kjetill6 Posted August 28, 2015 Share Posted August 28, 2015 I made this basic code but I got a Parse error: syntax error, unexpected 'INSERT' (T_STRING) if anyone knows how to fix this please reply here is the full code: <?php $info = $_post ['Strøm']; $info1 = $_post ['Spenning']; $info2 = "localhost"; $info3 = "root"; $info4 = "123"; $info5 = "rom 206"; $info6 = "skap1'; $link = mysqli_connect($info2, $info3, $info4, $info5); mysqli_query($link, "INSERT INTO $info6 (`ID`, `Strøm`, `Spenning`) VALUES ('', '$info', '$info1')"); echo "Data registering"; ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted August 28, 2015 Share Posted August 28, 2015 $info6 = "skap1'; ^ ^ | | notice something odd? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted August 28, 2015 Share Posted August 28, 2015 On line 8 you are not closing the string with a double quote " $info6 = "skap1'; ^ | this needs to be a double quote " PHP is case sensitive when it comes to variables, so $_post is not the same as $_POST. When using super global variables the variable name must be in uppercase. You would only use lowercase variables if you have defined a variable in lowercase Also when using variables, try to use meaningful names which will describe the data being stored. For example the variables $info2, $info3, $info4, and $info5 are not meaningful on their own, I am forced to look further down the code to know what they are being used for. I see they are used for logging into mysql on line 9. As these contain credentials for logging into mysql it willl better to name these as $hostname, $username, $password, and $database. $info6 will be better to be named as $table. But I do not see why you are storing the table name in a variable? The table name should be written in the query Before using the $_POST values in your query you should first validate the data, ie checking to see if it does exists and contains what your expect it to be. If the does not meat your requirements you should not be executing the query, instead ouput an error. You should also sanitize the data or use a prepared query Example of how your code should be <?php // variables containing mysql credentials $hostname = "localhost"; $username = "root"; $password = "123"; $database = "rom 206"; // connect to mysql $link = mysqli_connect($hostname, $username, $password, $database); // on HTTP POST request (ie when form has been submitted) if($_SERVER['REQUEST_METHOD'] == 'POST') { $error = array(); // do basic validation, checking to see if the data exists and is not empty if(isset($_POST['Strøm']) && !empty(trim($_POST['Strøm']))) { $strom = $_POST['Strøm']; } // validation failed, set error message else { $errors[] = 'Please enter a value for Strøm'; } // do basic validation, checking to see if the data exists and is not empty if(isset($_POST['Spenning']) && !empty(trim($_POST['Spenning']))) { $spenning = $_POST['Spenning']; } // validation failed, set error message else { $errors[] = 'Please enter a value for Strøm'; } // check to make sure there are no errors after validation if(empty($errors)) { // use prepared query for inserting the database $stmt = mysqli_prepare($link, "INSERT INTO skap1 (`Strøm`, `Spenning`) VALUES (?, ?)"); // make sure mysqli_prepare did not return an error if($stmt) { // bind the variables to the query mysqli_stmt_bind_param($stmt, 'ss', $strom, $spenning); // execute insert query mysqli_stmt_execute(); // check to make sure the query did insert a row if(mysqli_stmt_affected_rows ($stmt)) { echo "Data registering"; } } // mysqli_prepare returned an error else { // output error trigger_error('Query error: ' . mysqli_error($link)); } } // $errors is not empty, output validation errors else { echo 'Cannot insert data!<br />' . implode('<br />', $errors); } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.