-1

I can not for the life of me figure out why PHP is complaining about the following:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

Code:

while($row = $rbh->fetchAssoc($rbhSQL)) {
   $statsSQL = $stats->query("INSERT INTO usage (user, grp, type, size, blocks, count, filesystem) VALUES ($row['owner'], $row['gr_name'], $row['type], $row['size'], $row['blocks'], $row['count'], \"$fsName\") ON DUPLICATE KEY UPDATE size=$row['size'], blocks=$row['blocks'], count=$row->['count']");
}

What am I missing?

Adam
  • 510
  • 1
  • 5
  • 21

1 Answers1

2

When injecting variables into a string, array values are referred to without single quotes around the key.

This would be valid:

... VALUES ($row[owner], $row[gr_name], ...

However, what would be preferable is to use a parameterized query instead, which has numerous benefits:

  • ensures your application is safe from SQL injection (can even happen inadvertently when the data is under your control)
  • makes the query more readable
  • sidesteps this issue entirely

If this were something other than an SQL query I would still recommend using sprintf instead of directly injecting all these variables.

Community
  • 1
  • 1
Jon
  • 428,835
  • 81
  • 738
  • 806