Parse error: syntax error, unexpected T_VARIABLE, expecting T_FUNCTION
Solution 1
Ok, even this gives an error:
class WhosOnline{
public $rn = $_GET['room'];
}
This also gives an error:
$v = "Hi there";
class WhosOnline{
public $rn = $v;
}
The error is because you're trying to set a variable based on another variable in the class definition. You could do this in the constructor. Or you can set class members based on CONSTANTS (as you were doing with the query string). But why not rewrite your WhosOnline method like this:
public function DisplayUsers(){
$get_current_status = mysql_query(
"SELECT * FROM `online_users` WHERE `room` = '"
. mysql_real_escape_string($_GET['room']) . "'");
if(mysql_num_rows($get_current_status)!=0){
while($row_status = mysql_fetch_array($get_current_status)){
if($_SESSION['username']==true){
echo "<div class='online_margin'> <b>".base64_decode($row_status['username'])."</b></div><hr style='border: 0; border-top: solid 1px #D8D8D8;margin: 5px 10px 5px 10px;' />";
}
}
}
}
This will also remove any potential errors you might have with $this->
references missing.
Solution 2
$rn = $_GET['room']; protected $get_status_query = "SELECT * FROM `online_users` WHERE `room` = '{$rn}'";
This is a bad habit that you need to break RIGHT NOW.
protected function get_status_query($rn) {
return "SELECT * FROM `online_users` WHERE `room` = '". sanitize($rn) . "'";
};
Implementation of sanitize()
is left to the reader.
Solution 3
you could not initialized any variable directly in class , try this
public $rn;
protected $get_status_query;
public __construct(){
$this->rn = $_GET['room'];
$this->get_status_query = "SELECT * FROM `online_users` WHERE `room` = '{$this->rn}'";
}
Admin
Updated on August 31, 2020Comments
-
Admin over 3 years
Could someone tell me what I'm doing wrong?
I want to display the users online on specific rooms only.
the code below is the function that calls my online.php this is under my chat.php when I load the page this function also loads.
function whos_online() { if ( window.XMLHttpRequest ) { xmlhttp = new XMLHttpRequest(); } else { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.open("GET", "online.php?room=<?php $_SESSION['room']?>", false); xmlhttp.send(); document.getElementById("whos_online").innerHTML = xmlhttp.responseText; }
ONLINE.PHP
this is the content of my online.php
<link rel="stylesheet" type="text/css" href="style.css" /> <?php session_start(); include 'db.inc.php'; class WhosOnline{ $rn = $_GET['room']; protected $get_status_query = "SELECT * FROM `online_users` WHERE `room` = '{$rn}'"; public function DisplayUsers(){ $get_current_status = mysql_query( $this->get_status_query ); if( mysql_num_rows( $get_current_status ) != 0 ) { while( $row_status = mysql_fetch_array( $get_current_status ) ) { if( $_SESSION['username'] == true ) { echo "<div class='online_margin'> <b>".base64_decode($row_status['username'])."</b> </div> <hr style='border: 0; border-top: solid 1px #D8D8D8;margin: 5px 10px 5px 10px;' />"; } } } } } $Online = new WhosOnline; $Online->DisplayUsers(); ?>
Any help?
-
Zombaya about 12 yearsYes, you can, but only with a fixed value like
3
or"I am a string"
-
Moyed Ansari about 12 years@zombaya I mean the post variables and initialization of query
-
Zombaya about 12 yearsMaybe add the initialization in a constructor.
-
Admin about 12 yearsI tried to replace according to your correction now I am getting an sql error mysql_num_rows() expects parameter 1 to be resource, boolean given
-
orourkek about 12 yearsYou couldn't take the time to answer his question in this post? Great point about injection vulnerability, but this isn't an answer...
-
Admin about 12 yearsI tried implementing your code. And it says call to undefined function sanitize()
-
Admin about 12 yearson my original post it points out to online.php line number 10
-
craigmj about 12 yearsAh, sorry - I copied that from above. But that's a separate error. As they say above, that's for the reader to implement ;-) Rather use mysql_safe_string(..). Made the change.
-
Ignacio Vazquez-Abrams about 12 years@orourkek: You're right. It's not an answer. It's a solution.
-
orourkek about 12 yearsI agree that it's obviously something that has to be learned, but the actual answer is so darn simple that it just seems silly not to include it. In any case @user1232117, the answer to your question is below, but you should definitely follow this advice as well.
-
Hammerite about 12 yearsYour approach isn't that much better. Don't build queries this way. Use prepared statements.
-
Admin about 12 years@orourkek im sorry sir im just new in coding. where can i find it sir?
-
Admin about 12 yearsCall to undefined function mysql_safe_string() when I tried the mysql_safe_string
-
Admin about 12 years@IgnacioVazquez-Abrams Sir I cant figure out why it returns an sql_error.
-
craigmj about 12 yearsGood grief- sorry, far too late at night. The function is mysql_real_escape_string(..)
-
Admin about 12 yearsthanks so much. I finally solved the problem using your solution.