This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
I want to change the 401 in the code below to a string based on a value from my website like
$sql2 = 'SELECT post_content2 FROM wp_posts WHERE ID = '$jeff''
but I'm getting
Parse error: syntax error, unexpected '$jeff' (T_VARIABLE) in /public_html/wp-content/themes/real-spaces/single-property.php on line 384
Here's the code that works:
if(! $conn2 )
{
die('Could not connect: ' . mysql_error());
}
$sql2 = 'SELECT post_content2 FROM wp_posts WHERE ID = 401' ;
mysql_select_db('fncletvn_wp389');
$retval2 = mysql_query( $sql2, $conn2 );
if(! $retval2 )
{
die('Could not get data: ' . mysql_error());
}
while($row2 = mysql_fetch_array($retval2, MYSQL_ASSOC))
{
echo "{$row2['post_content2']} <br> " ;
}
I'm very new to programming so plase help :D
By the way, what I'm trying to do is pull out the value of post_content2 from the database based on the ID of the current post which is $jeff
Simply use quotes like this:
$sql2 = "SELECT post_content2 FROM wp_posts WHERE ID = '$jeff'";
This will create sql string as:
SELECT post_content2 FROM wp_posts WHERE ID = '401'
When $jeff=401
But as per your question, if you want like this:
SELECT post_content2 FROM wp_posts WHERE ID = 401
Just use:
$sql2 = "SELECT post_content2 FROM wp_posts WHERE ID = $jeff";
FYI: Single quotes will not replace your PHP variable with value, instead it prints the variable as it is. Double quotes will do the replacement.
Either you can use the answer given by #myway or you can use mysql pre pared statements. I will recommend you to use pre-pared statements since they are secure and re usable.
Note that if you use $sql2 = "SELECT post_content2 FROM wp_posts WHERE ID = $jeff";$sql2 = "SELECT post_content2 FROM wp_posts WHERE ID = $jeff"; as indicated by previous commenter, your $jeff must be quoted.
Just be sure to first apply mysql_escape_string($jeff) beforehand.
Also, I now that you did not ask about this, but I absolutely have to warn you that the mysql_* functions are depreciated and you should never use them except when modifying existing code--in which case you should be actively changing your code to the mysqli_* variants.
You're also missing the concatenation operator in your code: $sql2 = 'SELECT post_content2 FROM wp_posts WHERE ID = '$jeff''
PHP's concatenation operator is ..
Use it like this:
$sql2 = 'SELECT post_content2 FROM wp_posts WHERE ID = '.$jeff;
If $jeff is a string, not an int, you will need to encose it in quotes like this:
$sql2 = 'SELECT post_content2 FROM wp_posts WHERE ID = "'.$jeff.'"';
However if $jeff is supplied by the client in any way, you should use prepared statements to protect against mysql injection.
What PHP was trying to tell you with Parse error: syntax error, unexpected '$jeff' (T_VARIABLE), is that it didn't know why there was a variable next to a string in an assignment operation. Nor what you were trying to do with it. The concatenation operator indicates that you want that variable joined to the string next to it as if it were also a string. Which becomes an important distinction in loosely typed languages like PHP.
Related
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
So I'm building a website and i need to access a table which holds the information about products
I'm using to navigate to the page
<a href="productDetails.php?table=FeaturedProducts&id=1" >
then in products details page I'm using this to run the php query
<?php
require "connection.php";
$table = $_GET["table"];
$id = $_GET["id"];
$sql = "select * from '.$table.' where ID = '.$id.'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$pname= $row['Product_name'];
?>
this doesn't seem to work please tell me how i can do this.
You made mistake in your concatenation of string. Take a look to your code here :
$sql = "select * from '.$table.' where ID = '.$id.'";
You try to concatanate the $table and $id variable. (we agree it's a SQL Injection problem).
But PHP will interpret the string result like this : select * from '.FeaturedProducts.' where ID = '.1.'
So you have the ' are not necessary in your code for the table name, and it's add point to your values. Because MySQL does to give you error message.
So your correct code will be (and make modification for use prepare statement to avoid SQL Injection) :
$sql = "select * from $table where ID = '$id'";
I am trying to select data from specific user in MySQL database to PHP using my session. Code I have is:
$sql = "SELECT * FROM users WHERE Username = "$_SESSION['sess_user']" LIMIT 1";
I'm currently getting this error
Parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE)
Since we're more than likely dealing with a string, you would need to add quotes to it and concatenate it with dots/periods.
I.e. '".$_SESSION['sess_user']."'
Just to be 100% certain, make sure you have started the session using session_start(); at the top of every page using sessions.
just use ' instead of "
$sql = "SELECT * FROM users WHERE Username = '{$_SESSION['sess_user']}' LIMIT 1";
You are missing the . (DOT) symbol for adding variables to strings. Try this:
$sql = "SELECT * FROM users WHERE Username = " . $_SESSION['sess_user'] . " LIMIT 1";
That's it.
i had the same issue
i just had to give my variable a name and use that
$sessUser = $_SESSION['sess_user'];
then use $sessUser in your sql statement
I have a php script that pulls content from a database and prints them in a certain fashion. The database has a column-header called "order" which is an INT size 11. I'm trying to order the contents by the value "order" in the database when I'm getting data from it, like this:
<?php
$db_hostname = '<hostname>';
$db_database = '<db>';
$db_username = '<username>';
$db_password = '<password>';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
mysql_select_db($db_database, $db_server);
$query = "SELECT * FROM <table> ORDER BY order"; // why is "ORDER BY order" problematic...
$table = mysql_query($query);
$data_items = '';
$carousel_items = '';
while($row = mysql_fetch_array($table)) {
// ...etc
There are few rows in the database I'm getting information from, and the query "SELECT * FROM <table>" works exactly the way it should. What am I doing wrong?
If it helps, the error I'm getting back (on the website that this script is for):
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /$PATH/php/myfile.php on line 15
Line 15 is while($row = mysql_fetch_array($table)) {
I'm aware that if I wasn't lazy I could sort this out without the MySQL query and, because php is absurdly flexible, do something like $array[$row['order']] = $row['what I want'];, but I'd like a solution that doesn't have to add those (what should be) unnecessary lines. I've also tried adding the semicolon (just to be sure) to the end of my query, but it doesn't change anything at all.
Thanks for any help!
order is a reserved word, surround it with backticks
$query = "SELECT * FROM <table> ORDER BY `order`";
Since order is a keyword you need to enclose it in backticks if you want to use it as an identifier:
SELECT * FROM <table> ORDER BY `order`
Order is a reserved word in mysql. Use backticks to surround the reserved word like this:
"ORDER BY `order`"
Documentation here:
http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
My PHP SQL Statement is failing due to pound (#) sign. How can I get around this. (Other than fixing the database name?)
$sql = "SELECT CMCD, TK#, TECH, STATS from LIB.TICKET FETCH FIRST 10 ROWS ONLY ";
$rs = odbc_exec($conn,$sql);
Try wrapping your column name in brackets [TK#]
Try quoting the field names
$sql = "SELECT `CMCD`, `TK#`, `TECH`, `STATS` from LIB.TICKET FETCH FIRST 10 ROWS ONLY ";
$rs = odbc_exec($conn,$sql);
I'm trying to learn to use PDO instead of MySQLi for database access and I'm having trouble selecting data from the database. I want to use:
$STH = $DBH->query('SELECT * FROM ratings WHERE title=$title ORDER BY date ASC');
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($row = $STH->fetch()) {
echo $row['title'];
}
but I'm getting this error:
Fatal error: Call to a member function setFetchMode() on a
non-object in
/home/owencont/public_html/owenstest.com/ratemystudents/index.php
on line 6
If I take out the WHERE statement it works fine. How can I select a row based on if it's value matches a variable?
Thanks,
Owen
It's likely a SQL syntax error, because you forgot to quote $title. It ended up as bareword in the query (also not even interpolated as string), resulting in an error. And your PDO connection was not configured to report errors. Use ->quote() on arguments before the ->query():
$title = $DBH->quote($title);
$STH = $DBH->query("SELECT * FROM ratings WHERE title=$title ");
Or better yet, use parameterized SQL:
$STH = $DBH->prepare("SELECT * FROM ratings WHERE title=? ");
$STH->execute(array($title));
Take a look at PDO::prepare and PDOStatement::execute. The safest way to add user content to a query is to prepare a basic statement and bind the parameter to it. Example (note the question mark in the SQL statement):
$STH = $DBH->query('SELECT * FROM ratings WHERE title=? ORDER BY date ASC');
$STH->execute( array( $title ) );
while( $row = $STH->fetch( PDO::FETCH_ASSOC ) );
Make PDO throw errors so you can see what exactly goes wrong. See How to squeeze error message out of PDO?
You are probably missing quotes around $title but this scenario really calls for prepared statements instead.
remove the variable out of the sql statement because its a php variable
$STH = $DBH->query('SELECT * FROM ratings WHERE title=' . $title . 'ORDER BY date ASC');
Use double quotes instead of single quotes as a parameter of the query-method.
The reason you're getting this error is because the query-method fails and so the $STH object isn't created. You should implement some error handling.