Unexpected SELECT (T_STRING) , sql part not working

Question

i need to make this code working but there is one problem

 <?php


        {
          while($row = mysqli_fetch_assoc($result))
          {
            echo" <a href='article.php?title=".$row['a_title']."&date=".$row['a_dat']."&hmm=".$row['a_id']."'>
             <div class='box'>



            <div class='post-st'>
            $connection = new mysqli(...);

            $data = $connection->query("SELECT image FROM users WHERE a_author='$row['a_author']' ");

       if ($data->num_rows > 0)
       {

        $row2 = $data->fetch_assoc();
        $picture=$row2['image'];
      }

        if($_SESSION['picture'] == "")
       echo '<img width="35px" height="35px" src="../images/default.jpg" alt="Default Profile Pic"> ' ;
    else 
       echo '<img width="35px" height="35px" src="../images/'.$picture.'" alt="Profile Pic">' ;    

            </div>";

          }
        }



     ?>

the problem is on that line of code and i don't understand why

   $data = $connection->query("SELECT image FROM users WHERE a_author='$row['a_author']' ");

i checked every " or ' but i did not founded any missing one

Try by replacing this: `$data = $connection->query("SELECT image FROM users WHERE a_author='".$row['a_author']." '");` — Himanshu Upadhyay, Jun 27 '18 at 10:03
Hope your author is not Bobby Tables btw... First, you should sanitize your inputs. Then know that prepared queries are more efficient, finally I recommend you to read [this](https://stackoverflow.com/questions/8336858/how-to-combine-two-strings-together-in-php) to find a proper way to concatenate strings in PHP. Please give us a real error message instead of "look at my code, something's wrong. Your quotes after the first echo are not closed, and you should probably look for `JOIN` keyword in sql — Zyigh, Jun 27 '18 at 10:09

Lovepreet Singh · Accepted Answer · 2018-06-27T10:07:58.163

There is misplace of quotes. Try code below:

$data = $connection->query("SELECT image FROM users WHERE a_author='" . $row['a_author'] . "'");

There were few syntax errors. The whole code will look like:

while ($row = mysqli_fetch_assoc($result)) {
    echo " <a href='article.php?title=" . $row['a_title'] . "&date=" . $row['a_dat'] . "&hmm=" . $row['a_id'] . "'>
             <div class='box'><div class='post-st'>";
    $connection = new mysqli();

    $data = $connection->query("SELECT image FROM users WHERE a_author = '" . $row['a_author'] . "'");

    if ($data->num_rows > 0) {
        $row2 = $data->fetch_assoc();
        $picture = $row2['image'];
    }

    if ($_SESSION['picture'] == "")
        echo '<img width="35px" height="35px" src="../images/default.jpg" alt="Default Profile Pic"> ';
    else
        echo '<img width="35px" height="35px" src="../images/' . $picture . '" alt="Profile Pic"></div>';
}

Note: mysqli() need appropriate parameters.

I recommend you to use some editor which can detect syntax errors. — Lovepreet Singh, Jun 27 '18 at 10:13

score 1 · Answer 2 · answered Jun 27 '18 at 10:06

These lines are wrong:

<div class='post-st'>
$connection = new mysqli(...);

You are missing ";:

<div class='post-st'>";
$connection = new mysqli(...);

Also, your queries aren't secure and you could suffer from SQL Injections. Here is some documentation about prepared statements with MySQLi:
MySQLi - Prepared Statements

Unexpected SELECT (T_STRING) , sql part not working

2 Answers2