unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in PHP MYSQL

Question

I get the above error when i run the code. Please tell me where i've gone wrong.

I'm trying to get the values and encode them with JSON and save them into the database. Then later on i'm gonna retrieve the data from the database, decode it, and send it to the client end. Following is my php code.

    <?php

    $name = $_POST['fname']; 
    $email = $_POST['email'];
    $comment =$_POST['comment'];
    $website = $_POST ['website'];
    $rate = $_POST['rate'];


    $conn = mysqli_connect("localhost","root","","webtech");
    if(!$conn){
        die("Connection Failed : ".mysqli_connect_error());
    } else{
        echo "Connection Succesful ";
    }

    $jsonDb = array
    (
        'name' => $name,
        'email'=> $email,
        'comment'=> $comment,
        'website'=> $website,
        'rate'=> $rate 
        );

    $jsonArray = array
    (
        'name' => $name,
        'email'=> $email,
        'comment'=> $comment,
        'website'=> $website,
        'rate'=> $rate
         );

$encodeDatabase = json_encode($jsonDb);


$encodeArray = json_encode($jsonArray);
mysql_query("INSERT INTO comments VALUES ("."'".$jsonDb['name']."'"."," ."'".$jsonDb['email']."'".","."'".$jsonDb['website']."'".","."'".$jsonDb['comment']."'".","."'".$jsonDb['rate']."'".")");

    echo $encodeDatabase;




?>

`mysqli_connect()`, but `mysql_query()` ? – Sirko Apr 19 '15 at 17:33 — Sirko, Apr 19 '15 at 17:33
What line does the error point to? – Parham Doustdar Apr 19 '15 at 17:38 — Parham Doustdar, Apr 19 '15 at 17:38

score 1 · Answer 1 · answered Apr 19 '15 at 17:35

1

You have used mysqli to connect the DB but you are using mysql_query() to execute the insert query.

Please use mysqli_query() instead of mysql_query() to execute the Insert Query.

answered Apr 19 '15 at 17:35

Pravat Kumar Sahoo

313
2
9

not what is causing the error even if true – Joshua Byer Apr 19 '15 at 17:36
It is definitely true that you cannot mix mysql_* commands with mysqli_* commands, even if that is not the only error. – John McMahon Apr 19 '15 at 17:42

score 0 · Accepted Answer · answered Apr 19 '15 at 17:38

0

mysql_query("INSERT INTO comments VALUES ('$jsonDb[name]','$jsonDb[email]','$jsonDb[website]','$jsonDb[comment]','$jsonDb[rate]')");

That is what it should look like.

answered Apr 19 '15 at 17:38

Joshua Byer

524
4
11

Using string array keys without quoting them generates unnecessary E_NOTICE's. Another option is to use curly braces for interpolation, so instead of `'$jsonDb[name]'`, it would be `'{$jsonDb['name']}'`. Also note it is an error to use a mysql_* function after a mysqli_ connection. Not to mention this code is vulnerable to sql injection. – John McMahon Apr 19 '15 at 17:50

John McMahon · Answer 3 · 2015-04-19T18:21:55.963

As others have pointed out you need to use mysqli_query instead of mysql_query in this case.

A couple more suggestions:

With large string concatenation as in your query string it can become hard to read and easy to make mistakes with all of the single and double quotation marks. Another option is to use curly braces for interpolation, although this is mostly a stylistic choice:

"INSERT INTO comments VALUES ('{$jsonDb['name']}', '{$jsonDb['email']}', 
    '{$jsonDb['website']}', '{$jsonDb['comment']}', '{$jsonDb['rate']}')"

This code is vulnerable to sql injection. Instead of inserting variables into the database using string concatenation for the query it would be much safer to use prepared statements.

unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in PHP MYSQL

3 Answers3