Viewed   69 times

i've been staringly blanky at this error and can't seem to know what the problem is.When i run the query i get this error:

unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING at this line:

$sqlupdate1 = "UPDATE table SET commodity_quantity=$qty WHERE user=$rows['user'] ";



try this

echo $sqlupdate1 = "UPDATE table SET commodity_quantity=$qty WHERE user='".$rows['user']."' ";
Monday, October 31, 2022

Your problem is that you're not closing your HEREDOC correctly. The line containing END; must not contain any whitespace afterwards.

Tuesday, November 15, 2022

If you want the third row, use offset/limit:

select *
from clients
order by id
offset 2
limit 1;

Note that that offset 0 gets the first record, so offset 2 would be the third record.

Sunday, December 25, 2022

As others have said and you confirmed, the problem is that you are using string literals to compare to a numeric column. To have it work, the query should look like

mysql_query("SELECT * FROM foo WHERE id =$foo OR id = $foo2");

However, this solution has very very bad code smell!

First off, this is why IN exists: to be able to write

mysql_query("SELECT * FROM foo WHERE id IN ($foo, $foo2)");

And second, are you injecting unescaped strings into your query? If you are, your code is vulnerable to sql injection! Escape and quote your variables to be safe, like this (in the general case):

$query = sprintf("SELECT * FROM foo WHERE id IN ('%s', '%s')",

or alternatively like this, since in this specific scenario you know we 're talking about integer values:

$query = sprintf("SELECT * FROM foo WHERE id IN (%s, %s)",
                 intval($foo), intval($foo2));

Footnote: I am aware that when using sprintf like this, one could also handle integer values by just using %d instead if %s as the format specifier. However, I believe that proving you are correctly escaping variables should be possible by just looking at one place (the parameter list) instead of multiple places (did I use intval on the variable? or maybe I did not, but I 'm using %d in the format string so I 'm still OK?). It may sound counter-intuitive, but it's more robust in the face of modifications.

Friday, September 16, 2022

In SQL-query replace all entries of '$out[]' by {$out[]}
And try to use IDE: NetBeans or PhpStorm.

Also, don't forget to sanitize your data in SQL, consider to use PDO and don't use closing ?> tag.

Your fixed code:


$link = mysql_connect('localhost', 'name', 'password');
if (!$link)
    die('Could not connect: '.mysql_error());
echo 'Connected successfully';
mysql_select_db("recruitmentdb", $link);

$sql = "INSERT INTO recruitmentapp_candidate(id,name,contact1,contact2,contact3,e_mail,reference_type,resume_urce,date_of_first_contact,hr_contact,experience_level,current_employer,current_city ,highest_degree,year_of_highest_degree,prominent_college ,possible_projects,skill_set,track ,status ,offer_date,acceptance_date,joining_date,joining_date,comment,feedback_temp,upload_date,vacancy_id)VALUES (null,{$out['Name']},null, null,null,null,null,null,null, null,{$out['ExpLevel']},{$out['CurrEmp']},{$out['CurrCity']}, {$out['HighestDegree']},{$out['Year_Passing']},null,null,{$out['Skill_set']},null,null,null,null,null,null,null,null,null,null)";
if (!mysql_query($sql, $link))
    die('Error: '.mysql_error());
echo "1 record added";
Sunday, August 14, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :