I have a query on my PHP code:
$result = mysqli_query($con,"UPDATE operasyonkayitlari SET tarihgun=FROM_UNIXTIME(UNIX_TIMESTAMP(NOW())-28800, "%Y.%m.%d"), tezgah='".$_REQUEST['tezgah']."', operatoradi='".$_REQUEST['operator']."', ayarepoch=UNIX_TIMESTAMP(NOW()), durum='AYARDA' where isemri='".$_REQUEST['isemri']."' and operasyonno='".$_REQUEST['operasyonno']."'");
Look at this closely:
FROM_UNIXTIME(UNIX_TIMESTAMP(NOW())-28800, "%Y.%m.%d")
The characters with % symbol gives me this syntax error:
Parse error: syntax error, unexpected '%' in C:\wamp\www\ayarabasla.php on line 4
How did I write the query with % symbols?
The syntax highlighter show your error. It's a quote issue. Escape your inner double quotes:
$result = mysqli_query($con,"UPDATE operasyonkayitlari SET tarihgun=FROM_UNIXTIME(UNIX_TIMESTAMP(NOW())-28800, \"%Y.%m.%d\"), tezgah='".$_REQUEST['tezgah']."', operatoradi='".$_REQUEST['operator']."', ayarepoch=UNIX_TIMESTAMP(NOW()), durum='AYARDA' where isemri='".$_REQUEST['isemri']."' and operasyonno='".$_REQUEST['operasyonno']."'");
You can use single quotes, too:
$result = mysqli_query($con,"UPDATE operasyonkayitlari SET tarihgun=FROM_UNIXTIME(UNIX_TIMESTAMP(NOW())-28800, '%Y.%m.%d'), tezgah='".$_REQUEST['tezgah']."', operatoradi='".$_REQUEST['operator']."', ayarepoch=UNIX_TIMESTAMP(NOW()), durum='AYARDA' where isemri='".$_REQUEST['isemri']."' and operasyonno='".$_REQUEST['operasyonno']."'");
Related
I am trying to create a page that will delete a row from a database but I keep getting syntax error and when I fix one I get a new error. For example, in the first code I tried re-typing the single quotation and it fixed the first error which was:
PHP Parse error: syntax error, unexpected ''];' (T_CONSTANT_ENCAPSED_STRING), expecting ']' in /banking_delete.php on line 11
The Code:
<?php
include_once 'banking_db.php';
include 'banking_display.php';
# form data
$customer_name=$_POST['customer_name'];
$sql = "delete from customer where customer_name = :customer_name;";
$stmt = $conn->prepare($sql);
# data stored in an associative array
$data = array ('customer_name' => $customer_name);
if($stmt->execute($data)){
$rows_affected = $stmt->rowCount();
echo "<h2>".$rows_affected." row deleted sucessfully!</h2>";
display("select customer_name as customer_name, customer_city as customer_city, customer_street as customer_street from customer;”);
} else
{
echo "\PDOStatement::errorInfo():\n";
print_r($stmt->errorInfo());
}
$stmt = null;
$conn = null;
?>
After that I got this new error:
PHP Parse error: syntax error, unexpected '\' (T_NS_SEPARATOR) in /banking_delete.php on line 16
When I changed echo "\PDOStatement::errorInfo():\n"; to echo "\nPDOStatement::errorInfo():\n"; I still get the same error message
You've got a ” instead of a " at the end of
display("select customer_name as customer_name, customer_city as customer_city, customer_street as customer_street from customer;”);
I get the following error:
Parse error: syntax error, unexpected '$studentNo' (T_VARIABLE)
Can somebody tell me what's wrong here? I've read about this kind of error and base on it, it usually happens when there's a missing bracket, parenthesis or semi-colon but in my case I don't think I missed any..Does it have something to do with the variable itself, perhaps?
if(isset($_POST['next'])){
$studentNo = $_POST['sn'];
if(!empty($_POST['sn'])){
$check = ("SELECT * FROM student_info WHERE SN="$studentNo"");
$check1 = mysqli_query($con, $check);
if(mysql_num_rows($check1) > 0){
$errors['sn'] = "Student number already exists";
}
}
}
Your problem is that you have to concatenate the string.
But, before doing this, make sure that your SQL library protects against SQL injections.
To do this, just do:
$check = "SELECT * FROM student_info WHERE SN=" . $studentNo . ";";
// Also, remember to add a semicolon at the end of your SQL query :)
The best way to do this is to use a prepared statement. This site explains it very well.
I'm trying to use the following code however it is giving me errors.
Code:
$id = $_GET['id'];
$action = '['command'=>'get','target'=>'location']';
$query = "UPDATE ZeusUsers SET action = '$action' WHERE notification_id = '$id'";
$result = mysqli_query($link,$query) or exit("Error in query: $query. " . mysqli_error());
Error:
Parse error: syntax error, unexpected 'command'
If I change the $action to a standard word the statement works fine, it just seems to have issues with the single quotes and square brackets.
I've also tried using \ in front of the single quotes and it still fails.
Any ideas?
let php build the json string for you
$action = json_encode(array('command'=>'get','target'=>'location'));
You are starting and stoping a string literal with the single quotes so php is interpreting command as php code but it doesn't know what that keyword is.
What would be the proper way to concatenate this query?
$query2= "SELECT * FROM relationships WHERE user_1= '.$_SESSION['user_id'].'
AND user_2= '.$user_id.' ";
I keep getting this error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\beta\profile.php on line 32
What would be the proper way to concatenate this query?
To let your SQL library/client/server do it for you (while escaping special characters for free). Trying to build code by mashing strings together is relatively error prone and involves fiddly combinations of various quote characters that can become hard to maintain.
Use prepared statements and bound arguments instead.
You have an incorrect nesting of single and double quotes.
$query2= "SELECT * FROM relationships WHERE user_1= '" . $_SESSION['user_id'] . "' AND user_2= '" . $user_id . "'";
Either:
$query2 = "SELECT * FROM relationships WHERE user_1='" . $_SESSION['user_id'] . "'AND user_2='" . $user_id . "'";
Or:
$query2 = "SELECT * FROM relationships WHERE user_1='${_SESSION['user_id']}' AND user_2='$user_id'";
fixes your syntax error. However, forming queries through concatenation is a bad idea. At the very least, you should mysql_realescapestring all the arguments, if not move to using PDO.
This code keeps erroring.
Error Message: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/soulz/public_html/inbox.php on line 19
Here is the code:
mysql_query("UPDATE `messages` SET message_title = '[NO SUBJECT]' WHERE `message_id`=$row['message_id']");
Use curly braces:
mysql_query("UPDATE `messages` SET message_title = '[NO SUBJECT]'
WHERE `message_id`={$row['message_id']}");
Don't put apostrophes around the field name:
mysql_query("UPDATE `messages` SET message_title = '[NO SUBJECT]'
WHERE `message_id`=$row[message_id]");
^^^^^^^^^^
Inside quoted strings, you cannot use additional quotation marks for array field names. There's an alternative, more elaborate syntax involving braces if you have a very complicated array expression, but you don't need that here.
It seems message_id is integer, so you can fix that error with a best practice.
mysql_query("UPDATE `messages` SET message_title = '[NO SUBJECT]'
WHERE `message_id`=" . intval($row['message_id']));
You can use strval() for strings. Both functions are detailed in intval() manual page and strval() manual page.