Error during data UPDATE in php

Question

$sql = "UPDATE tblprofile SET name = '$membername' ,
                                        f_h_name = '$fathername', 
                                        maritalS = '$mstatus' , 
                                        dob = '$dob' , 
                                        occupation = '$occupation' , 
                                        nominee = '$nominee' , 
                                        address1 = '$address1' , 
                                        address2 = '$address2',
                                        city = '$city',
                                        district = '$district',
                                        state = '$state',
                                        pin = '$areapin',
                                        mobile = '$mobileno',
                                        email = '$email',
                                        PANno = '$panno',
                                        bankname = '$bankname',
                                        branch = '$branch',
                                        accountno = '$accountno'
                                        WHERE userId = '$_SESSION['UserId']' "; //line 212
    if(mysql_query($sql))
    {
        echo "Updation Done.";
    }

Error comes in browser : Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\303\saveEditProfile.php on line 212

Answer 1

Fast hack do get this working is to remove single qoutes in last SQL query line, like this:

WHERE userId = '$_SESSION[UserId]' ";

Answer 2

Try changing to this:

$_SESSION[UserId]

Answer 3

Try this:

$sql = "UPDATE tblprofile SET name = '$membername' ,
                                    f_h_name = '$fathername', 
                                    maritalS = '$mstatus' , 
                                    dob = '$dob' , 
                                    occupation = '$occupation' , 
                                    nominee = '$nominee' , 
                                    address1 = '$address1' , 
                                    address2 = '$address2',
                                    city = '$city',
                                    district = '$district',
                                    state = '$state',
                                    pin = '$areapin',
                                    mobile = '$mobileno',
                                    email = '$email',
                                    PANno = '$panno',
                                    bankname = '$bankname',
                                    branch = '$branch',
                                    accountno = '$accountno'
                                    WHERE userId = '{$_SESSION['UserId']}' "; //line 212

I strongly suggest you have a look at php.net/sprintf, e.g.:

$sql = sprintf("SELECT id FROM table WHERE name = '%s'", $name);

Answer 4

Your variable reference $_SESSION['UserId'] inside the double quoted string is not allowed. You either need to write $_SESSION[UserId] (without quoting the key):

"… WHERE userId = '$_SESSION[UserId]' "

Or use the curly brace syntax {$_SESSION['UserId']}:

"… WHERE userId = '{$_SESSION['UserId']}' "

But I rather suggest you to use a parameterized function to build your query (like sprintf) or Prepared Statements so that you can protect yourself agains SQL Injections as well.