Parse error: syntax error, unexpected T_VARIABLE, expecting T_FUNCTION

php ajax syntax-error

35,466

Solution 1

Ok, even this gives an error:

class WhosOnline{
    public $rn = $_GET['room'];
}

This also gives an error:

$v = "Hi there";
class WhosOnline{
    public $rn = $v;
}

The error is because you're trying to set a variable based on another variable in the class definition. You could do this in the constructor. Or you can set class members based on CONSTANTS (as you were doing with the query string). But why not rewrite your WhosOnline method like this:

public function DisplayUsers(){
    $get_current_status = mysql_query(
        "SELECT * FROM `online_users` WHERE `room` = '" 
            . mysql_real_escape_string($_GET['room']) . "'");
    if(mysql_num_rows($get_current_status)!=0){
        while($row_status = mysql_fetch_array($get_current_status)){
            if($_SESSION['username']==true){
                echo "<div class='online_margin'>   <b>".base64_decode($row_status['username'])."</b></div><hr style='border: 0; border-top:  solid 1px #D8D8D8;margin: 5px 10px 5px 10px;' />";
            }
        }
    }
}

This will also remove any potential errors you might have with $this-> references missing.

Solution 2

$rn = $_GET['room'];
protected $get_status_query = "SELECT * FROM `online_users` WHERE `room` =     '{$rn}'";

This is a bad habit that you need to break RIGHT NOW.

protected function get_status_query($rn) {
  return "SELECT * FROM `online_users` WHERE `room` =     '". sanitize($rn) . "'";
};

Implementation of sanitize() is left to the reader.

Solution 3

you could not initialized any variable directly in class , try this

public $rn;
protected $get_status_query;

public __construct(){
      $this->rn = $_GET['room'];
      $this->get_status_query = "SELECT * FROM `online_users` WHERE `room` = '{$this->rn}'";
}

35,466

Author by

Admin

Updated on August 31, 2020

Comments

Admin over 3 years

Could someone tell me what I'm doing wrong?

I want to display the users online on specific rooms only.

the code below is the function that calls my online.php this is under my chat.php when I load the page this function also loads.

function whos_online() {
  if ( window.XMLHttpRequest ) {
    xmlhttp = new XMLHttpRequest();
  } else { 
    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  xmlhttp.open("GET", "online.php?room=<?php $_SESSION['room']?>", false);
  xmlhttp.send();
  document.getElementById("whos_online").innerHTML = xmlhttp.responseText; 
}

ONLINE.PHP

this is the content of my online.php

<link rel="stylesheet" type="text/css" href="style.css" />
<?php

    session_start();
    include 'db.inc.php';

    class WhosOnline{
        $rn = $_GET['room'];
        protected $get_status_query = "SELECT * FROM `online_users` WHERE `room` = '{$rn}'";
        public function DisplayUsers(){
            $get_current_status = mysql_query( $this->get_status_query );
            if( mysql_num_rows( $get_current_status ) != 0 ) {
                while( $row_status = mysql_fetch_array( $get_current_status ) ) {
                    if( $_SESSION['username'] == true ) {
                        echo "<div class='online_margin'>
                                <b>".base64_decode($row_status['username'])."</b>
                              </div>
                              <hr style='border: 0; border-top: solid 1px #D8D8D8;margin: 5px 10px 5px 10px;' />";
                    }
                }
            }
        }
    }

    $Online = new WhosOnline;
    $Online->DisplayUsers();
?>

Any help?

Zombaya about 12 years

Yes, you can, but only with a fixed value like 3 or "I am a string"
Moyed Ansari about 12 years

@zombaya I mean the post variables and initialization of query
Zombaya about 12 years

Maybe add the initialization in a constructor.
Admin about 12 years

I tried to replace according to your correction now I am getting an sql error mysql_num_rows() expects parameter 1 to be resource, boolean given
orourkek about 12 years

You couldn't take the time to answer his question in this post? Great point about injection vulnerability, but this isn't an answer...
Admin about 12 years

I tried implementing your code. And it says call to undefined function sanitize()
Admin about 12 years

on my original post it points out to online.php line number 10
craigmj about 12 years

Ah, sorry - I copied that from above. But that's a separate error. As they say above, that's for the reader to implement ;-) Rather use mysql_safe_string(..). Made the change.
Ignacio Vazquez-Abrams about 12 years

@orourkek: You're right. It's not an answer. It's a solution.
orourkek about 12 years

I agree that it's obviously something that has to be learned, but the actual answer is so darn simple that it just seems silly not to include it. In any case @user1232117, the answer to your question is below, but you should definitely follow this advice as well.
Hammerite about 12 years

Your approach isn't that much better. Don't build queries this way. Use prepared statements.
Admin about 12 years

@orourkek im sorry sir im just new in coding. where can i find it sir?
Admin about 12 years

Call to undefined function mysql_safe_string() when I tried the mysql_safe_string
Admin about 12 years

@IgnacioVazquez-Abrams Sir I cant figure out why it returns an sql_error.
craigmj about 12 years

Good grief- sorry, far too late at night. The function is mysql_real_escape_string(..)
Admin about 12 years

thanks so much. I finally solved the problem using your solution.