-1

I am having a problem with PHP (am very inexperienced with it) and I am getting the below error. Could anyone help me find the cause of the below error.

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /home/jsnow/projects/one/htdocs/edit-exec.php on line 30

My Code:

$dbconn = mysql_select_db(APP_DB);
if(!$dbconn) 
{ 
    die("ERROR SELECTING DB"); 
}

$query = "SELECT * FROM users WHERE users_id='$_SESSION['SESS_USER_ID']'"; 
$result = @mysql_query($query);

if($result) { 
    header("location: success-register.php");  
    exit();
}else { 
    die("Query failed");  
}

I am not sure if its something obvious but I cant see it.

Any help would be very appreciative.

Craig Taub
  • 4,169
  • 1
  • 19
  • 25
John Snow
  • 3
  • 2

2 Answers2

2

The above code has not been very well written.

You are probably better off using something like PDO instead of the below.

However the problem is most likely with the ' inside of $query.

Try the below.

$dbconn = mysql_select_db(APP_DB);
if(!$dbconn) {
    die("ERROR SELECTING DB");
}

$query = "SELECT * FROM users WHERE users_id='".$_SESSION['SESS_USER_ID']."'";
$result = @mysql_query($query);

if($result) {
   header("location: success-register.php");
   exit();
}else {
   die("Problem registering");
} 

That would fix the code but I would recommend using something like the below instead (will add params later and satanize ensuring protection from sql injection):

$dbh = new PDO("database details");
$sth = $dbh->prepare('SELECT * FROM users WHERE users_id=:users_id');
$sth->bindParam(':users_id', $_SESSION['SESS_USER_ID']);
$sth->execute();
Craig Taub
  • 4,169
  • 1
  • 19
  • 25
1
$query = "SELECT * FROM users WHERE name = '".$full_name."' AND users_id = '".$_SESSION['SESS_USER_ID']."'";
Tommaso Belluzzo
  • 23,232
  • 8
  • 74
  • 98