-3

I am running my PHP on my localhost and this is what it returns:

'Parse error: syntax error, unexpected '"' , '"' (T_CONSTANT_ENCAPSED_STRING)' on line 33

This is my line 32& 33 and I cant seem to find where is my excess ","

$q= "INSERT INTO request (req_lvl,req_type,req_desc,req_jchange,req_area1,req_area2,req_imp_plan,req_aff_area,req_a_test)
VALUES ('".$level."' , '".$type."' , '".$bd."' , '".$jc."' , '".$area1."' , '".$area2."' , '".$plan"' , '".$aa."', '".$test."')";
piet.t
  • 11,718
  • 21
  • 43
  • 52
kevin
  • 1
  • 3
  • 4
    learn about prepared Statements to prevent SQL injection – Jens Aug 16 '17 at 09:45
  • 2
    `'".$plan"'` - missing `.`, but using prepared statements would avoid this problem entirely. – Niet the Dark Absol Aug 16 '17 at 09:46
  • 1
    `'".$plan"'` - you’re missing a simple `.` here ... – CBroe Aug 16 '17 at 09:46
  • This may or may not be vulnerable to SQL injection (we can't see what you are doing to populate the variables), by using prepared statements would make this code much easier to write. Trying to generate one coding language by mashing together lots of strings in a different one is always painful. You should always avoid it if you can. – Quentin Aug 16 '17 at 09:47
  • sorry, im learning PHP on the base of its root. Please don't discourage me. – kevin Aug 16 '17 at 09:51

1 Answers1

0

Why not write the same code like this?

<?php

    $array = array (
        'req_lvl' => $level,
        'req_type' => $type ,
        'req_desc' => $bd,
        'req_jchange' => $jc,
        'req_area1' => $area1,
        'req_area2' => $area2,
        'req_imp_plan' => $plan,
        'req_aff_area' => $aa,
        'req_a_test' => $test); 

    $query = "INSERT INTO request (".implode(array_keys($array),", ").") VALUES (\"".implode($array, '", "')."\")";
Fredster
  • 776
  • 1
  • 6
  • 16