-3

I'm trying to run this php code:

    <?php
include("misfunciones.php");
?>
<html>
    <link rel="stylesheet" href="styleinterfaz.css" type="text/css" media="screen"/>
        <body>
            <?php
            // process form
                $conexion=Conectarse();
                mysql_select_db("alpaca", $conexion);
                $validar = "SELECT * FROM articulo WHERE cod_art = '$_POST[cod_art]'";
                $resultado = mysql_query($validar);
                $ingreso = mysql_num_rows($resultado);
                if($ingreso > 0){
                    if(strlen($_POST['nro_id_trans']) == 6 AND $_POST['dia'] > 0 AND $_POST['dia'] < 32 AND $_POST['mes'] > 0 AND $_POST['mes'] < 13 AND strlen($_POST['año']) == 4 AND strlen($_POST['cod_art']) == 5 AND strcasecmp( $_POST['tipo_trans'] , "ingreso" ) == 0 OR strcasecmp( $_POST['tipo_trans'] , "egreso" ) == 0 AND $_POST['cant_art'] > 0){
                        $sql = "INSERT INTO transaccion (nro_id_trans, dia, mes, año, cod_art, tipo_trans, cant_art) ";
                        $sql.= "VALUES ('$_POST[nro_id_trans]', '$_POST[dia]', '$_POST[mes]', '$_POST[año]', '$_POST[cod_art]', '$_POST[tipo_trans]', '$_POST[cant_art]')";
                        $actualizarmes = "UPDATE cat_dem_mensual SET actualizado = 'no' WHERE mes = '"$_POST['mes']"' AND año = '"$_POST['año']"'";
                        $actualizaraño = "UPDATE cat_dem_anual SET actualizado = 'no' WHERE año = '"$_POST['año']"'"
                        mysql_query($sql, $conexion);
                        mysql_query($actualizarmes, $conexion);
                        mysql_query($actualizaraño, $conexion);
                        echo "¡Gracias! Hemos recibido sus datos.\n";
                        mysql_close($conexion);
                    }
                    else{
                        echo "Algún dato ingresado no es válido. Vuelva a la Interfaz e ingrese los datos nuevamente.";
                    }
                }
                else{
                    echo "El código de artículo no existe en la base de datos.";
                }
            ?>
            <a class="button" href="interfaz.html" onclick=”#”><span>Volver a la Interfaz</span></a>
        </body>
</html>

But when I do it, the following error appears: "Parse error: syntax error, unexpected '$_POST' (T_VARIABLE) in C:** on line 18" I just can't find what it's wrong! I think it's very simple but I'm just a beginner in php.

jnpbl
  • 11
  • 1
  • 3
  • did you check if `$_POST` exists? – Guns Jun 30 '14 at 04:50
  • 3
    Also, **don't use the mysql extension!** It is deprecated and will likely be removed in PHP 5.6, and the way you are using it here is **insecure**: it is vulnerable to SQL injection. Use the mysqli or PDO extensions with parameterized queries. –  Jun 30 '14 at 04:53
  • [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Phil Jun 30 '14 at 04:54
  • @Guns What do you mean with that? I'm using $_POST because the data which I'm trying to compare is given by a form in an index page. – jnpbl Jun 30 '14 at 04:55
  • 2
    As you've said you're a *"beginner in php"*, I've got to ask; what learning resources / reference material are you using? I just can't understand how any new development could be using these outdated and insecure practices. – Phil Jun 30 '14 at 04:56
  • Just use editor with error highlighting. – sectus Jun 30 '14 at 04:59

1 Answers1

2

You are missing a dot (.) which concatenates the string on line 18:

change:

$actualizarmes = "UPDATE cat_dem_mensual SET actualizado = 'no' WHERE mes = '"$_POST['mes']"' AND año = '"$_POST['año']"'";

to 

$actualizarmes = "UPDATE cat_dem_mensual SET actualizado = 'no' WHERE mes = '".$_POST['mes']."' AND año = '".$_POST['año']."'";
Guns
  • 2,678
  • 2
  • 23
  • 51