1

I have a block of code I want to store in a variable so I could make it into a PDF using dompdf

$html = '<div class="receiptContainer">
        <center>
            <img src="Images/logo.png" width="175px">
            <h4>GOKUJOU JAPANESE RESTAURANT</h4>
            <p>Total Gas Station, Hibbard Ave., Looc,<br>Dumaguete City, 6200 Negros Oriental, Philippines <br>
            09985555175 | 422-1435 <br>
            <?php echo date("Y-m-d h:i:sA"); ?>
            </p>

            <table width="90%" style="text-align: center;">
                <tr>
                    <th>DESCRIPTION</th>
                    <th>QTY</th>
                    <th>PRICE</th>
                    <th>TOTAL</th>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <?php
                    $query = mysqli_query($con, "SELECT * FROM orders WHERE customerID = '".$_SESSION['customer']."' AND status = '"Checked Out"'");
                    while($row = mysqli_fetch_row($query)){
                ?>
                <tr>
                    <td><?php echo $row[3]; ?></td>
                    <td><?php echo $row[5]; ?></td>
                    <td><?php echo $row[4]; ?></td>
                    <td><?php echo $row[6]; ?></td>
                </tr>
                <?php
                    }
                    $total = mysqli_query($con, "SELECT SUM(total) AS grandTotal FROM orders WHERE customerID = '".$_SESSION['customer']."' AND status = '"Checked Out"' GROUP BY customerID");
                    $row = mysqli_fetch_row($total);
                    $sum = $row[0];
                ?>
                <tr>
                    <!-- break space -->
                    <tr></tr><tr></tr><tr></tr><tr></tr>
                    <tr></tr><tr></tr><tr></tr><tr></tr>
                    <tr></tr><tr></tr><tr></tr><tr></tr>

                    <td colspan="1" style="text-align: left">GRAND TOTAL: <?php echo $sum; ?></td>
                    <td colspan="3"></td>
                </tr>
                <tr style="text-align: left">
                    <td colspan="1">CASH: <?php echo $_SESSION['"cash"']; ?></td>
                    <td colspan="3"></td>
                </tr>
                <tr style="text-align: left">
                    <td colspan="1">CHANGE: <?php echo $_SESSION['"cash"'] - $sum; ?></td>
                    <td colspan="3"></td>
                </tr>
            </table>
        </center>
    </div>';
//start PDF generation
$dompdf = new Dompdf();
$dompdf->loadHTML($html);
$dompdf->setPaper(array(0, 0, 1080, 500), 'landscape');
$dompdf->render();
$dompdf->stream("samplepdf");
?>

This how I structured my code, and it returns me an error:

Parse error: syntax error, unexpected '"' in C:\xampp\htdocs\Gokujou\checkout.php on line 107

and this is line 107:

$query = mysqli_query($con, "SELECT * FROM orders WHERE customerID = '".$_SESSION['customer']."' AND status = '"Checked Out"'");

How do I concatenate this MySQL statement properly?

Improve this question
1
  • Can I suggest you to use some IDE? Because there are errors in your code when you're asserting data Commented Mar 21, 2017 at 14:28

2 Answers 2

Reset to default
1

you don't need to have a concatenation operator in php if you are using ", only when using '. You can then transform your assignment like this :

$query = mysqli_query($con, "SELECT * FROM orders WHERE customerID = '$_SESSION['customer']' AND status = 'Checked Out'");

But we can transform what you did into this (to fix with the operator)

$query = mysqli_query($con, "SELECT * FROM orders WHERE customerID = '".$_SESSION['customer']."' AND status = 'Checked Out'");

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I believe the error in line 107 is caused because you open the string with " but also have unescaped quotes around "Checked Out"

To escape the quotes, but a backslash before them. i.e.

$query = mysqli_query($con, "SELECT * FROM orders WHERE customerID = '".$_SESSION['customer']."' AND status = '\"Checked Out\"'");

The large $html section at the top would be better off expressed as a Heredoc. This gives clearer code over multiple lines and removes the need to escape quotes.

$html = <<<HTML
<div class="receiptContainer">
    <center>
    ...
HTML;

Finally, you are using the session variable directly in the MySQL query without any kind of sanitization. This could lead to SQL injection attacks if you're not careful.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.