PHP echo code not working

Question

The following is a PHP code trying to print some statement. But all it does is print the following error:

Parse error: syntax error, unexpected T_STRING in C:\Program Files\Apache Group\Apache2\htdocs\chat_status.php on line 8

THE CODE:

<?php
session_start();
$con=mysql_connect("localhost","hi","hello");
mysql_select_db("my_db",$con);
$check_table=mysql_query("SELECT * FROM `$row[studentid]"."to"."$_GET[id]`);
if($check_table!=FALSE)
{
$asd="no suggestion";
echo $asd;
}
else
{
$result1=mysql_query("SELECT * FROM students WHERE email='$_SESSION[user_name]'");
$row=mysql_fetch_array($result1);
$create_table="CREATE TABLE `$row[studentid]"."to"."$_GET[id]`(post_number int not null 
auto_increment,primary key(post_number),data text(20000))";
$result=mysql_query($create_table,$con);
}

?>

It's because you have an unexpected T_STRING in C:\Program Files\Apache Group\Apache2\htdocs\chat_status.php on line 8 — 000, Mar 26 '13 at 20:26
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Mar 26 '13 at 20:27
@joeframbach Yea you're right, I jumped the gun after reading the error. my bad! — JakeCataford, Mar 26 '13 at 20:30

hek2mgl · Accepted Answer · 2013-03-26T20:45:23.050

0

Change following line to:

$check_table=mysql_query("SELECT * FROM `$row[studentid]"."to"."$_GET[id]`");

Note the closing ".

Also note the comment from @jamie0726 (Thanks):

Please do not use $_GET in your query under any circumstances. That's a severe security mistake (SQL injection, it's very easy to delete your database for example with your code.). You can avoid this easily. Check out

edited Mar 26 '13 at 20:45

answered Mar 26 '13 at 20:26

hek2mgl

152,036
28
249
266

hours of code gets your brain outta you head i guess! thanks. – kamal0808 Mar 26 '13 at 20:28
2

Please do not use $_GET in your query under any circumstances. That's a severe security mistake (SQL injection, it's very easy to delete your database for example with your code.). You can avoid this easily. Check out @Quentin 's links above. Thanks! :-) – herrjeh42 Mar 26 '13 at 20:41

score 0 · Answer 2 · answered Mar 26 '13 at 20:28

try this

    <?php
 session_start();
 $con=mysql_connect("localhost","hi","hello");
 mysql_select_db("my_db",$con);
 $check_table=mysql_query("SELECT * FROM '$row[studentid]'.'to'.'$_GET[id]' ");
 if($check_table!=FALSE)
 {
 $asd="no suggestion";
 echo $asd;
 }
 else
 {
$result1=mysql_query("SELECT * FROM students WHERE email='$_SESSION[user_name]'");
$row=mysql_fetch_array($result1);
$create_table="CREATE TABLE '$row[studentid]'.'to'.'$_GET[id]' (post_number int not  null 
 auto_increment,primary key(post_number),data text(20000))";
 $result=mysql_query($create_table,$con);
 }

 ?>

PHP echo code not working

2 Answers2