0

Please, how do i fix this please. I have initially being using mysql with which i have issues. Now i have started learning mysqli. I don't know all the details now but i need to make this script work and secure. Currently i have this:

Parse error: syntax error, unexpected '$_POST' (T_VARIABLE) in C:\xampp\htdocs\yomi\admin\update.php on line 27

Query:

CREATE TABLE IF NOT EXISTS `news` (
  `id` int(10) NOT NULL,
  `title` varchar(225) NOT NULL,
  `brief` varchar(500) NOT NULL,
  `contents` varchar(2000) NOT NULL,
  `author` varchar(2000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

PHP:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "my_db";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// prepare and bind
$stmt = $mysqli->prepare("UPDATE news SET title = ?,
   brief = ?,
   contents = ?, 
   author = ? 
   WHERE id = 1");

// set parameters and execute
$stmt->bind_param("ssssi", $_POST['title'],
$_POST['brief'],
$_POST['contents'],
$_POST['author'],
$_POST['id']);
$stmt->execute();
echo "New records updated successfully";
$conn->close();
?>
Yomi
  • 63
  • 1
  • 2
  • 6

2 Answers2

1

you are missing a comma after $_POST['author']

$stmt->bind_param("ssssi", $_POST['title'],
    $_POST['brief'],
    $_POST['contents'],
    $_POST['author'],
    $_POST['id']);
    $stmt->execute();
    echo "New records updated successfully";
    $conn->close();
    ?>
kscherrer
  • 5,486
  • 2
  • 19
  • 59
  • Thanks a lot for your response. I still need help with this as i still get error after my typo you just pointed out.// prepare and bind $stmt = $mysqli->prepare("UPDATE news SET title = ?, brief = ?, contents = ?, author = ? WHERE id = 3"); // set parameters and execute $stmt->bind_param("ssssi", $_POST['title'], $_POST['brief'], $_POST['contents'], $_POST['author'], $_POST['3']); $stmt->execute(); echo "New records updated successfully"; $conn->close(); – Yomi Jun 19 '16 at 06:43
  • it would help if you would tell us more about that new error. It could be because you have only 4 placeholders in the prepared statement and you want to insert 5 variables (your id is hardcoded as 1 (3 in the last comment) and still you want to bind $_POST['id'] into the statement. something is wrong there,, – kscherrer Jun 19 '16 at 15:37
  • Thanks again and again. This is the error Notice: Undefined variable: mysqli in C:\xampp\htdocs\yomi\admin\update.php on line 16. I guess my problem is 'id'. The issue is i dont know how to do this. Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\yomi\admin\update.php on line 16. The code related are the ones posted above. Your help is really appreciated – Yomi Jun 19 '16 at 17:20
  • ah i see the problem. you have called the function prepare from a variable called $mysqli that does not exist in your context. you should replace $mysqli->prepare with $conn->prepare. I guess this problem occurred because you copy pasted from the manual of php.net but you didnt see that there, your variable $conn is called $mysqli. But its unclear to me if you understood my last comment where i pointed out that you should replace the part of the query "WHERE id = 1" with "WHERE id = ?". Please vote up my answer and accept it, for i am desperately needing that reputation. Ty and cheers – kscherrer Jun 20 '16 at 07:01
  • Thanks, your answer does not totally solve my problem but it get me far in my debugging process. Besides it is the only answer nearer to my solution. Thanks again. – Yomi Jun 22 '16 at 00:30
0

You are missing a comma after $_POST['author'] where you are binding your parameters.

user2286026
  • 65
  • 1
  • 7