parsing error at line 17 how to fix it

Question

It is showing parsing error on line 17 I have thoroughly checked it but unable to find error.So how do I fix this error.it is insert_city_query.php

<?php
    include('../../Connections/autodealers.php');
    //error_reporting(0);
    $cityname=$_POST['cityname'];
    $cityorder=$_POST['cityorder'];
    $status=$_POST['status'];
    if($status="Enabled")
    $status=1;
    else
    $status=0;

    $query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values
    (
    '" . addslashes($cityname) . "' ,
    '" . addslashes($cityorder) . "' ,
    '" . addslashes($status) . " '  
    WHERE LCASE='strtolower($_REQUEST['cityname'])')";
    echo $query;
    $result=mysql_query($query);

    if(!$result)
    {
    die ('ERROR: '.mysql_error());
    header("Location: " .$base_url. "admin/city_insert.php" );//if query fails
    }
    else
    {
    header("Location: " .$base_url. "admin/cities.php" );//if query suceeds
    }
    mysql_close($autodealers);



    ?>

Answer 1

Change your query to,

$query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values
('" . addslashes($cityname) . "' ,
'" . addslashes($cityorder) . "' ,
'" . addslashes($status) . " '  
WHERE LCASE='" . strtolower($_REQUEST['cityname']) . "')";

Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Warning: The query is vulnerable with SQL Injection if the value (s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it.

• How to prevent SQL injection in PHP?

Answer 2

You do not use strtolower() as a function.

You should change this line:

WHERE LCASE='strtolower($_REQUEST['cityname'])')";

to

WHERE LCASE='".strtolower($_REQUEST['cityname'])."')";