I am getting the following error message:
Parse error: syntax error, unexpected ''.$E_phone_No."'' (T_CONSTANT_ENCAPSED_STRING) in E:\Xamp\htdocs\CreateEmployee.php on line 28
What is the error, I am facing a problem and I can't find the error.
<?php
$conn=oci_connect("system","123","localhost/orcl");
ob_start();
$current_file=$_SERVER['SCRIPT_NAME'];
$massage= "";
if(isset($_POST['E_First_Name'])&&
isset($_POST['E_Last_Name'])&&isset($_POST['E_Gender'])&&
isset($_POST['E_address'])&&isset($_POST['E_phone_No'])&&
isset($_POST['E_category'])&&isset($_POST['EMP_salary'])&&
isset($_POST['work_hour'])&&isset($_POST['Date_Of_Join']) )
{
$E_First_Name= $_POST['E_First_Name'];
$E_Last_Name = $_POST['E_Last_Name'];
$E_Gender = $_POST['E_Gender'];
$E_address = $_POST['E_address'];
$E_phone_No = $_POST['E_phone_No'];
$E_category = $_POST['E_category'];
$EMP_salary = $_POST['EMP_salary'];
$work_hour =$_POST['work_hour'];
$Date_Of_Join=$_POST['Date_Of_Join'];
if(!empty($E_First_Name)&&!empty($E_Last_Name)&&
!empty($E_Gender)&&!empty($E_address)&&!empty($E_phone_No)&&
!empty($E_category)&&!empty($EMP_salary)&&!empty( $work_hour)&&!empty($Date_Of_Join))
{
$sql = "insert into Employee (E_First_Name,E_Last_Name,user_name,password,E_Gender,E_address,E_phone_No,E_category,EMP_salary,work_hour,Date_Of_Join) values('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."',"'.$E_phone_No."','".$E_category .'",'".$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
$stid = oci_parse($conn,$sql);
$r = #oci_execute($stid);
if($r)
{
echo ' data is inserted...<br>';
}
else
{
echo 'data was not inserted...<br>';
}
}
else
{
$massage = "please fill up all the form correctly<br>";
}
}
?>
<html>
<head>
<title>Create FoodItem Table</title>
<style>
body
{
background:orange;
}
</style>
<head>
<body>
fill all the forms for inserting data:<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">
E_First_Name:<br> <input type="text" name ="E_First_Name" ><br><br>
E_Last_Name:<br> <input type="text" name="E_Last_Name" ><br><br>
E_Gender:<br> <input type="text" name="E_Gender" ><br><br>
E_address:<br> <input type="text" name ="E_address"><br><br>
E_phone_No:<br> <input type= "text" name="E_phone_No" ><br><br>
E_category:<br><input type="text" name="E_category"><br><br>
EMP_salary:<br><input type="text" name="EMP_salary" ><br><br>
work_hour:<br><input type="text"name="work_hour"><br><br>
Date_Of_Join:<br><input type="text"name="Date_Of_Join"><br><br>
<input type ="submit" value="Create employee "><br><br>
Show Employee Table
</form>
</body>
The error is caused by the quotes mismatches for the four following variables in your VALUES:
$E_phone_No $E_category $work_hour $Date_Of_Join
"'.$E_phone_No."','".$E_category .'"
To be changed to:
'".$E_phone_No."','".$E_category ."'
as well as:
'". $work_hour.'","'.$Date_Of_Join.'"
To be changed to:
'". $work_hour."','".$Date_Of_Join."'
VALUES rewrite:
('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','".$work_hour."','".$Date_Of_Join."')
You may also want to add spacing between "text" and "name=... (for clarity):
<input type="text"name="Date_Of_Join">
to:
<input type="text" name="Date_Of_Join">
It has already been addressed in a comment, that your code is vulnerable to SQL injections.
The syntax highlighter shows your error. You have a quotes issue:
$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
^^^^^^
HERE
Change it to:
$EMP_salary.'","'. $work_hour.'","'.$Date_Of_Join.'")";
There is a wrong concatenation of your query and your variables the correct way to insert string in the query is
'".$variable."'
Somewhere you place the closing single quote before the double while you should do the opposite. So change this part
NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','". $work_hour."','".$Date_Of_Join."')";
Related
I'm trying to insert data into a mysql database using standard sql through form.
my code is as follows:
<?php
$name="";
$ename="";
if(isset($_POST['submit']))
{
$name = $_POST['name'];
$er = 0;
if($name=="")
{
$er++;
$ename = "Required";
}
else if(strlen($name)<2 || strlen($name)>200)
{
$er++;
$ename = "Name must contain 3-300 characters";
}
if($er==0)
{
$cn = mysqli_connect("localhost","root","","dbuscoaching");
$sql="INSERT INTO city (name,countryId) VALUES('".strip_tags($name)."',".$country.")";
if(mysqli_query($cn,$sql))
{
print '<span class= "successMessage">Country Inserted to Database</span>';
$name="";
}
else
{
print '<span class="errorMessage">'.mysqli_error($cn).'</span>';
}
}
else
{
print '<span class="errorMessage" >You have some problems in your form</span>';
}
}
?>
<form method="post" action="">
<label>Name</label><br>
<input type="text" name="name" id="name" value="<?php print $name; ?>">
<span class="error" id="ename"><?php print $ename; ?></span>
<br>
<label>Country</label><br>
<select name="country" id="country">
<option value="0">Select</option>
<?php
$cn= mysqli_connect("localhost","root","","dbuscoaching");
$sql="select id, name from country";
$table=mysqli_query($cn,$sql);
while ($row= mysqli_fetch_assoc($table))
{
print '<option value="'.$row["id"].'">'.$row["name"].'</option>';
}
?>
</select>
<input type="submit" name="submit" value="Submit">
</form>
When running in browser i'm getting this error message:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ')' at line 1
but in cli php the code runs with no error as shown bellow:
<form method="post" action="">
<label>Name</label><br>
<input type="text" name="name" id="name" value="">
<span class="error" id="ename"></span>
<br />
<label>Country</label><br>
<select name="country" id="country">
<option value="0">Select</option>
<option value="1">Bangladesh</option><option value="2">USA</option><option value="3">India</option><option value="4">Bhutan</option><option value="5">Maldives</option><option value="6">Nepal</option><option value="7">UK</option><option value="8">Australlia</option><option value="9"></option><option value="10">Japan</option><option value="11">Iran</option> </select>
<input type="submit" name="submit" value="Submit">
</form>
Process finished with exit code 0
though i'm following what my instructor told i'm getting this error.
can you please tell me what's the problem?
You do not assign any value to the $country variable, hence the actual sql statement looks like sg like as follows (this is why you should print out the actual sql statement, the error would be obvious):
INSERT INTO city (name,countryId) VALUES('whatever you typed in as name',)
Since there is nothing ahead of the closing parentheses, MySQL reports a syntax error. You need to assign value to $country variable:
$country=$_POST['country'];
However, pls try to avoid creating a query string through simple string concatenation. Use prepared statements with parameters.
Im currently coding a website in php, unfortunately ive hit a road block were i cant seem to get my amend.php and update.php pages to work and update on my created display page below is the code.
Display page displays a table with descriptive columns when the hyperlink 'amend' is select it runs the amend.php.
Amend
<?php
include 'connection.php';
$id = $_GET ['theid'];
$query = "SELECT * FROM place WHERE placeid = '$id'";
$results = mysqli_query($connection,$query);
$row = mysqli_fetch_assoc($results);
?>
<?php include 'header.php'; ?>
<body>
<h2>Amend</h2>
<form method="post" action="updateplace.php">
<fieldset class="fieldset-width1">
<input type="hidden" name="hiddenID" value= "<?php echo $row['placeid']; ?>" />
<br />
<br />
<label class="align" for="txtplacename">Place Name: </label>
<input type="text" name="txtplacename" value = "<?php echo $row['placename']; ?>" />
<br />
<br />
<label class="align"for="txtplacedesc">Place description: </label>
<input type="text" name="txtplacedesc" value = "<?php echo $row['placedesc']; ?>" />
<br />
<br />
<label class="align"for="txtplacecat">Place category: </label>
<input type="text" name="txtplacecat" value = "<?php echo $row['placecat']; ?>" />
<br />
<br />
<label class="align" for="txtplaceimg">Place image: </label>
<input type="text" name="txtplaceimg" value = "<?php echo $row['placeimg']; ?>" />
<br />
<br />
<input type="submit" value="Submit" name='submit' />
</fieldset>
</form>
</p>
<?php include 'footer.php'; ?>
</body>
</html>
This php page works as it displays all the data from phpmyadmin using the selected id.
update
<?php
include 'connection.php';
if(isset($_POST['submit'])){
$placeid = $_POST['hiddenID'];
$placename = $_POST['txtplacename'];
$placedesc = $_POST['txtplacedesc'];
$placecat = $_POST['txtplacecat'];
$placeimg = $_POST['txtplaceimg'];
}
$query = "UPDATE place
SET placename = '$placename';
SET placedesc = '$placedesc';
SET placecat = '$placecat';
SET placeimg = '$placeimg';
WHERE
placeid = '$placeid'";
mysqli_query($connection,$query);
header("location:admin.php");
when i select the submit button the header redirects me however none of the columns i change will have been updated. Any help would be appreciated thanks
Look at your UPDATE query,
$query = "UPDATE place
SET placename = '$placename'; <==
SET placedesc = '$placedesc'; <==
...
You're terminating your UPDATE operation in every line using ;, which is breaking your query. Furthermore, your UPDATE query itself is wrong, it should be like this:
$query = "UPDATE place SET placename = '$placename', placedesc = '$placedesc', placecat = '$placecat', placeimg = '$placeimg' WHERE placeid = '$placeid'";
Sidenote: Learn about prepared statement because right now your query is susceptible to SQL injection attacks. Also here's a good read on how you can prevent SQL injection in PHP.
You should not just assume the query was successful. Replace your mysqli_query line with this to figure out what is going on:
if (!mysqli_query($connection, $query)) {
echo("Error description: " . mysqli_error($connection));
die();
}
Assuming you have some sort of error, it will prevent the redirect and display. If you still get a redirect, there was nothing wrong with the query itself, rather your $placeid value does not exist in the database.
<html>
<head>
</head>
<body>
<form action="mysql.php" method="post">
First Name: <input type="text" name="fname"></br>
last Name: <input type="text" name="lname">< </br>
What is your favrite subject <input type="text" name="subject"></input> </br>
Your Age : <input type="text" name="age"></input> </br>
<input type="submit" name="submit" ></input>
<input type="reset" name="rs"></input>
</form>
<?php
if (isset($_POST\['submit'\]) ){
$_sa = mysql_connect( "localhost","Ali","pakistan");
if (!$_sa){
die("can not caonnect".msql_error());
}
/* ----------- condition ----------------------
if (empty($_POST\[fname\])) {
echo "First name required";
}
------------------condition end ----------------- */
mysql_select_db("google", $_sa );
line 46-- $sql = "INSERT INTO info (firstname,lastname,subject,age) VALUES ('$_POST \[fname\]','$_POST \[lname\]','$_POST \[subject\]', '$_POST \[age\]'')";
mysql_query($sql,$_sa);
mysql_close($_sa);
}
?>][1]
// when I run my code its give me error of
Notice: Array to string conversion in C:\xampp\htdocs\mysql.php on
line 46
Try this:
$sql = "INSERT INTO info (firstname,lastname,subject,age) VALUES ('{$_POST ['fname']}','{$_POST ['lname']}','{$_POST ['subject']}', '{$_POST ['age']}')";
Explanation:
$_POST is an array
So, you need to take care of it while accessing
And, If arrays are accessed inside String, then we should use {}
For example: {$_POST['subject']}
There is an extra single quote written at the end.
I have a data base 'School'. It has only one table - 'Words'. There are word_id, word_name, word_description in it. I want to pull a random description and display it on a page. Then I want to input a word and see if the word has the same description as the random one that was pulled. What am I doing wrong? Here is the code -
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Изпит</title>
</head>
<body>
<?php
$connection = mysqli_connect('localhost', 'root', '', 'school');
if(!$connection){
echo 'NOT OK';
exit;
}
if(isset($_POST['submit_description'])){
$q = mysqli_query($connection, ' SELECT word_description
FROM words ORDER BY rand() LIMIT 1
');
$row=mysqli_fetch_assoc($q);
if($row){
$_POST['word_description'] = $row['word_description'];
echo $_POST['word_description'];
}
}
if(isset($_POST['submit_word'])){
$word_name = $_POST['word_name'];
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
$result=mysqli_query($connection, $q2);
$count=mysqli_num_rows($result);
if($count==1){
echo 'Позна ве.';
}else{
echo 'Не позна ве.';
}
}
?>
<br><br><br>
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
</body>
</html>
I think you have some typos.
This line of code here:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
Should be like this:
$q2="SELECT * FROM words WHERE word_name='".$word_name."' and word_description='".$_POST['word_description']."'";
1) There is a typo in $_POST['word_description'] in your query:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
2) Also, I would recommend using the word_id instead of the word description to make the verification... you would need to write it in a <input name="word_id" type="hidden" value="..." /> in your form to pass it along.
What would be even better, to prevent people from knowing the answer by looking at the code (in case they would know what word matches what id), you could encode the value in the hidden field to be md5($word_id.$word_name) and then in your query you check "WHERE MD5(CONCAT(word_id, word_name))='".$_POST['word_md5']."'" (assuming your hidden input is now called "word_md5).
EDIT:
After looking at the HTML I see what your problem is:
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
This should all be in the same <form> element:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
When the form is submitted, the $_POST array should contain the word_description AND the word_name submitted.
EDIT 2:
If you wish to use the id, you would have to first add it to your SELECT query:
$q = mysqli_query($connection, ' SELECT word_id, word_description
FROM words ORDER BY rand() LIMIT 1
');
Then you'd need to set it to some variable, and then later in your HTML:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_id" value="<?php echo $word_id?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
Your second SQL query should then look like:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_id='".$_POST['word_id']."'";
Note: it is a bad practice to change the $_POST array in your code.
This array is populated by the request sent by the client and things can get confusing if you change the values there.
It is better to create another variable and set it to the value from the $_POST (example: $word_description = $_POST['word_description'];).
This way, you can still use array_key_exists('word_description', $_POST) to verify if the client actually sent something.
I am making a very simple storage system, and i want to make it so that the user puts a number in the box, and press the + or - button, to add or subtract.
I don't know if it's even possible to do it, as simple as i wanted it to be :)
but anyway, here is the code so far for index.php
<?php $v_stk = "v_stk" ?>
<form action="index_sql.php" method="POST">
<input name="v_id" type="hidden" value="<?php echo $v_assoc["v_id"] ?>" />
<input name="v_stk" type="textfield" size="8" />
<input name="+" type="submit" value="+" style="height:23px; width:35px;" />
<input name="-" type="submit" value="-" style="height:23px; width:35px;" />
</form>
<td class="width50 sidepadding">
<?php echo $v_assoc["v_stk"]; ?></td>
<?php }; ?>
and here is for index_sql.php
<?php
require("db/db.php");
$v_id = mysql_real_escape_string($_POST["v_id"]);
$v_stk = mysql_real_escape_string($_POST["v_stk"]);
$sql = mysql_query("SELECT v_stk FROM vare WHERE v_id = '$v_id'");
$assoc = mysql_fetch_assoc($sql);
$v_nu = $v_stk + $assoc;
mysql_query("UPDATE vare SET v_nu = '$v_stk' WHERE v_id = '$v_id'");
header("location: index.php");
?>
I don't know if it is remotely close to something that would work, but with this code it gives me:
Fatal error: Unsupported operand types in C:\wamp\www\lager\index_sql.php on line 8
Because, You are performing addition with an array type variable.
$assoc = mysql_fetch_assoc($sql);
Here, $assoc is an array variable so try like this,
$v_nu = $v_stk + $assoc['v_stk'];