CODEWITHSUNDEEP
phpsql-update
Vladlena
Vladlena

Reputation: 11

update function: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I want to put update function. I already make a form, so after user will change everything he wants he can pus at "Save" and and this information will be updated. but when I push "Save", it doesn't save anything and shows error:

"syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in V:\home\op\www\edit.php on line 20"

And this is script, where information need to be updated. (I updated with your advices)

<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?
error_reporting(E_ALL|E_STRICT);
mysql_connect("localhost", "root", "") or die (mysql_error ());
mysql_select_db("university") or die(mysql_error()); 
$program = '".$_POST['program']."',
$code = '".$_POST['code']."',
$course = '".$_POST['course']."',
$form = '".$_POST['form']."',
$time = '".$_POST['time']."',
$price = '".$_POST['price']."',
$accreditation = '".$_POST['accreditation']."',
$department = '".$_POST['department']."',
$type = '".$_POST['level']."',
$type = '".$_POST['type']."',
$result = mysql_query("UPDATE news SET program='".$_POST['program']."', code='".$_POST['code']."', course='".$_POST['course']."', form='".$_POST['form']."', time='".$_POST['time']."', price='".$_POST['price']."', accreditation='".$_POST['accreditation']."', department='".$_POST['department']."', level='".$_POST['level']."', type='".$_POST['type']."' WHERE id='".$_POST['id']."'");
if ($result == true) {
echo "Данные успешно сохранены!";
}
else {
echo "Произошла ошибка, пожалуйста повторите попытку.";
}

Form(where user can put new information)

<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id="container">
<?php
mysql_connect("localhost", "root", "") or die (mysql_error ());
mysql_select_db("university") or die(mysql_error());
$res=mysql_query("SELECT * FROM news WHERE id=" . intval($_GET['id']) );
if($res !== false)
{
if(mysql_num_rows($res) > 0)
{
    $news=mysql_fetch_assoc($res);
    ?>
        <form id="form1" name="form1" method="post" action="edit.php">
        <label>Название <input name="program" type="text" id="program"     value="<?php echo $news['program'];?>" />
        <br />
        Код:  <input name="code" type="text" id="code"  value="<?php echo $news['price'];?>" />
        Курс:  <input name="course" type="text" id="course"  value="<?php echo $news['course'];?>" />
        Форма:  <input name="form" type="text" id="form"  value="<?php echo $news['form'];?>" />
        Срок:  <input name="time" type="text" id="time"  value="<?php echo $news['time'];?>" />
        Цена:  <input name="price" type="text" id="price"  value="<?php echo $news['price'];?>" />
        Акредитация:  <input name="accreditation" type="text" id="accreditation"  value="<?php echo $news['accreditation'];?>" />
        Кафедра:  <input name="department" type="text" id="department"  value="<?php echo $news['department'];?>" />
        Уровень:  <input name="level" type="text" id="level"  value="<?php echo $news['level'];?>" />
        Тип:  <input name="type" type="text" id="type"  value="<?php echo $news['type'];?>" />
        </label>
        <input name="id" type="hidden" id="id" value=”<?php echo $news['id']?>”/>
        <input name="program" type="hidden" id="program" />
        <p>
        <label>
        <input type="submit" name="Submit" value="сохранить" />
        </label>
        </p>
        </div>
    <?php
}
else
{
    echo 'Нет новости с таким ID';
}
}
else
{
echo 'Ошибка запроса к DB';
}

Upvotes: 0

Views: 279

Answers (2)

Rakesh Sharma
Rakesh Sharma

Reputation: 13728

you need to correct your quoting for query variables and use set keyword try to change

$result = mysql_query("UPDATE news program='$_POST['program']', code='$_POST['code']',    course='$_POST['course'], form='$_POST['form']', time='$_POST['time']',   price='$_POST['price']', accreditation='$_POST['accreditation']', department='$_POST['department']', level='$_POST['level']', type='$_POST['type']' WHERE id='$id'");

to

$result = mysql_query("UPDATE news set program='".$_POST['program']."', code='".$_POST['code']."',    course='".$_POST['course']."', form='".$_POST['form']."', time='".$_POST['time']."',   price='".$_POST['price']."', accreditation='".$_POST['accreditation']."', department='".$_POST['department']."', level='".$_POST['level']."', type='".$_POST['type']."' WHERE id='$id'");

Also if you want to use your seted variables in query then use

mysql_query("UPDATE news set program='$program', code='$code',

...and so on

Also use mysql_real_escape_string() to prevent sql injection

Note :- stop using mysql_* functions use PDO or mysqli_*

Upvotes: 2

Abhik Chakraborty
Abhik Chakraborty

Reputation: 44844

First thing you need to check the update syntax http://dev.mysql.com/doc/refman/5.0/en/update.html

The table update is done as

Update table set col = 'someval'

I dont see that SET in the query.

Then for all string values they must be enclosed with single quote

Further more you are wide open to sql injection and start using prepared statement with mysqli or PDO

However in your case it should be as below until you learn preparedStatement

$result = mysql_query("UPDATE news set 
program='".$_POST['program']."', 
code='".$_POST['code']."',  
course='".$_POST['course']."', 
form='".$_POST['form']."', 
time='".$_POST['time']."',   
price='".$_POST['price']."', 
accreditation='".$_POST['accreditation']."', 
department='".$_POST['department']."', 
level='".$_POST['level']."', 
type='".$_POST['type']."' 
WHERE id='$id'");

Upvotes: 2

Related Questions