 | irah
(User) | Error in PHP statement - 2009-10-26
07:19:03 | Dear friends,
I faced a following error
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
in the line
$query = "insert into $schema.transfer (reason,date,amount,to_whom) values ($_POST['reason'],'$expense_date',$_POST['amount'],$_POST['to-whom']) ;";
Please help me to solve this problem. | | maxmouse
(User) | Re: Error in PHP statement - 2009-10-26
16:42:41 | $query = "insert into" . $schema.transfer . "(reason,date,amount,to_whom) values ($_POST[\'reason\'],\'" . $expense_date . "\',$_POST[\'amount\'],$_POST[\'to-whom\']) \;";
Will make that string equal what looks like an SQL query...
you have to remember to escape using back slashes... if you elaborate more, I'll be able to shed more light on this. | | maxmouse
(User) | Re: Error in PHP statement - 2009-10-26
16:48:53 | Sorry... the above is incorrect try:
<?php
$query = "insert into $schema.transfer (reason,date,amount,to_whom) values ('$_POST[reason]','$expense_date','$_POST[amount]','$_POST[towhom]')";
?> | | irah
(User) | Re: Error in PHP statement - 2009-10-27
06:28:33 | | I did what you gave, but its not working. | | maxmouse
(User) | Re: Error in PHP statement - 2009-10-27
09:45:54 | | Without any kind of elaboration on your part i can't help any more than that. | | Domuk
(User) | Re: Error in PHP statement - 2009-10-27
21:20:28 | Although it's very much not what should be done, I can't actually see why that doesn't work. None the less, wrap variables in {}, and for SQL's sake at least 'reason' should be in apostrophes.
And then, when it's working, don't do it at all. Learn about properly sanitizing user input before wrapping it in SQL.
You're using PHP, I'm guessing it's MySQL, and I'm guessing it'll support PDO. Look into using placeholders with PDO. | |
|
Copyright Open Source Institute, 2006 
