MoFish Posted April 18, 2007 Share Posted April 18, 2007 hello. im currently trying to do an sql statement but am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\wampnew\confirm4.php on line 351 does anyone know why this is? i thought the below statement would work. $sql= ("UPDATE `tbl_playerinfo` SET OVERALLBUYIN=`$P1OverallBuyIn`,MINUSMONEY=$P1MinusMoney`,PLUSMONEY= `$P1PlusMoney`,OVERALLMONEY=`$P1OverallMoney`,1STPLACE=`$P11st`,2NDPLACE=`$P12nd`,GAMESPLAYED=`$P1GamesPlayed`,1ST% =`$P1Percent1st`,2ND%=`$P1Percent2nd`WHERE PLAYERNAME=$_POST['ReportPlayer1']"); thanks, mofish. Link to comment https://forums.phpfreaks.com/topic/47579-small-sql-statement-syntax-error/ Share on other sites More sharing options...
monk.e.boy Posted April 18, 2007 Share Posted April 18, 2007 hello. im currently trying to do an sql statement but am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\wampnew\confirm4.php on line 351 does anyone know why this is? i thought the below statement would work. $sql= ("UPDATE `tbl_playerinfo` SET OVERALLBUYIN=`$P1OverallBuyIn`,MINUSMONEY=$P1MinusMoney`,PLUSMONEY= `$P1PlusMoney`,OVERALLMONEY=`$P1OverallMoney`,1STPLACE=`$P11st`,2NDPLACE=`$P12nd`,GAMESPLAYED=`$P1GamesPlayed`,1ST% =`$P1Percent1st`,2ND%=`$P1Percent2nd`WHERE PLAYERNAME=$_POST['ReportPlayer1']"); thanks, mofish. try: echo $sql; in the page to see what you are really sending to the DB. Also http://www.webmaster-talk.com/php-forum/58129-sql-injection-problem-php-mysql-websites.html#post271952.... monk.e.boy Link to comment https://forums.phpfreaks.com/topic/47579-small-sql-statement-syntax-error/#findComment-232272 Share on other sites More sharing options...
per1os Posted April 18, 2007 Share Posted April 18, 2007 Wow dude that is FUBAR'ed You really need to read about how to properly format sql www.mysql.com and correct php syntax First off you do not want to enclose a string declaration in "( )" probably throwing the error. Second the sql values should NOT be enclosed in ` that it should always be done in ' tablenames and column names are enclosed in ` Third, the array either needs { } around it or you need to concatenate the string ie: $sql = "this is a test" . $_POST['index'] . " another test"; Because it will not get processed on the inside properly without that. I suggest you do some more reading before venturing too much farther. Link to comment https://forums.phpfreaks.com/topic/47579-small-sql-statement-syntax-error/#findComment-232279 Share on other sites More sharing options...
MoFish Posted April 18, 2007 Author Share Posted April 18, 2007 thanks got it Link to comment https://forums.phpfreaks.com/topic/47579-small-sql-statement-syntax-error/#findComment-232401 Share on other sites More sharing options...
Barand Posted April 18, 2007 Share Posted April 18, 2007 I'm in agreement with monk.e.boy regarding sql injection. Putting raw POST data into a query is inviting disaster. Link to comment https://forums.phpfreaks.com/topic/47579-small-sql-statement-syntax-error/#findComment-232527 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.