Having trouble with UPDATE

Question

I trying to make a report system and need to update some values but it seems to give me this error every time I try and do something, I am using mysql and php:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\core\functions\offtopic.php on line 22

Here is the code:

if (isset($_GET['report']))
{
    $query = "UPDATE `offtopicposts` SET `reported`='1', `reported_by`=$_SESSION['user_id'] WHERE `post_id` = $_GET['report']";
    mysql_query($query) or die(mysql_error());
}

Answer 1

Have you tried this:

$query = "UPDATE `offtopicposts` SET `reported`='1', `reported_by`={$_SESSION['user_id']} WHERE `post_id` = {$_GET['report']}";

The curly braces might do the trick.

Alternatively, you can concat the string like this:

$query = "UPDATE `offtopicposts` SET `reported`='1', `reported_by`=" . 
         $_SESSION['user_id'] . " WHERE `post_id` = " .
         (int)$_GET['report'];

That also allows you to sneak in the int cast, which is a dirty but effective way to make this script better protected against SQL injection. Even better would be to drop the deprecated mysql functions completely, switch to mysqli or PDO, and use prepared statements.

Answer 2

you could do this;

$query = "UPDATE `offtopicposts` SET `reported`='1', `reported_by`=".$_SESSION['user_id']." WHERE `post_id` = ".$_GET['report'];

Or this

$user_id = $_SESSION['user_id'];
$report = $_GET['report'];
$query = "UPDATE `offtopicposts` SET `reported`='1', `reported_by`=$user_id WHERE `post_id` = $report";