All,
I'm trying to write a mySQL query but PHP is giving me an error. The line that is giving me an error is:
$qry = "Select * from vendor_options where vendor_option_id='$_SESSION[pav_vendor_categories_$i]'";
The above code is in a for loop so that is how the $i is getting populated. The error I'm receiving is:
Parse error: syntax error, unexpected T_VARIABLE, expecting ']'
Any ideas on what is wrong? Thanks!
$sVendorId = $_SESSION['pav_vendor_categories_' . $i];
$sQuery = "SELECT * FROM vendor_options WHERE vendor_option_id='{$sVendorId}'";
This your working code.
Build vendor option ID outside of query — this will make you code more readable.
Try this;
$qry = "Select * from vendor_options where
vendor_option_id='{$_SESSION["pav_vendor_categories_{$i}"]}'";
Demo: http://codepad.org/0nHsFZ8i
should be :
$qry = "Select * from vendor_options where vendor_option_id='".$_SESSION["pav_vendor_categories_".$i]."'";
but dont do it like that... read about sql injection
hope this helps
Related
I get the following error:
Parse error: syntax error, unexpected '$studentNo' (T_VARIABLE)
Can somebody tell me what's wrong here? I've read about this kind of error and base on it, it usually happens when there's a missing bracket, parenthesis or semi-colon but in my case I don't think I missed any..Does it have something to do with the variable itself, perhaps?
if(isset($_POST['next'])){
$studentNo = $_POST['sn'];
if(!empty($_POST['sn'])){
$check = ("SELECT * FROM student_info WHERE SN="$studentNo"");
$check1 = mysqli_query($con, $check);
if(mysql_num_rows($check1) > 0){
$errors['sn'] = "Student number already exists";
}
}
}
Your problem is that you have to concatenate the string.
But, before doing this, make sure that your SQL library protects against SQL injections.
To do this, just do:
$check = "SELECT * FROM student_info WHERE SN=" . $studentNo . ";";
// Also, remember to add a semicolon at the end of your SQL query :)
The best way to do this is to use a prepared statement. This site explains it very well.
i did follow the solution here : Warning: pg_query(): Query failed: ERROR: syntax error at or near but i still got the following error :
Warning: pg_query(): Query failed: ERROR: column "rosmoffi" does not exist LINE 1: ... FROM public."espece" where "espece"."Code_Espece" =Rosmoffi ^
this is my code :
$conn = pg_connect($conn_string);
$query = 'SELECT * FROM public."espece" where "espece"."Code_Espece" ='.$idd ;
if (!$result = pg_query($conn, $query)){
echo pg_result_error ($conn);
return false;
}
$result = db($result);
return $result;
$query = 'SELECT * FROM public."espece" where "espece"."Code_Espece" ='.$idd ;
Do not do this. If you were to output what you get here you'd see the error, as you should from the error message. Whatever is in the variable $idd will be put into the query as is and it will not be considered a string. It's just a part of the query. So since there are no quotes it will in this case be understood as a column name.
The worst part of this is that if $idd is coming from the user think what will happen when someone sets it to 1; truncate table espece. Or something worse. Learn how to use parameters immediately.
Using parameters your code would be:
$query = 'SELECT * FROM public."espece" where "espece"."Code_Espece" =$1';
if (!$result = pg_query_params($conn, $query, array($idd))){
This way the variable is given properly to the database and there is no injection vulnerability.
NB! For those who keep saying the double quotes should be removed, no. They should not. If the column name is capitalized as Code_Espece then PostgreSQL will not recognize it without the quotes. Capitalization is usually not recommended.
I'm trying to use the following code however it is giving me errors.
Code:
$id = $_GET['id'];
$action = '['command'=>'get','target'=>'location']';
$query = "UPDATE ZeusUsers SET action = '$action' WHERE notification_id = '$id'";
$result = mysqli_query($link,$query) or exit("Error in query: $query. " . mysqli_error());
Error:
Parse error: syntax error, unexpected 'command'
If I change the $action to a standard word the statement works fine, it just seems to have issues with the single quotes and square brackets.
I've also tried using \ in front of the single quotes and it still fails.
Any ideas?
let php build the json string for you
$action = json_encode(array('command'=>'get','target'=>'location'));
You are starting and stoping a string literal with the single quotes so php is interpreting command as php code but it doesn't know what that keyword is.
Hello everybody~ I am getting this error (Parse error: syntax error, unexpected T_RETURN in C:\wamp\www\Nu-Bio\view_topic.php on line 77) when trying to run this little bit of code:
$idd = $rows['id'];
$thisql = "SELECT `locked` FROM `forum_question` WHERE `id` = '$idd'";
$mythisql = mysql_query($thisql);
$res1 = return($mythisql);
It's standalone, not in a function or anything. I'd give you more information, but I'm not sure what to give. I'm calling it with if ($res1 == 0) {. Thanks for any help I get!
(PS: I know I should be moving to mysqli. I WILL be doing that soon, please don't tell me to. I just want to make sure it works before changing it, as I'm almost done with my project)
What should this "return" do? Anyway it's wrong here and is your error at line 77.
$res1 = return($mythisql);
Solution:
$res1 = $mythisql;
or
$res1 = mysql_query($thisql);
I am using this code to get the variable iduser to use it in php as part of another url ( line2). But it gives me the following error "Parse error: syntax error, unexpected T_VARIABLE in" can you please show me my mistake.
<?php
$iduser=$_GET['iduser'];
$currsiteurl = 'http://graph.facebook.com/'$iduser;
You have a syntax error.
$currsiteurl = 'http://graph.facebook.com/' . $iduser;
<?php
$iduser = $_GET['iduser'];
$currsiteurl = "http://graph.facebook.com/${iduser}";
?>
should work hope this helps.
you forgot the concatination . between string and variable:
$currsiteurl = 'http://graph.facebook.com/' . $iduser;
should work
Use this code
<?php
$iduser=$_GET['iduser'];
$currsiteurl = 'http://graph.facebook.com/'.$iduser;
?>
You have to use '.' to join string in php