Install script freakout

[gunnarflax]

Hey! I'm trying to create a script which will "install" a website on a server by creating all the tables and the database for it to work. So that there is no manual setup needed except putting the folder on the server and then filling in the neccessary server information in the beginning of the script.

Buuuut, I get a php syntax error. It says unexpected '=' on line 30 ($httpdir-uploaded_files). And if I comment that bit of code so the script ignores it then it just goes to the next "=" and says there is an error there too! I can't find any syntax error in my code, though am I fairly new to php and SQL, this is my first website I've created with it.

Here below is the code. Please post any ideas you might have!

PHP Code:

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "sofia";
$dbname = "krs-test";

/*------------------------------------------------- Inget här under bör redigeras om man inte vet vad man gör ---------------------------------------------------*/

$instructions = "Klicka på knappen nedan för att installera sajten \"KRS\" på servern";

if(isset($_POST["install"])){
    //Här kopplar installationen upp sig till servern.
    $opendb = mysql_connect($dbhost, $dbuser, $dbpass)
    or die("Kunde inte ansluta till MySQL:<br />" . mysql_error());
    
    
    
    
    //Här skapas databasen
    mysql_query("CREATE DATABASE krs-test");
    
    //Anslutning till databasen
    mysql_select_db($dbname, $opendb)
    or die("Kunde inte ansluta till databasen:<br />".mysql_error());
    
    $httproot = 'http://'.$_SERVER['HTTP_HOST'];
    $httpdir-uploaded_files = $httproot.'admin/edit/uploaded_files/';
    
    // här nedan skapas alla tabeller som ingår i databasen
    /* ------------------------ Tabellen users -----------------------------*/
    sql="CREATE TABLE users
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    username TEXT,
    password TEXT,
    name TEXT,
    profilepic TEXT
    )";
    
    if(!mysql_query($sql,$opendb)){
        echo "Error när tabellen users skulle skapas:<br />".mysql_error());
    }
    
    sql="INSERT INTO users (id, username, password, name, profilepic) VALUE (0,'bm','8c1003746c487420d51c5cce9929da084957a41b','Britt-Marie Wermtun','".$httpdir-uploaded_files."bm.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när användaren bm skulle registreras:<br />".mysql_error());}
    
    sql="INSERT INTO users (id, username, password, name, profilepic) VALUE (1,'nina','e8ddbec123ed55ee4bc790ef1ee5e3fc73c9411e','Nina Rosenqvist','".$httpdir-uploaded_files."nina.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när användaren nina skulle registreras:<br />".mysql_error());}
    
    /* ------------------------ Tabellen pictures -----------------------------*/
    sql="CREATE TABLE users
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    filename TEXT,
    url TEXT
    )";
    
    if(!mysql_query($sql,$opendb)){
        echo "Error när tabellen pictures skulle skapas".mysql_error());
    }
    
    sql="INSERT INTO pictures (id, filename, url) VALUE (0,'bm.jpg','".$httpdir-uploaded_files."bm.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när visningsbilden för användaren bm skulle registreras:<br />".mysql_error());}
    
    sql="INSERT INTO pictures (id, filename, url) VALUE (1,'nina.jpg','".$httpdir-uploaded_files."nina.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när visningsbilden för användaren nina skulle registreras:<br />".mysql_error());}
    
    /* ------------------------ Tabellen pages -----------------------------*/
    sql="CREATE TABLE pages
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    name TEXT,
    title TEXT,
    content TEXT,
    default TEXT
    )";
    
    //Indexsidan
    $content-home = "'<h1>Kungsängens Redovisningsservice</h1>".
            "<h2>Välkommen till oss!</h2>".
            "<p>Vi är den lilla bokföringsbyrån med familjekänsla. På byrån arbetar två erfarna redovisningskonsulter.</p>".
            "<h2>Tjänster vi erbjuder</h2>".
            "<ul>".
            "    <li>Redovisning</li>".
            "    <li>Bokslut</li>".
            "    <li>Årsredovisning</li>".
            "    <li>Deklaration</li>".
            "</ul>".
            "<p><br /> <br /></p>".
            "<p>För mer information <a href=".'"'."pages/contact.php".'"'.">kontakta</a> Britt-Marie Wermtun eller Nina Rosenqvist.</p>".
            "<p><img class=".'"'."krs-profile_pic".'"'." src=".'"'."http://127.0.0.1/krs_website/admin/edit/uploaded_files/bm.jpg".'"'." alt=".'"'."Britt-Marie Wermtun".'"'." width=".'"'."135".'"'." height=".'"'."101".'"'." /><img class=".'"'."krs-profile_pic".'"'." src=".'"'."http://127.0.0.1/krs_website/admin/edit/uploaded_files/nina.jpg".'"'." alt=".'"'."Nina Rosenqvist".'"'." width=".'"'."135".'"'." height=".'"'."101".'"'." /></p>".
            "".
            "<h1>Information</h1>".
            "<div id=".'"'."krs-info".'"'.">".
            "<p>Nu har KRS skaffat sig en egen hemsida! Här kan ni hitta kontaktinformation och händelser vi vill notifiera våra kunder om! Välkomna!</p>".
            "</div>'";
            
    sql="INSERT INTO pages (id, name, title, content, default)
    VALUE (
           0,
           'Home',
           'KRS - Kungsängens Redovisningsservice',
           '$content-home',
           '$content-home'
           )";
    
    if(!mysql_query($sql,$opendb)){echo "Error när Hem-sidan skulle registreras:<br />".mysql_error());}
    
    //Kontaktsidan
    $content-contact = "'<h1>Kontaktinformation</h1>".
                "<ul class=".'"'."krs-ul_plain".'"'.">".
                "    <li>Ringv. 14, Box 2031</li>".
                "    <li>196 02 KUNGSÄNGEN</li>".
                "    <li>Tel: 08-581 650 64</li>".
                "    <li>Fax: 08-581 650 31</li>".
                "    <li><a href=".'"'."mailto:bm.krs@bostream.nu".'"'.">bm.krs@bostream.nu</a></li>".
                "</ul>".
                "<p>Om du vill besöka oss kan du se var vi är på kartan <a href=".'"'."http://kartor.eniro.se/query?what=map&mop=yp&advert_code=67374370_GS&search_word=Kungs%E4ngens%20Redovisningsservice".'"'." target=".'"'."_blank".'"'.">här</a>.</p>'";
                
    sql="INSERT INTO pages (id, name, title, content, default)
    VALUE (
           1,
           'Contact',
           'KRS - Kungsängens Redovisningsservice || Kontakt',
           '$content-contact',
           '$content-contact'
           )";
    
    if(!mysql_query($sql,$opendb)){echo "Error när Kontakt-sidan skulle registreras:<br />".mysql_error());}
    
    /* ------------------------ Tabellen footer -----------------------------*/
    sql="CREATE TABLE footer
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    footer TEXT,
    solidlink TEXT
    )";
    
    sql="INSERT INTO footer (id, footer, solidlink) VALUE (0,'Kungsängens Redovisningsservice &copy; 2009 KRS.se','<a href=\"#\">Solid Design</a>')";
    if(!mysql_query($sql,$opendb)){echo "Error när sidfoten skulle registreras:<br />".mysql_error());}
    
    mysql_close($opendb);
    
    $instructions = "Grattis! Om inga felmeddelanden har visats har sidan installerats utan fel! Om det har visats felmeddelanden kontakta Solid Design för hjälp.";
}


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Installation av Kungsängens Redovisningsservice hemsida 1.0</title>
</head>

<body bgcolor="#ccc">
<div style="width:500px;height:350px;background: url('images/krs-install_bg.jpg') #fff no-repeat center top;margin: 100px auto auto auto;">
    <form action="" method="post" id="install" style="padding-left:30px;padding-right:30px;">
        <p style="padding-top:230px; text-align:center;"><?php echo $instructions; ?><p>
        <div style="width:100px;margin-left:auto; margin-right:auto;"><input type="submit" name="install" value="Installera" style="width:100px;"/></div>
    </form>
</div>
</body>
</html>

[OctoberWind]

hyphens are not allowed in variable names. Switch it to an underscore.

PHP.net:Variables

Quote:

Originally Posted by php.net

Variable names follow the same rules as other labels in PHP. A valid variable name starts with a letter or underscore, followed by any number of letters, numbers, or underscores. As a regular expression, it would be expressed thus: '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'

Also, you might need to add a slash between $httproot and admin

Code:

$httpdir_uploaded_files = $httproot.'/admin/edit/uploaded_files/';

[gunnarflax]

Thanks! that worked great! Now I have another problem though. There is something wrong with my code again. This is the error message i get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '�ngens Redovisningsservice

and
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'default) VALUE ( 'Contact', 'KRS - Kungsängens Redovisningsservic'

What could be the problem?

[OctoberWind]

again, I'm seeing some hyphenated variable further down the page.

Code:

$content-home
$content-contact

Also, this line might be the cause of the first error:

PHP Code:

    VALUE (
           1,
           'Contact',
           'KRS - Kungsängens Redovisningsservice || Kontakt',


The raw a-umlaut is probably throwing wrenches.

If you copy/paste the 'KRS - Kungsanges...' you also might have grabbed an unencoded n-dash, which might be throwing another wrench. Try replacing that with a manual soft-hyphen (the minus "-" key) and see if that clear it up.

[gunnarflax]

I've actually changed all the variables and a couple of other errors I received. I just haven't uploaded the new code. I will try what you suggested and then edit and upload the new code. Thanks!

[gunnarflax]

Okay, here I got my current code:

PHP Code:

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);

//meddelande som användaren ser inför installationen
$instructions = "Klicka på knappen nedan för att installera sajten \"KRS\" på servern";

//kollar om knappen install har blivit klickad på av användaren
if(isset($_POST["install"])){
    include "admin/conn/config.php";
    
    //Här kopplas installationen upp till servern
    $opendb = mysql_connect($dbhost, $dbuser, $dbpass)
    or die("Kunde inte ansluta till MySQL:<br />" . mysql_error());

    //Här skapas databasen
    if (!mysql_query("CREATE DATABASE test",$opendb))
      {
      echo "Error när databasen skulle skapas: ".mysql_error();
      }
    
    //Anslutning till databasen
    mysql_select_db($dbname, $opendb)
    or die("Kunde inte ansluta till databasen:<br />".mysql_error());
    
    $httproot = 'http://'.$_SERVER['HTTP_HOST'];
    $httpdir_uploaded_files = $httproot.'/admin/edit/uploaded_files/';
    
    // här nedan skapas alla tabeller som ingår i databasen
    /* ------------------------ Tabellen users -----------------------------*/
    $sql="CREATE TABLE users
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    username TEXT,
    password TEXT,
    name TEXT,
    profilepic TEXT
    )";
    
    if(!mysql_query($sql,$opendb)){
        echo "Error när tabellen users skulle skapas:<br />".mysql_error();
    }
    
    $sql="INSERT INTO users (username, password, name, profilepic) VALUE ('bm','8c1003746c487420d51c5cce9929da084957a41b','Britt-Marie Wermtun','".$httpdir_uploaded_files."bm.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när användaren bm skulle registreras:<br />".mysql_error();}
    
    $sql="INSERT INTO users (username, password, name, profilepic) VALUE ('nina','e8ddbec123ed55ee4bc790ef1ee5e3fc73c9411e','Nina Rosenqvist','".$httpdir_uploaded_files."nina.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när användaren nina skulle registreras:<br />".mysql_error();}
    
    /* ------------------------ Tabellen pictures -----------------------------*/
    $sql="CREATE TABLE pictures
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    filename TEXT,
    url TEXT
    )";
    
    if(!mysql_query($sql,$opendb)){
        echo "Error när tabellen pictures skulle skapas".mysql_error();
    }
    
    $sql="INSERT INTO pictures (filename, url) VALUE ('bm.jpg','".$httpdir_uploaded_files."bm.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när visningsbilden för användaren bm skulle registreras:<br />".mysql_error();}
    
    $sql="INSERT INTO pictures (filename, url) VALUE ('nina.jpg','".$httpdir_uploaded_files."nina.jpg')";
    if(!mysql_query($sql,$opendb)){echo "Error när visningsbilden för användaren nina skulle registreras:<br />".mysql_error();}
    
    /* ------------------------ Tabellen pages -----------------------------*/
    $sql="CREATE TABLE pages
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    name TEXT,
    title TEXT,
    content TEXT,
    default TEXT
    )";
    
    //Indexsidan
    $content_home = "'<h1>Kungsängens Redovisningsservice</h1>".
    "<h2>Välkommen till oss!</h2>".
    "<p>Vi är den lilla bokföringsbyrån med familjekänsla. På byrån arbetar två erfarna redovisningskonsulter.</p>".
    "<h2>Tjänster vi erbjuder</h2>".
    "<ul>".
    "    <li>Redovisning</li>".
    "    <li>Bokslut</li>".
    "    <li>Årsredovisning</li>".
    "    <li>Deklaration</li>".
    "</ul>".
    "<p><br /> <br /></p>".
    "<p>För mer information <a href=\"pages/contact.php\">kontakta</a> Britt-Marie Wermtun eller Nina Rosenqvist.</p>".
    "<p><img class=\"krs-profile_pic\" src=\"http://127.0.0.1/krs_website/admin/edit/uploaded_files/bm.jpg\" alt=\"Britt-Marie Wermtun\" width=\"135\" height=\"101\" /><img class=\"krs-profile_pic\" src=\"http://127.0.0.1/krs_website/admin/edit/uploaded_files/nina.jpg\" alt=\"Nina Rosenqvist\" width=\"135\" height=\"101\" /></p>".
    "<h1>Information</h1>".
    "<div id=\"krs-info\">".
    "<p>Nu har KRS skaffat sig en egen hemsida! Här kan ni hitta kontaktinformation och händelser vi vill notifiera våra kunder om! Välkomna!</p>".
    "</div>'";
            
    $sql="INSERT INTO pages (name, title, content)
    VALUE (
           'Home',
           'KRS - Kungsängens Redovisningsservice',
           '$content_home'
           )";
    
    if(!mysql_query($sql,$opendb)){echo "Error när Hem-sidan skulle registreras:<br />".mysql_error();}
    
    //Kontaktsidan
    $content_contact = "'<h1>Kontaktinformation</h1>".
                "<ul class=\"krs-ul_plain\">".
                "    <li>Ringv. 14, Box 2031</li>".
                "    <li>196 02 KUNGSÄNGEN</li>".
                "    <li>Tel: 08-581 650 64</li>".
                "    <li>Fax: 08-581 650 31</li>".
                "    <li><a href=\"mailto:bm.krs@bostream.nu\">bm.krs@bostream.nu</a></li>".
                "</ul>".
                "<p>Om du vill besöka oss kan du se var vi är på kartan <a href=\"http://kartor.eniro.se/query?what=map&mop=yp&advert_code=67374370_GS&search_word=Kungs%E4ngens%20Redovisningsservice\" target=\"_blank\">här</a>.</p>'";
                
    $sql="INSERT INTO pages (name, title, content, default)
    VALUE (
           'Contact',
           'KRS - Kungsängens Redovisningsservice || Kontakt',
           '$content_contact',
           '$content_contact'
           )";
    
    if(!mysql_query($sql,$opendb)){echo "Error när Kontakt-sidan skulle registreras:<br />".mysql_error();}
    
    /* ------------------------ Tabellen footer -----------------------------*/
    $sql="CREATE TABLE footer
    (
    id int NOT NULL AUTO_INCREMENT,
    PRIMARY KEY(id),
    footer TEXT,
    solidlink TEXT
    )";
    
    $sql="INSERT INTO footer (footer, solidlink) VALUE ('Kungsängens Redovisningsservice &copy; 2009 KRS.se','<a href=\"#\">Solid Design</a>')";
    if(!mysql_query($sql,$opendb)){echo "Error när sidfoten skulle registreras:<br />".mysql_error();}
    
    mysql_close($opendb);
    
    $instructions = "Grattis! Om inga felmeddelanden har visats har sidan installerats utan fel! Om det har visats felmeddelanden kontakta Solid Design för hjälp.";
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Installation av Kungsängens Redovisningsservice hemsida 1.0</title>

<style type="text/css">
body {
    background: #ccc;
}

#container {
    width:500px;
    height:auto;
    background: url('images/krs-install_bg.jpg') #fff no-repeat center top;
    margin: 100px auto auto auto;
    font-family:Arial, Helvetica, sans-serif;
    overflow:hidden;
}
#text-wrapper {
    width:440px;
    height:auto;
    margin-top:180px;
    margin-left:30px;
    margin-right:30px;
    padding-bottom:30px;
    overflow:hidden;
}

p {
    text-align:center;
    font-size:12px;
}

h1 {
    font-size: 24px;
    color: #7dac17;
    margin: 0 0 20px 0;
}

#button-center {
    width:100px;
    margin-left:auto;
    margin-right:auto;
}

#submit {
    width:100px;
}
</style>

</head>

<body>
<div id="container">
    <div id="text-wrapper">
    <form action="" method="post" id="install">
        <p><h1>Installation</h1><?php echo $instructions; ?></p>
        <div id="button-center"><input id="submit" type="submit" name="install" value="Installera"/></div>
    </form>
</div>
</body>
</html>

Can you find what is wrong with it? I still get the same error as I posted before

[criterion9]

Is "default" a reserved word in mySQL? Try using `default` (notice they are backticks and not single quotes) and see if that works.

[gunnarflax]

still doesn't work, this is exactly the error I receive now:


Error när Hem-sidan skulle registreras:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '�ngens Redovisningsservice
Välkommen till oss!

Vi är den lilla ' at line 5Error när Kontakt-sidan skulle registreras:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/h1>

* Ringv. 14, Box 2031
* 196 02 KUNGSÄNGE' at line 5Error när sidfoten skulle registreras:
Table 'test.footer' doesn't exist

[gunnarflax]

I've switched the word "default" for "base" now and I had both " and ' in the beginning of the $content_home and contact variable which I've now fixed for just the ".

Now I get this error message:
Error när Hem-sidan skulle registreras:
Table 'test.pages' doesn't existError när Kontakt-sidan skulle registreras:
Table 'test.pages' doesn't existError när sidfoten skulle registreras:
Table 'test.footer' doesn't exist

And I don't understand why it won't work!

[criterion9]

A good rule of thumb when working with databases is to use mysql_real_escape_string for all string input. This will help with SQL injection in scripts that handle user input and also help to prevent SQL errors due to unrecognized characters being submitted to the database. I don't speak the language that those errors are written in, could you translate to English and perhaps I can help?

[OctoberWind]

why are you double-quoting this string:

PHP Code:

$content_home = "'<h1>Kungsängens Redovisningsservice</h1>".


There is no need to do that. You're just printing out that single quote around your HTML string, which I'm guessing you don't need.

Also, it's only asking for more problems to be concatenating that string line by line. You mess up on one " . " and you're whole sting is fubar'd. All that's doing for you is writing the HTML out into one enormously long line which is probably the opposite of what you're trying to do (to make a more human-readable source code?). You can hard-return inside of the double-quote string, and it'll still work fine.

PHP Code:

$content_contact = "<h1>Kontaktinformation</h1>
<ul class=\"krs-ul_plain\">
    <li>Ringv. 14, Box 2031</li>
    <li>196 02 KUNGSÄNGEN</li>
    <li>Tel: 08-581 650 64</li>
    <li>Fax: 08-581 650 31</li>
    <li><a href=\"mailto:bm.krs@bostream.nu\">bm.krs@bostream.nu</a></li>
</ul>
<p>Om du vill besöka oss kan du se var vi är på kartan <a href=\"http://kartor.eniro.se/query?what=map&mop=yp&advert_code=67374370_GS&search_word=Kungs%E4ngens%20Redovisningsservice\" target=\"_blank\">här</a>.</p>";


[gunnarflax]

I noticed the double quotation too and removed it. I change the content of the variables too so that it makes better source code, I though that was what I was doing Still have a lot to learn though

Criterion I haven't learned about mysql_real_escape_string yet, I will have to read about it on w3schools tomorrow. The errors I receive is in english already except what I myself echo when the error occurs, which just says that an error occurred. But it also prints the mysql error. You can compare the lines which get echoed with the error reports I have in the script and you will se where the error is. I hope it is as easy to understand as I want to beleive it is ^^

[gunnarflax]

Thank you all for your help! I've now gotten it to work! the last problem I had was because I didn't run the query with $sql when I wanted to create the pages table, only when I wanted to insert the content. Therefore I had no table to insert the information into.

Is it really necessary to use mysql_real_escape_string() when don't have a user input that has any effect with that variable? like I do with $content_home. When I tried using it it wrote \r\n into the database instead of actually break a line.