This question already has answers here:
syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING [duplicate]
(4 answers)
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 5 years ago.
Hello i have a syntax error in my code which is
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\project\addProduct.php on line 43
here is My code
mysqli_query($db_connect, "INSERT INTO `product` (`pname`, `pid`, `disc`, `price`, `size`, `tage`, `remarks`, `catid`, `img1`, `img2`, `img3`)
values('$_POST[pname]','$_POST[pid]','$_POST[pdisc]','$_POST[pprice]','$_POST[page]','$_POST[prem]','$_POST[psize]' ,'$_POST[pcat]',
'$_FILES['img1']['name']','$_FILES['img2']['name']','$_FILES['img3']['name']')");
To solve your current issue, remove the single quotes from your $_FILES array:
mysqli_query($db_connect, "INSERT INTO `product` (`pname`, `pid`, `disc`, `price`, `size`, `tage`, `remarks`, `catid`, `img1`, `img2`, `img3`)
values('$_POST[pname]','$_POST[pid]','$_POST[pdisc]','$_POST[pprice]','$_POST[page]','$_POST[prem]','$_POST[psize]' ,'$_POST[pcat]',
'$_FILES[img1][name]','$_FILES[img2][name]','$_FILES[img3][name]')");
To solve your main problem, read this.
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 2 years ago.
I am using a script form 2002
can anyone help me whit this code
$add_topic = insert into forum_topics values ('', '$_POST['topic_title']',
It gives me a "Parse error: syntax error, unexpected 'into' (T_STRING)" Please help
Thank you
You need to put quotes around your SQL statement. You also might get some errors with using your variable $_POST['topic_title']. Put double quotes around it like below.
$add_topic = "INSERT INTO forum_topics VALUES('', '".$_POST['topic_title']."')";
It's also a good idea to add parenthesis after "forum_topics" so that you can get an idea of what you are actually inserting.
$add_topic = "INSERT INTO forum_topics(some_value, topic_title) VALUES('', '".$_POST['topic_title']."')";
Also use Prepared Statements so your code is not open to SQL injection. Please search Google first before coming here as there are a lot of resources related to errors. It should look like this:
$add_topic = "INSERT INTO forum_topics(some_value, topic_title) VALUES(?, ?)";
if ($stmt = mysqli_prepare($conn, $add_topic) {
mysqli_stmt_bind_param($stmt, "ss", $some_var, $_POST['topic_title'];
$some_var = ' ';
mysqli_stmt_execute($stmt);
// Execution successful.
} else {
// Error.
}
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
$result = "Insert into insert_data (namapelajar1, namapelajar2,
namapelajar3, nopendaftaran1,nopendaftaran2,nopendaftaran3)
values
('$namapelajar1','$namapelajar2','$namapelajar3',
'$nopendaftaran1', '$nopendaftaran2','$nopendaftaran3',
'$kelas', '$tajukprojek');";
It always prompt
Parse error: Parse error: syntax error, unexpected '$result'
(T_VARIABLE) in C:\xampp\htdocs\sistem\insert_data.php on line 20
Any one can keep me some advise?? Many thanks!!
There are two extra column inside values only 6 field are specified but you enter 8 values. Try this
$result = " Insert into insert_data(namapelajar1,namapelajar2,namapelajar3,nopendaftaran1,nopendaftaran2,nopendaftaran3) values ('$namapelajar1','$namapelajar2','$namapelajar3','$nopendaftaran1','$nopendaftaran2','$nopendaftaran3')";
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
So I am having the $sql variable which is supposed to be a string containing an sql insert statement.Here's the piece of code:
$fields = array('Nume_dep' => $params['Nume_dep'],
'Id_manager' => $params['Id_manager']);
$id = $params['Id_manager'];
$sql = "insert into departament(Nume_dep,Id_manager) values('$params['Nume_dep']', CONVERT($id, UNSIGNED))";
This is the error message that I get:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING)
The syntax error is in the insert statement, but I don't know how to fix it.
$id = $params['Id_manager'];
$nume_dep=$params['Nume_dep'];
$sql = "INSERT INTO departament(Nume_dep,Id_manager) values('$nume_dep', CONVERT($id, UNSIGNED))";
In strings PHP will only do rather basic automatic variable expansion. The Issue is with the index operator here: $params['Nume_dep']
Consider to use prepared statements in order to prevent SQL injection. If an attacker can make sure, that your function is called with something like "', 43); drop table department; --" as value for $params['Nume_dep'], you're going to be in big trouble.
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
<?php
$name=$_POST['name'];
$telephone=$_POST['telephone'];
$comment=$_POST['comment'];
$conn= mysql_connect("localhost","root","");
mysql_select_db("comments",$conn);
$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";
if(mysql_query($sql,$conn))
{
echo 'record added';
}
else
{
echo 'error';
}
?>
I don't know what is the error in line 10, line 10 is:
$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";
My database name is comments and table name is inside, and also sometimes when I finished this I got the result as 'error' I think it comes from the line 18. can you please tell me how to solve this, I'am fed of this!
You have syntax errors in your query. You need to have the curley brackets around every $_POST in your query, and your query should be ... VALUE (....)
change -
$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";
to
$sql= "INSERT INTO inside VALUES ( {$_POST['name']}, {$_POST['telephone']},{$_POST['comment']})";
see
http://dev.mysql.com/doc/refman/5.6/en/insert.html
and
http://php.net/manual/en/language.types.string.php#language.types.string.parsing.complex
also, you should not be inserting user data directly into your database. take a look at
How can I prevent SQL injection in PHP?
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
Here is my PHP code :
$query = "INSERT INTO `user` (`email`, `password`) VALUES('".mysqli_real_escape_string($link, $_POST['email'])."', '"md5(md5($_POST['email']).$_POST['password'])"')";
I cann't avoid these lines error report like this:
Parse error: syntax error, unexpected 'md5' (T_STRING) in G:\Private
files\xampp\phpMyAdmin\abc\projects\diary.php on line 32
Help from anyone is expected...
Create a variable, then assign value to that variable, pass that variable to query. This will give better readability and less errors
Code shown below..
$value = md5(md5($_POST['email']).$_POST['password']);
$query = "INSERT INTO user (email, password) VALUES('".mysqli_real_escape_string($link, $_POST['email'])."', '$value')";
It's simple a Syntax error:
you forget the dots on "md5(md5($_POST['email']).$_POST['password'])"
Change this part to
".md5(md5($_POST['email']).$_POST['password'])."