473,289 Members | 2,087 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,289 software developers and data experts.

Trying to updating a column through php and mysql

1 Bit
Hello, so I'm trying to update a column (carID) in a table called users
but I'm getting the following error:
"syntax error, unexpected double-quote mark, expecting "-" or identifier or variable or number"

Can you help me figure out what's the problem in the code?

Expand|Select|Wrap|Line Numbers
  1. if($_SERVER["REQUEST_METHOD"] == "POST"){
  2.   $ID=mysqli_real_escape_string($con, $_GET['ID']);
  3. if(isset($_POST["rentit"])){
  4.  $sql="UPDATE users SET carID = '$ID' WHERE username = $_SESSION["username"] ";
  5. }}
Thanks A Lot!
Jan 18 '21 #1
3 3825
Niheel
2,460 Expert Mod 2GB
the $_SESSION["username"] variable needs quotes in the SQL statement

original
Expand|Select|Wrap|Line Numbers
  1. $sql="UPDATE users SET carID = '$ID' WHERE username = $_SESSION["username"] ";
fix
Expand|Select|Wrap|Line Numbers
  1. $sql="UPDATE users SET carID = '$ID' WHERE username = '".$_SESSION["username"]."' ";
Jan 19 '21 #2
The explanation you are providing is really great.
Jan 19 '21 #3
bakertaylor28
45 32bit
This code has two big problems-
First you should always be using prepared statements to prevent SQL injection. The second, is that it is easier to avoid using
a session variable directly in SQL- it is better to set regular var to Session Var:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. if ( !isset ($_POST['carid'] )) {
  4. exit('please input a carid');
  5. }
  6. $username = $_SESSION['username'];
  7. $carid = $_POST['carid'];
  8.  
  9. $host='database host';
  10. $user ='database user';
  11. $pass = 'database pass';
  12. $dbname = 'database name';
  13.  
  14. $con = mysqli_connect($host, $user, $pass, $dbname);
  15. $stmt = $con->prepare('UPDATE users SET carid= ? WHERE username= ?');
  16. $stmt->bind_param('ss', $carid, $username);
  17. $stmt->execute(); 
  18. $stmt->close();
  19. $con->close();
  20. ?>
  21.  
This is unnecessary:
Expand|Select|Wrap|Line Numbers
  1. if($_SERVER["REQUEST_METHOD"] == "POST") {
  2.  
  3. }
  4.  
because form data will ALWAYS use post if we use this in html (And therefore we don't need to check for POST method) :

Expand|Select|Wrap|Line Numbers
  1. <form action="/foo.php"  method="post">
  2.  
Mar 2 '21 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: MySQL | last post by:
Hi, I downloaded MySQL 3.23.57 for Windows as I wish to learn MySQL locally and then use the one I already have installed on my UNIX server. I ran setup and rebooted but the WinMySQLadmin program...
0
by: Mark88 | last post by:
I get the following error screen when I try to install mysql on redhat: ----------------------------------------------------------------------- # rpm -i MySQL-server-4.1.4-0.i386.rpm warning:...
5
by: erikthenomad | last post by:
Hey...newbie question: I've got three columns in my database, the third of which is blank right now, and I need it to equal the value of column one minus column two. While I can accomplish this...
3
by: Martin | last post by:
I'm having trouble getting a new PHP/MySQl installation to work. Windows XP Pro, IIS 5.1, PHP 5.1.1, MySQL 5.0.16, ISAPI This is a new computer. The whole setup is for development use only -...
1
by: Brett Magill | last post by:
Hello all, Looking for some help here. BTW, to e-mail me directly, should you prefer, take the *nomail*. out the reply address. I uploaded data from another program ( GNU R-2.2.0 @...
1
by: smatta | last post by:
I have downloaded mysql 5.0.18 source code and would like to run on Fedora Core 4. It seems like the compilation succeeded. I am not sure of what to do after the rpmbuild though. I did a...
2
by: julie18881 | last post by:
I may be being really stupid here, i have spent the last 3 hours looking round your site and some other for answers to my problem, but have not had much luck (possibly cuase my brain just isn't...
0
by: tedpottel | last post by:
Hi How do I install mysql db libray for python? I went to source forg and downloaded the following zip folder MySQL_python-1.2.2-py2.4-win32 I open the folder and looked inside did not see any...
11
AutumnsDecay
by: AutumnsDecay | last post by:
Hey everyone. I have been writing a testimonials backend for a client who wishes to use the feature. How it is supposed to work is like this: The user writes a testimonial of their experience...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.