ALTER TABLE Parse error: syntax error, unexpected T_STRING

Question

i have a bit of a problem this is my code `

if(isset($_POST['delete']))
{
    $host="db1.xhost.ro"; // Host name 
    $username="supremesguild_01"; // Mysql username 
    $password="Blizzard951234"; // Mysql password 
    $db_name="supremesguild_xhost_ro01"; // Database name 
    $tbl_name="inventar"; // Table name 
    /*
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="acilogin"; // Database name 
    $tbl_name="inventar"; // Table name 
    */
    // Connect to server and select database.
    $con = mysql_connect($host, $username, $password)or die("cannot connect"); 


    // Get values from form
    $id=$_POST['id'];

    mysql_select_db($db_name, $con)or die("cannot select DB");

    // modify data into mysql
    $sql="DELETE FROM `$tbl_name` WHERE `ID` =$id LIMIT 1 ; ";
    $auto = "SELECT MAX(`ID`) FROM `$tbl_name`";
    ALTER TABLE $tbl_name AUTO_INCREMENT = $auto+1; //this is line 29

    $result=mysql_query($sql, $con)or die('Could not delete data: ' . mysql_error());;

    // if successfully insert data into database, displays message "Successful". 
    if($result){
        header("Location:http://supremesguild.xhost.ro/index.php?pagina=delete_success");
    }

    else {
        header("Location:http://supremesguild.xhost.ro/index.php?pagina=delete_failed");
    }
    mysql_close($con);
    mysql_close();
}

and i get this error: Parse error: syntax error, unexpected T_STRING in /home/www/free/xhost.ro/supremesguild.xhost.ro/delete.php on line 29. I tried: ALTER TABLE "$tbl_name" AUTO_INCREMENT = $auto+1; or EXEC(ALTER TABLE $tbl_name AUTO_INCREMENT = $auto+1;) but it says that exec has been disabled for security purposes i just want to reset the AUTO_INCREMENT after every delete, can any one help me?

Note that `SELECT MAX(`ID`) FROM `$tbl_name` is not getting executed since it doesn't get handed to a `mysql_query`. Every statement you want to run against the database has to be executed via mysql_query or even better mysqli_query: http://stackoverflow.com/questions/8891443/when-should-i-use-mysqli-instead-of-mysql — Karl Lorey, May 25 '13 at 23:05
Please also take a look at SQL-Injections (http://en.wikipedia.org/wiki/SQL_injection). You have to sanitize `$_POST['id']` here to make sure it's a number. For example like this: `$id = (int) $_POST['id']` — Karl Lorey, May 25 '13 at 23:12

score 2 · Accepted Answer · 2013-05-25T23:11:21.307

2

Don't you see something suspicious here?

$auto = "SELECT MAX(`ID`) FROM `$tbl_name`";
    ALTER TABLE $tbl_name AUTO_INCREMENT = $auto+1; //this is line 29
$result=mysql_query($sql, $con)or die('Could not delete data: ' . mysql_error());;

I would be sad If you didn't, but then since you didn't.

Just change your query to

$auto = "SELECT MAX(`ID`) FROM `$tbl_name` 
        ALTER TABLE $tbl_name AUTO_INCREMENT = $auto+1;

Because, this $tbl_name; actually ends your query, so you can't continue by saying ALTER TABLE $tbl_name AU after that, like nothing happened.

edited May 25 '13 at 23:11

answered May 25 '13 at 22:56

Probably also use an IDE with syntax highlighting (Eclipse with PHP Development Tools for example). It can help you to spot errors like this instantly... – Karl Lorey May 25 '13 at 23:02
@lorey No. that query is actaully terminated by `;` Not, any IDE I know adds semicolon by itself. – May 25 '13 at 23:04
1

No, you got me wrong there. I mean that any IDE with syntax highlighting would make it almost impossible not to spot this error because of missing highlighting. This was also meant as additional advice for him. I added it here because I think your answer ist the best so far ;) – Karl Lorey May 25 '13 at 23:08
Oh, well in that case you are right. Have you even upvoted :P :) Op seems to have disappeared though – May 25 '13 at 23:10

score 0 · Answer 2 · edited May 25 '13 at 23:20

0

You need to put the query as a string, inside " ".

edited May 25 '13 at 23:20

Rubens

14,478
11
63
92

answered May 25 '13 at 22:56

Roberto Arosemena

1,140
1
9
18

score 0 · Answer 3 · answered May 25 '13 at 22:59

0

ALTER TABLE is not a PHP command. If you want this SQL query to to be executed in your database you have to send it as a string parameter to mysql_query().

mysql_query("ALTER TABLE $tbl_name AUTO_INCREMENT = $auto+1;");

answered May 25 '13 at 22:59

Havenard

27,022
5
36
62

score 0 · Answer 4 · answered May 26 '13 at 01:43

You should be VERY careful about sharing your hostname, username and password publicly as now everyone can access your database if they find the right url or know where your host server is! Dummy it up with false data before you post is a good suggestion.

ALTER TABLE Parse error: syntax error, unexpected T_STRING

4 Answers4

Don't you see something suspicious here?