This question already has answers here:
How can I combine two strings together in PHP?
(19 answers)
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
In my php I make this query
$sql = "SELECT * FROM session WHERE sessionid = '$_SESSION["id"]';";
which results in an error
Parse error: syntax error, unexpected '"', expecting '-' or identifier
(T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in
/opt/lampp/htdocs/Chore-Champs/index.php on line 6
Obviously there is something wrong with how I'm nesting the quotes, so I've tried different ways, including
$sql = "SELECT * FROM session WHERE sessionid = " . $_SESSION['id'] . ";";
this still results in the same error.
Normally the first method would work with normal variables such as $username, but I guess that session variables are handled differently. What's the correct way to write this query?
Try
$sql = "SELECT * FROM session WHERE sessionid = '" . $_SESSION['id'] . "';";
A basic string concatenation in php
try this:
$sql = "SELECT * FROM session WHERE sessionid = '". $show. "'";
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
mysqli_query($con, "SELECT * FROM files WHERE main_subject = " + echo $_GET['msubject']);
The above gives me a parse error. Could you give me suggestions on how I could change it to make it work?
You have to use . instead of + for the concatenation.
Replace your script for this:
mysqli_query($con, "SELECT * FROM files WHERE main_subject = '" . $_GET['msubject'] . "'");
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
Hello, I'm very new to PHP and im getting this error...:
Parse error: syntax error, unexpected ''arak''
(T_CONSTANT_ENCAPSED_STRING) in /testSQL.php on line 6
...for this line:
$query = UPDATE 'arak' SET `ara` = '$ar1' Limit 0,1;
A little help would be appriciated :)
You have to quote the string by ", protect the table name by ` and protect value with '
$query = "UPDATE `arak` SET `ara` = '$ar1' Limit 0,1";
Be careful, $ar1 must be protected. For example, if $ar1 = '33\'33', you could have problem.
$ar1 = addslashes($ar1);
$query = "UPDATE `arak` SET `ara` = '$ar1' Limit 0,1";
Addslashes is a first step to prevent SQL Injection, but it is not enough as you can read it
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
I put this code in my php file and it gives me the error syntax error, unexpected 'order' (T_STRING)
What am I doing wrong?
$sqldelreq="DELETE FROM `requests` WHERE tablecode = 1 and type = "order"";
$result2=mysql_query($sqldelreq);
if($result2)
{
header("Location: http://localhost/mjjapp/index.php");
}
I think the query should be:
"DELETE FROM `requests` WHERE tablecode = 1 and type = 'order'";
Please note the single quotes around order.
You should do proper escape
$sqldelreq = "DELETE FROM `requests` WHERE `tablecode` = 1 and `type` = 'order'";
Also your if is invalid. It only means that query was successful if you wan't to check if any rows were deleted you need to check how many rows were affected with mysql_affected_rows() function.
Moreover, consider using mysqli or pdo. Mysql_* functions are deprecated.
https://dev.mysql.com/doc/refman/5.6/en/keywords.html
https://dev.mysql.com/doc/refman/5.0/en/string-literals.html
Correct syntax usually goes a long way; try:
$sqldelreq = "DELETE FROM `requests` WHERE `tablecode` = 1 AND `type` = 'order';";
i found this running well thanks guys for ideas
$sqldelreq="DELETE FROM requests WHERE tablecode = 1 and type = 'order';";
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
I am trying to assign the contents of a 2D array to a string in PHP.
$sql="SELECT Order_Code FROM Order WHERE CUST_CODE = '$output['username']';";
I know the problem exists in how I'm writing the $output variable assignment.
The following line of code outputs the correct data from the variable:
echo $output['username'];
The following error is being thrown:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)
Parameters surrouned by curly brackets will work well in your case. Here is what i mean. {$array['key']}
And for your example:
$sql="SELECT Order_Code FROM Order WHERE CUST_CODE = '{$output['username']}';";
You need to concatenate this string as the multiple single quotes from accessing the array element are mixing up the string.
$sql="SELECT Order_Code FROM Order WHERE CUST_CODE = '" . $output['username'] ."';";
Try this:
$sql="SELECT Order_Code FROM Order WHERE CUST_CODE = '".$output['username']."'";
You can also try this:
$user_name = $output['username'];
$sql = "SELECT Order_Code FROM Order WHERE CUST_CODE = $user_name";
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
Below is my code -
$insert_details = array("username"=>"pavan", "firstname"=>"pavan", "lastname"=>"r", "profile_about"=>"My name is Pavan R.");
$connection->insert($insert_details);
public function insert(array $insert_details) {
$insert_query = "INSERT INTO user (username,firstname,lastname,profile_about) VALUES ($insert_details['username'],$insert_details['firstname'],$insert_details['lastname'],insert_details['profile_about'])";
$run_insert_query = mysqli_query($this->mysql_con, $insert_query);
if ($run_insert_query) {
$select_query = "SELECT * FROM user ORDER BY id DESC LIMIT 1";
$run_select_query = mysqli_query($this->mysql_con, $select_query);
while ($selected_row = mysqli_fetch_array($run_select_query)) {
$id = $selected_row['id'];
$username = $selected_row['username'];
$firstname = $selected_row['firstname'];
$lastname = $selected_row['lastname'];
$profile_about = $selected_row['profile_about'];
}
$es_insert = array();
$es_insert['body'] = array('id' => $id, 'username' => $username, 'firstname' => $firstname, 'lastname' => $lastname, 'profile_about' => $profile_about);
$es_insert['index'] = 'test';
$es_insert['type'] = 'jdbc';
$es_insert['id'] = $id;
$check_insert = $this->es_con->index($es_insert);
if($check_insert) {
echo nl2br("Successfully inserted to both database and elasticsearch\n");
}
}
else {
echo nl2br("Failed to insert into database hence closing the connection\n");
}
}
When I run the code I get the following error -
PHP Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /var/www/html/es/combined.php on line 38
This is because of the SQL query ($insert_query). Can someone please help me debug this?
Also is there a way to extract the index names from array and pass it to database fields.In the above code, I've declared an associative array with index names same as my database column names. Is it possible to get those array index names and optimize the SQL query to just -
$insert_query = "INSERT INTO user VALUES ($insert_details['username'],$insert_details['firstname'],$insert_details['lastname'],insert_details['profile_about'])";
It should automatically extract the suitable column names from the array index name.
You cannot quote array keys in "-quoted strings:
php > echo "$arr['foo']";
PHP Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in php shell code on line 1
Either go with
$sql = "... $insert_details[username] ..."
^-------^---no quotes
or
$sql = "... {$insert_details['username']} ..."
^---------------------------^---brace syntax
And note that you are vulnerable to sql injection attacks.