-1

Hey Experts,
Please Help me.. i am facing this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\wamp\www\tf\process.php on line 22

for($b=1;$b<$_POST['studentcount'];$b++)
{
$c='sname' . $b;
$ql="INSERT INTO stud (name) VALUES ('$_POST['sname1'])"; /*line 22*/
mysql_query($ql);
}

Please do checkwhats wrong with this,
Regards,
Vigas Deep

4
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by BzzBee
1
for($b=1;$b<$_POST['studentcount'];$b++)
{
$c='sname' . $b;
$ql="INSERT INTO stud (name) VALUES ('$_POST['sname1'])"; /*line 22*/
mysql_query($ql);
}

Well, for one thing you're missing a quote after the $_POST array statement. For another, arrays don't automatically parse in a string.
So this:

echo "$myArray['myIndex']";

Would give you an error.
Try this:

$ql="INSERT INTO stud (name) VALUES ('{$_POST['name1']}')";

Inserting the brackets {} around the array tells the compiler to parse it first.

0

It is not good to use $_POST value directly in the sql query. at least need prevent some sql injections...
But if you really need it as is then you lost one ' between brackets ])
or use like this
$ql="INSERT INTO stud (name) VALUES ('".$_POST".')";

Best
Vitana

http://vitana-group.com/

0

Good point, I didn't think about the SQL injection weakness there. You could solve both problems by doing something like this:

$name = mysql_real_escape_string($_POST['sname1']);

$ql="INSERT INTO stud (name) VALUES ('$name')";

Edited by Lsmjudoka: n/a

-1

i also agree. you should put your request/post value into any variable and then use it. dont put it directly.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.