Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:... on line 22

Question

I want to update a row in a table for my project, I'm copying a syntax I saw somewhere else here however, I think my problem comes when I try updating where ApplicantID is equal to $_SESSION["ID"]. I get this error

Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\...\InsertPData.php on line 22

here is the php along side the SQL:

<?php
        include_once'dbconnect.php';
        session_start();

        function INSERT()
        {
            $Name=$_POST['name'];
            $Relation=$_POST['Relation'];
            $Email=$_POST['Email'];
            $Address=$_POST['Address'];
            $Postcode=$_POST['Postcode'];
            $Mobile_Number=$_POST['Mobile_Number'];
            $Home_Number=$_POST['Home_Number'];
            $INSERT="UPDATE Applicants 
            SET ParentName='$Name',
            Relationtoapplicant='$Relation',
            ParentEmail='$Email', 
            ParentAddress='$Address', 
            ParentPostcode='$Postcode', 
            ParentMobile='$Mobile_Number', 
            ParentHome='$Home_Number', 
            WHERE ApplicantID=$_SESSION["ID"] "; #THIS IS LINE 22

            $data=mysql_query($INSERT) or die(mysql_error());
            if($data)
            {
                echo "Parents/Gauridan details hav been entered";
            }
            else print "error";
        }

        INSERT()
        ?>

I've already searched for a solution to this but haven't found something where the user is using a session thing. Thank you.

If you have a close look at the syntax highlighting here, you will spot the error. — Sirko, Apr 09 '16 at 07:51

score 0 · Accepted Answer · edited May 23 '17 at 12:34

0

This is why an IDE with syntax highlighting is helpful. StackOverflow uses syntax highlighting on code blocks as well and actually already gives you the answer based on your code:

$INSERT="UPDATE Applicants 
WHERE ApplicantID=$_SESSION["ID"] ";

See how ID is suddenly black instead of dark red? That's because you are terminating the string there. The double quotes should either be escaped or replaced with single quotes, like:

$INSERT="UPDATE Applicants 
WHERE ApplicantID=$_SESSION[\"ID\"] ";

Or

$INSERT="UPDATE Applicants 
WHERE ApplicantID=$_SESSION['ID'] ";

See how the ID bit stays dark red? This is because now your string is not suddenly terminated.

Also, please do not use mysql_ functions anymore. They have been deprecated since 2013 and are currently not even a part of PHP anymore. So if you'd update your PHP to the latest version, this code would not work. On top of that, this code is vulnerable to SQL injection attacks.

Also see Why shouldn't I use mysql_* functions in PHP? and How can I prevent SQL-injection in PHP?.

edited May 23 '17 at 12:34

Community

1
1

answered Apr 09 '16 at 07:54

Oldskool

34,211
7
53
66

Thanks man. Turns out the main issue is that actually session['ID'] is not being transferred from one page to another. I should've tested out something like "WHERE ApplicantID=1524;", either way, thank you very much man. I am grateful. – srhgrsdhfdh Apr 09 '16 at 08:00
@srhgrsdhfdh You're welcome. But also please read the bottom part of my answer, your code is very outdated and can easily be abused to hack into your database or server. You should really be upgrading it to modern day standards. See provided links for further details. – Oldskool Apr 09 '16 at 08:02
Thanks again man, its for a school project and probably wont be used seriously. – srhgrsdhfdh Apr 09 '16 at 08:41

Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:... on line 22

1 Answers1