Badge reason error

Question

I'm trying to show badges on our system, badges are rewards/achievement to users. They show on their profile, the thing that works is the image/badge shows, but the badge reason doesn't.

I tried to do it like this

<?
    $badgesql = mysql_query("select * from usr_badge where user = '$user'");
    $user2 = mysql_query("select * from usr_users where username = '$user'");
    $usr2 = mysql_fetch_array($user2);
    $vipsql = mysql_query("select * from usr_vip where userid = '$usr2[id]'");
    $vipcheck = mysql_num_rows($vipsql);
    $badgecheck = mysql_num_rows($badgesql);
    $checkit = $badgecheck + $vipcheck;
    if($checkit==0)
    echo("This user does not have any badges");
    else
    if($badgecheck!=0)
    {
    while($badge = mysql_fetch_array($badgesql))
    {
    echo('<a onclick="TINY.box.show({html:'Reason: '.$badge[reason].',animate:false,close:false,mask:false,boxid:'success',autohide:2,top:-14,left:-17})"><img src="'.$badge[badge].'" </a>');
    }
    }
    //Display VIP Badges
    if($vipcheck!=0)
    {
    $vipbadge = mysql_fetch_array($vipsql);
    $vip1 = mysql_query("select * from usr_vipdb where id = '$vipbadge[vipid]'");
    $vip2 = mysql_fetch_array($vip1);
        echo('<img src="'.$vip2[url].'" alt="This user is a VIP!" />');
    }
    ?>

but that code above doesn't work. It gives me an error when I try to view the page "Parse error: syntax error, unexpected T_STRING in /home/**/public_html/memb.php on line 167"

Can someone please tell me what I'm doing wrong or point me in the right direction?

Thanks in advance

Answer 1

That long line starting with echo is probably at fault -- the syntax highlighting here is broken with it, showing that you've probably mis-matched the quotes or something similar. (Break it apart. Make each small segment on its own line. You won't miss the mistake then.)

Here's your current code broken as I believe the interpreter will parse it:

echo('<a onclick="TINY.box.show({html:'
Reason: '.$badge[reason].'
,animate:false,close:false,mask:false,boxid:
'success'
,autohide:2,top:-14,left:-17})
"><img src="
'.$badge[badge].'
" </a>');

Note the line starting with the bare word Reason:. Since that's not the error you got, perhaps I guessed incorrectly, but there's no doubt that your current code is too messy.

I hope you are sanitizing your inputs ($user, $usr2[id]) and stored data ($badge[reason]) in code that is not shown here to protect against cross-site scripting vulnerabilities and SQL injection vulnerabilities.

Answer 2

Try this (fixed open/close quotes... i think)

<?
    $badgesql = mysql_query("select * from usr_badge where user = '$user'");
    $user2 = mysql_query("select * from usr_users where username = '$user'");
    $usr2 = mysql_fetch_array($user2);
    $vipsql = mysql_query("select * from usr_vip where userid = '$usr2[id]'");
    $vipcheck = mysql_num_rows($vipsql);
    $badgecheck = mysql_num_rows($badgesql);
    $checkit = $badgecheck + $vipcheck;
    if($checkit==0) {
        echo("This user does not have any badges");

    } else {
        if($badgecheck!=0)
        {
            while($badge = mysql_fetch_array($badgesql))
            {
                echo('<a onclick="TINY.box.show({html: "Reason: '.$badge[reason].'",animate:false,close:false,mask:false,boxid:"success",autohide:2,top:-14,left:-17})"><img src="'.$badge[badge].'" /></a>');
            }
        }
        //Display VIP Badges
        if($vipcheck!=0)
        {
            $vipbadge = mysql_fetch_array($vipsql);
            $vip1 = mysql_query("select * from usr_vipdb where id = '$vipbadge[vipid]'");
            $vip2 = mysql_fetch_array($vip1);
            echo('<img src="'.$vip2[url].'" alt="This user is a VIP!" />');
        }
    }
?>