-1

I have a problem. I have these tables:

Utenti, Treni and Operazioni

Utenti has one field: 

ID (INT - AUTO_INCREMENT)

Treni has one field:

ID that is an int (AUTO_INCREMENT)

Operazioni has three fields:

ID (int AUTO_INCREMENT)
Utente (int)
Treno (int)

I have two variables:

$_SESSION['id_user'] that contains user's ID (table Utenti) $id_treno that contains train's ID (table Treni)

When I execute:

$query = "INSERT INTO operazioni ('Utente','Treno') VALUES ('$_SESSION['id_user']','$id_treno')";

I have this error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

Why? Thanks

user2510406
  • 37
  • 1
  • 1
  • 7
  • remove the `'` if you're going to use in-line double-quote parsing. e.g. `"...$_SESSION[id_user]..."`. To proof it, do an `echo $query` before the hand-off and see the difference. – Brad Christie Jun 22 '13 at 17:54
  • var_dump $_SESSION['id_user'] and $id_treno before using them in query and post their values – user4035 Jun 22 '13 at 17:54
  • i have to say i am glad you got that error due to lack of escaping data. `'".mysql_real_escape_string({$_SESSION['id_user'])."'` – amigura Jun 22 '13 at 17:55
  • @amigura There's no reason to think that `$_SESSION` variables need escaping. They are not necessarily provided by the user. (Though parameterised queries are always a good idea.) – lonesomeday Jun 22 '13 at 17:59
  • *Too localized*. But also possible duplicate of [PHP Parse error: syntax error, unexpected T\_ENCAPSED\_AND\_WHITESPACE, expecting T\_STRING or T\_VARIABLE or T\_NUM\_STRING](http://stackoverflow.com/q/7387525) – mario Jun 22 '13 at 18:05

7 Answers7

1

If you are attempting to have variables parsed in your string, you need to use the correct syntax. For array elements, that means not having single quotes round the key as you would normally:

$query = "INSERT INTO operazioni ('Utente','Treno') VALUES ('$_SESSION[id_user]','$id_treno')";

This is documented in the manual page on strings.

There may be SQL errors as well, but the reason for the PHP error is the incorrect string syntax.

lonesomeday
  • 233,373
  • 50
  • 316
  • 318
0

You have multiple errors in your query. Field names in mysql can be put in backticks, not in single quotes. Also, variables have to be escaped; the recommended way is to use PDO/Mysqli and bind parameters

a1ex07
  • 36,826
  • 12
  • 90
  • 103
0

Try this :- 

$query = "INSERT INTO operazioni (Utente,Treno) VALUES ('".$_SESSION['id_user']."','".$id_treno."')";
Rakesh Shetty
  • 4,548
  • 7
  • 40
  • 79
0
$query = 'INSERT INTO operazioni ("Utente","Treno") VALUES ("'.$_SESSION['id_user'].'","'.$id_treno.'")';
rpasianotto
  • 1,383
  • 1
  • 9
  • 22
0

Utente and Treno are ints. You don't need ' with them

juan
  • 179
  • 2
  • 6
  • 12
0
$query = "INSERT INTO operazioni ('Utente','Treno') VALUES ('".$_SESSION['id_user']."','$id_treno')";

Problem in concatanion.

ankit
  • 86
  • 4
0

maybe you haven't started your session before using it in your page? plus you can always var_dump your sql command and try it directly into phpMyAdmins query section and see what exactly is wrong, then try to fix it. cheers

Developerium
  • 7,155
  • 5
  • 36
  • 56