need help!!!!!!
5 views
Skip to first unread message
Eliya Kasumiry
May 13, 2012, 3:12:46 AM5/13/12
to dar...@googlegroups.com
Hello ... Hope your doing fine.
I got an error in line number 38 here below are codes.Need help from you ...
the error was..
Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\form1.php on line 38
<?php
$file=$_POST['file'];
$manufacturer=$_POST['manufacturer'];
$tractor_model=$_POST['tractor_model'];
$rent_cost=$_POST['rent_cost'];
38- $sql=mysql_query(insert into tractor(file,manufacturer,tractor_model,rent_cost(per_day)) VALUES ('$_POST[file]','$_POST[manufacturer]','$_POST[tractor_model]','$_POST[rent_cost(per_day)]')");
?>
I got an error in line number 38 here below are codes.Need help from you ...
the error was..
Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\form1.php on line 38
<?php
$file=$_POST['file'];
$manufacturer=$_POST['manufacturer'];
$tractor_model=$_POST['tractor_model'];
$rent_cost=$_POST['rent_cost'];
38- $sql=mysql_query(insert into tractor(file,manufacturer,tractor_model,rent_cost(per_day)) VALUES ('$_POST[file]','$_POST[manufacturer]','$_POST[tractor_model]','$_POST[rent_cost(per_day)]')");
?>
Allen Machary
May 13, 2012, 3:42:43 AM5/13/12
to Eliya Kasumiry, dar...@googlegroups.com
Hey
NOTE: when your sharing code snippets, log or other files try using dpaste.com or pastebin.com will make it easier for other to read and will keep the email clean.
Error >> I whole query should be in quote, double quote your variables so the value can be evaluated
other tips >> It would have been cleaner if you use the variable you created, otherwise there was no point assigning them at the first place
example >>
$sql = mysql_query('INSERT INTO tractor(file,manufacturer,tractor_model,rent_cost(per_day) VALUES ("$file","$manufacturer","$tractor","$rent_cost")');
--
Allen Machary.
Allen Machary.
tilug...@gmail.com
May 13, 2012, 4:29:48 AM5/13/12
to Eliya Kasumiry, dar...@googlegroups.com
The whole sql string should be enclosed within quotes, good practise would be to have the sql string be assigned to a variable and pass that variable in your querying function
Sent from my BlackBerry® smartphone from Vodacom Tanzania
From: Eliya Kasumiry <kasu...@gmail.com>
Sender: dar...@googlegroups.com
Date: Sun, 13 May 2012 10:12:46 +0300
To: <dar...@googlegroups.com>
Subject: [Dar es Salaam GTUG] need help!!!!!!
noax
May 14, 2012, 3:33:38 AM5/14/12
to dar...@googlegroups.com
Hello,
And also the use of "Prepared Statements" might be a better idea and not just "plain SQL" if i got the term right.
PS=> Prepared Statements will help avoid " SQL injections" something used in hacking :)
Read more from here:: http://php.net/manual/en/pdo.prepared-statements.php
But writing that own "Prepared Statements" can be very expensive and time consuming. Have you consider using PHP database framework. It usually does everything for you like 'preparing the SQL statements' and much more.
Regards,
noax
Reply all
Reply to author
Forward
0 new messages