education,date_of_birth) VALUES 
        ('".$confirm_code."','".$name."','".$pwd."','".$email."','".$adres."','".$phno."','".$educon."','".$dob."') "; "

i am getting unexpected T_VARIABLE;

<?php
if(isset($_POST['Register']))
{ 
    $name= $_POST['uname'];
    $pwd= $_POST['pswd'];
    $email= $_POST['email'];
    $phno= $_POST['phno']; 
    $adrs= str_replace("'","`",$_POST['adres']);
    $adres  =   $adrs;
    $educon= $_POST['educon']; 
    $dob= $_POST['dob'];
    $chkname    =   "select email from ".USREG." where email='".$email."'";
    $res        =       mysql_query($chkname, $con) or die(mysql_error());
    $chkresult=mysql_fetch_array($res);
    $uemail= $chkresult['email'];
     //print_r($uemail);die();
     include ('config.php');
     $table_name=temp_members_db;
     $confirm_code=md5(uniqid(rand()));
        if($uemail==$email)
        {
            echo ' <p style="color:red">Email <b> '.$email.' </b> Already exists</p>';
        }
        else
        {
            $sql="INSERT INTO " $table_name      "(confirm_code,name,password,email,address,phone,education,date_of_birth) VALUES 
             ('".$confirm_code."','".$name."','".$pwd."','".$email."','".$adres."','".$phno."','".$educon."','".$dob."') ";
             $result  = mysql_query($sql, $con) or die(mysql_error());
            if($result)
            {  
                $to=$email;
                echo '<p style="color:green"> '.$name.' Your Registration Success</p> <br/>'; 
                $subject    =   "your confirmation link here";
                            $headers  = 'MIME-Version: 1.0' . "\r\n";
                            $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";  
                            $header = 'From: ShareLibrary <'.ADMIN_MAIL.'>' . "\r\n";  
                            $admMesg    =   $email." is registered "; 
                            $message = "your confrimation link \r\n";
                            $message = "click on this link to activae your account \r\n";
                            $message = "http://www.xxxxxx.in/confirmation.php?passkey=$confirm_code";
                            $sentmail = $mail($to,$subject,$message,$header);
           if($sentmail)
                {   
                    echo '<p style="color:green">registration details sent to  '.$email.' </p><br/>';
                }
                else
                {
                    echo '<p style="color:red">registration details sending to your mail was failed';
                }
            }
            else
            { 
                echo "<p>Registration FAILED</p>";
            }
        } 
    } 
?>

the above code is for user registration form after registration completes the activation code will go to users registered mail id.

i knew that T_VARIABLE error will occurs mostly due to missing semicolon or braces from the before line where the error is showing. but i think i ended the before line with semicolon and i did't miss any braces. but still i am getting this unexpected t_variable error i dont know why it is coming. please any one help me with this how to solve this problem

You don't concatenate `$table_name` in `$sql="INSERT INTO " $table_name "`.. it should be like `$sql="INSERT INTO ". $table_name ."` — Jon, Jan 15 '15 at 18:55
`temp_members_db` if that isn't a constant, then it needs to be wrapped in quotes. — Funk Forty Niner, Jan 15 '15 at 18:56
Have a look [here](http://stackoverflow.com/search?q=unexpected+T_VARIABLE). — The Blue Dog, Jan 15 '15 at 18:57
This looks like it has several SQL injection vulnerabilities. — halfer, Jan 15 '15 at 19:03

score 5 · Accepted Answer · edited May 23 '17 at 12:20

5

You're missing your concatenation operators:

 $sql="INSERT INTO " $table_name      "(confi
                   ^^^^^         ^^^^^
                   HERE          HERE

It should be

$sql="INSERT INTO " . $table_name . "(confi

PHP should also be warning you about $table_name=temp_members_db;.

You're missing quotes around your string value temp_members_db which is considered/treated as a constant if not quoted.

$table_name='temp_members_db';

FYI, you are also wide open to SQL injections.

edited May 23 '17 at 12:20

Community

1
1

answered Jan 15 '15 at 18:56

John Conde

217,595
99
455
496

3

I'm also wondering about `$table_name=temp_members_db;` - Whether that's a constant or not. `temp_members_db` – Funk Forty Niner Jan 15 '15 at 18:57
1

@Fred-ii- That should be annoying PHP, too. – John Conde Jan 15 '15 at 18:57
1

It probably will, soon after OP fixes the concatenation. – Funk Forty Niner Jan 15 '15 at 18:58
And if so we'll get another typographical error question as a followup! We should probably point that out now. ^^ (As I see you just did haha) – Jon Jan 15 '15 at 18:59
@JohnConde I think we can call that green ticky a fine "assist" ;-) Yet another happy ending. – Funk Forty Niner Jan 15 '15 at 19:14

score 0 · Answer 2 · answered Jan 15 '15 at 18:57

0

Missing dots in concatenating strings around the $table_name:

$sql = "INSERT INTO " . $table_name . "(confirm_code, name, password, email, address, phone, education, date_of_birth) VALUES ...

answered Jan 15 '15 at 18:57

pavel

26,538
10
45
61

Parse error: syntax error, unexpected T_VARIABLE on line 107

2 Answers2

Linked