Click here to Skip to main content
14,736,767 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
<pre lang="text">
I am trying to configure "How to Import and Export CSV Files Using PHP and MySQL" by shahroze.nawaz@cloudways, using my database, but I keep getting this error:

Parse error: syntax error, unexpected 'else' (T_ELSE), expecting end of file in C:\xampp\htdocs\sql_download\functions.php on line 82. Below is the code from functions.php.
Any help would be greatly appreciated.

0)
{
$file = fopen($filename, "r");
while (($getData = fgetcsv($file, 10000, ",")) !== FALSE)
{
$sql = "INSERT into pos2020 (ospos_items.name,ospos_items.unit_price,ospos_receivings_items.quantity_purchased,ospos_items_taxes.percent,ospos_sales.sale_type) values ('".$getData[0]."','".$getData[1]."','".$getData[2]."','".$getData[3]."','".$getData[4]."')";
$result = mysqli_query($con, $sql);
// var_dump(mysqli_error_list($con));
// exit();
if(!isset($result))
{
echo "
alert(\"Invalid File:Please Upload CSV File.\");
window.location = \"index.php\"
";
}
else {
echo "
alert(\"CSV File has been successfully Imported.\");
window.location = \"index.php\"
";
}
}

fclose($file);
}
}

if(isset($_POST["Export"])){

header('Content-Type: text/csv; charset=utf-8');
header('Content-Disposition: attachment; filename=data.csv');
$output = fopen("php://output", "w");
fputcsv($output, array('Product', 'Price', 'Qty', 'Tax', 'Paid By'));
$query = "SELECT * from pos2020 ORDER BY ospos_items.name";
$result = mysqli_query($con, $query);
while($row = mysqli_fetch_assoc($result)) {
fputcsv($output, $row);
}
fclose($output);
}

function get_all_records(){
$con = getdb();

$Sql = "SELECT * FROM pos2020";
$result = mysqli_query($con, $Sql);

if (mysqli_num_rows($result) > 0) {
echo "

";
}

while($row = mysqli_fetch_assoc($result)) {


echo "";

}
// echo "";
echo "
Product Price Qty Tax Paid By
" . $row['ospos_items.name']." " . $row['ospos_items.unit_price']." " . $row['ospos_receivings_items.quantity_purchased']." " . $row['ospos_items_taxes.percent']." " . $row['ospos_sales.sale_type']."
Export
";

} else {
echo "you have no recent pending orders";
}
}



?>

What I have tried:

With my limited knowledge I have followed the code and compared it to the original. I have tried to contact shahroze.nawaz@cloudways the original author but no luck. Any help is very welcome.
Thank you
Posted
Updated 12-Jan-20 8:38am
Comments
[no name] 12-Jan-20 11:04am
   
Your code seems not to have 82 lines. Anyway it would be better you mark the problematic line with a comment.

Whilst not concatenation SQL statements is sound advice, it does not address your question.

Take your code and indent it 'blindly' using whichever standard indentation method you have been taught e.g. K&R or Allman. Don't do what you think it ought to look like; and just indent / outdent using the actual text, specifically the '{' and '}'s. Then it will become apparent where and why you get the message.
   
Most likely, the solution is: don't do it like that. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Fix that throughout your app and there us a good chance your problem will go away at the same time.
   
As already pointed out, never concatenate values directly to an SQL statement, instead use parameters.

Another observations:
- As far as I can see you have too many closing brackets after fclose. However, it's not possible to say this for sure since the code you posted is most likely not all of the code.

- About the insert and statements, it looks like you have extra notations in the statements. For example
INSERT into pos2020 (ospos_items.name,ospos_items.unit_price, ...

When listing the columns, you should have only the target column names, perhaps something like
INSERT into pos2020 (name, unit_price, ...

The same applies to the ORDER BY clause use use later on
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900