Parse error: syntax error, unexpected T_VARIABLE – PHP

  php

Q(Question):

Holla…
i’ getting an error in this code :

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\webdav\OSP_Assignment2\edit promo book.php on line 151


<?php
$con = my_sql_connect("localhost", "root", "");
my_sql_select_db("my_db", $con);
if(!$_POST['Submit'])
{
$sql = "SELECT * FROM 'Promo_Booking' WHERE 'GuestFirstName' = $_GET[GuestFirstName]";
$result = mysql_query($sql);
$book = mysql_fetch_array($result);
}
?>
<table width="66%" height="100" border="0" align="center">
<tr>
<td><div align="center"><font color="#666666" size="+30"><strong>PROMOTION</strong></font></div></td>
</tr>
</table>
<p></p>
<table width="50%" border="1" align="center" cellpadding="5" cellspacing="0">
<tr>
<td><p align="center"><strong><font size="4">RESERVATION FORM</font></strong></p>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<table width="699" border="0" align="center" cellpadding="7" cellspacing="0" cols="1">
<tr>
<td width="681">
<table bordercolor="#CCCCCC" width="650" border=1 align="center" cellpadding="4" cellspacing="0" cols="1" >
<tr>
<td width="669"><strong>1. Guest Details</strong></td>
</tr>
<tr>
<td>
<table bordercolor="#CCCCCC" width="644" border="1" align="center" cellpadding="3" cellspacing="0" cols="2">
<tr>
<td width="172">Book for:</td><td width="454"><input type="text" name="promo" value="<?php echo $book['promo'];?>"></td>
</tr>
<tr>
<td width="172">Number of adults:</td><td width="454"><input name="adults" type="text" size="2" value="<? echo $book['adults']; ?>"></td>
</tr>
<tr>
<td>Number of childrens:</td><td><input name="child" type="text" size="2" value="<? echo $book['child']; ?>"></td>
</tr>
<tr>
<td>Guest name:</td>
<td><input name="guestfirstname" type="text" size="25" value="First name" value="<? echo $book['guestfirstname']; ?>">&nbsp;
<input name="guestlastname" type="text" size="25" value="Last name" value="<? echo $book['guestlastname']; ?>"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table bordercolor="#CCCCCC" width="650" border="1" align="center" cellpadding="3" cellspacing="0" cols="1">
<tr>
<td width="479"><strong>2. Contact Information</strong></td>
</tr>
<tr>
<td>
<table bordercolor="#CCCCCC" width="645" border="1" align="center" cellpadding="3" cellspacing="0" cols="2">
<tr>
<td width="150">Email Address:</td>
<td width="422"><input name="email" type="text" size="25" value="<? echo $book['email']; ?>"></td>
</tr>
<tr>
<td>Mobile Phone:</td>
<td><input name="phone" type="text" value=" " size="25" value="<? echo $book['phone']; ?>"></td>
</tr>
<tr>
<td>Nationality:</td>
<td><input name="nationality" type="text" value=" " size="25" value="<? echo $book['nationality']; ?>"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center">
<table bordercolor="#CCCCCC" width="656" border="1" align="center" cellpadding="3" cellspacing="0" cols="1">
<tr>
<td width="646"><strong>3. Credit-Card Details</strong></td>
</tr>
<tr>
<td>
<table bordercolor="#CCCCCC" width="645" border="1" align="center" cellpadding="3" cellspacing="0" cols="2">
<tr>
<td width="155">Credit card type</td>
<td width="417"><input type="text" name="creditcardselect" size="25" value="<? echo $book['creditcardselect']; ?>"></td>
</tr>
<tr>
<td>Name on card:</td><td><input name="cardname" type="text" size="25" value="<? echo $book['cardname']; ?>"></td>
</tr>
<tr>
<td>Card number:</td><td><input name="cardnumber" type="text" size="25" value="<? echo $book['cardnumber']; ?>"></td>
</tr>
<tr>
<td>Security code:</td><td><input name="securitycode" type="text" size="10" value="<? echo $book['securitycode']; ?>"></td>
</tr>
<tr>
<td>Expiry date:</td>
<td><input name="expirydate" value="<? echo $book['expirydate']; ?>">/&nbsp;
<input name="expiryyear" value="<? echo $book['expiryyear']; ?>">
</td>
</tr>
<tr>
<td>Issuing bank:</td><td><input name="issuingbank" type="text" size="25" value="<? echo $book['issuingbank']; ?>"></td>
</tr>
<tr>
<td>Service phone:</td><td><input name="servicephone" type="text" size="25" value="<? echo $book['servicephone']; ?>"></td>
</tr>
<tr>
<td>Billing Adress:</td>
<td><input name="billingaddress" type="text" size="25" value="<? echo $book['billingaddress']; ?>"></td>
</tr>
<tr>
<td>City:</td><td><input name="city" type="text" size="25" value="<? echo $book['city']; ?>"></td>
</tr>
</table>
</td>
</tr>
</table>
<br> <input name="Submit" type="submit" value="Submit">
<br> <input name="Submit" type="submit" value="Edit">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
if(isset($_POST['Submit'])){
$sql = "UPDATE Promo_Booking SET 'GuestFirstName' = "$_POST[guestfirstname]", 'GuestLastName' = "$_POST[guestlastname]",
'Promo' = "$_POST[promo]", 'NumberOfAdults' = "$_POST[adults]", 'NumberOfChildren' = "$_POST[child]",
'EmailAddress' = "$_POST[email]", 'MobilePhone' = "$_POST[phone]", 'Nationality' = "$_POST[nationality]",
'CreditCardType' = "$_POST[creditcardselect]", 'NameOnCard' = "$_POST[cardname]", 'CardNumber' = "$_POST[cardnumber]",
'SecurityCode' = "$_POST[securitycode]", 'ExpiryDate' = "$_POST[expirydate]", 'ExpiryYear' = "$_POST[expiryyear]",
'Issuingbank' = "$_POST[issuingbank]", 'ServicePhone' = "$_POST[servicephone]",
'BillingAddress' = "$_POST[billingaddress]", 'City' = "$_POST[city]" WHERE GuestFirstName = $_POST[guestfirstname]";
mysql_query($sql) or die(mysql_error());
echo "Your Reservation has been updated!";
header("Location : promo booking form3.php");
?>

A(Answer):

Tidy up the quotes in the query

A(Answer):

is it like this??


<?php
if(isset($_POST['Submit'])){
$sql = "UPDATE Promo_Booking SET GuestFirstName = "$_POST[guestfirstname]", GuestLastName = "$_POST[guestlastname]",
Promo = "$_POST[promo]", NumberOfAdults = "$_POST[adults]", NumberOfChildren = "$_POST[child]",
EmailAddress = "$_POST[email]", MobilePhone = "$_POST[phone]", Nationality = "$_POST[nationality]",
CreditCardType = "$_POST[creditcardselect]", NameOnCard = "$_POST[cardname]", CardNumber = "$_POST[cardnumber]",
SecurityCode = "$_POST[securitycode]", ExpiryDate = "$_POST[expirydate]", ExpiryYear = "$_POST[expiryyear]",
Issuingbank = "$_POST[issuingbank]", ServicePhone = "$_POST[servicephone]",
BillingAddress = "$_POST[billingaddress]", City = "$_POST[city]" WHERE GuestFirstName = $_POST[guestfirstname]";
mysql_query($sql) or die(mysql_error());
echo "Your Reservation has been updated!";
header("Location : promo booking form3.php");
?>

A(Answer):

You have multiple quotes in the same string which is gibberish.
Wrap the whole string in double quotes and values inside with single quotes.

Before you do that extract the $_POST array into variables.

A(Answer):

ermmm..
how??
can u xplain it to me..
i’m very new to learn about this…..

A(Answer):

OK. Study the string variable

$sql = "UPDATE Promo_Booking SET GuestFirstName = "$_POST[guestfirstname]",
GuestLastName = "$_POST[guestlastname]", .....

The string is opened with double quotes; fine, but then closes at the next double quote GuestFirstName = " <<<<.
As far as the parser is concerned, this string has now finished but there is no semi-colon to close the line or a dot to concatenate the string so an error is thrown.
You need $_POST[guestfirstname] wrapped in single quotes, but guestfirstname also needs to be in single quotes because it is an array key. (I think leaving the array key quotes of only produces a notice)
All array elements inside a string need braces {} to be parsed.
So string should be

$sql = "UPDATE Promo_Booking
SET GuestFirstName = '{$_POST['guestfirstname']}',
GuestLastName = '{$_POST['guestlastname']}', .....

But entering $_POST data into a database without validation is bad practice, so always read and validate $_POST array into variables

$guestfirst = mysql_real_escape_string(striptags($_POST['guestfirstname']));
$sql = "UPDATE Promo_Booking
SET GuestFirstName = $guestfirst .....

A(Answer):

To reinforce code green’s point about the quotes:

<?php
// This is how we fetch data from a form or the URL.
$data = mysql_real_escape_string($_POST['data']);
// And this is how it is put into a string:
$str = "The data is: {$data}";
// If it is supposed to be quoted inside the string
// you need to do either:
$str = "The data is: \"{$data}\".";
// Or:
$str = 'The data is: "' . $data . '".';
// It should NOT be like your strings are:
$str = "The data is "$data".";
// This causes your error.
// (How is PHP supposed to know which quote is a
// part of the string and which quote closes the string?)
?>

You need $_POST[guestfirstname] wrapped in single quotes, but guestfirstname also needs to be in single quotes because it is an array key. (I think leaving the array key quotes of only produces a notice)

This is true, except for one case. To make it easier to use arrays inside strings, you are allowed to omit the quote marks when using an array inside a string (without the curly-brackets).

<?php
$array = array("hello" => "world");
// This is OK
$str = "Hello: $array[hello]";
// But this produces the notice
$world = $array[hello];
?>

However, this is generally considered to be a bad thing to do. The method is very limited and causes problems when dealing with more complex arrays. You are better of using the curly-bracket method you were talking about

$str = "Hello: {$array['hello']}";

LEAVE A COMMENT