Some advice to a guy new in the Application Environment working with MySQL

Hello,

I would like some advice on how to code a PHP section where I UPDATE many rows in one single page.before I start, please bear in mind that my SQL knowledge is very limited and I'm in the learning process and this is NOT a some pet project or school stuff.
Here's the logic:
An user is selected from the DB and the data is in $row array.
Next step is to pass the $row to a page that will do the UPDATE.
It is in the UPDATE script definition I need some advice and this is what I coded so far but with error message:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\LoginARI\rewrite.php on line 51.

PHP Code:

---

<?php
#                                         
include("info_db.php");
session_start();
if (isset($_POST['uid']))
    { 
        $uid = $_POST['uid'];
    }
else
    {
        echo "REWRITE :   UID NOT FOUND<br/>";
        die;
    }
if    (isset($_POST['fname']))
    {
         $fname = $_POST['fname'];
    }
else
    {
        echo "REWRITE :  FNAME NOT FOUND<br/>";
        die;
    }
if    (!isset($_POST['$row']))
    {
      echo "REWRITE :  ROW NOT FOUND<br/>";
           die;                   # miserably
    }

/*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/
$uid = stripslashes($uid);
$uid = mysql_real_escape_string($uid);
$fname = stripslashes($fname);
$fname = mysql_real_escape_string($fname);
/*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/

$mysql  = mysql_connect($dbhost, $dbuname, $dbpass) or die("No connect to mysql server : ".mysql_error());
mysql_select_db($database) or die("Unable to select database : ".mysql_error());
         
$conn = mysql_connect($dbhost, $dbuname, $dbpass) or die('ADMLOGON_020E-Could not connect: ' . mysql_error());
$sel  = mysql_select_db($database) or die('ADMLOGON_030E-The database is unavailable '. mysql_error());
         
          $fname         = mysql_real_escape_string(stripslashes(trim(strip_tags($fname))),$conn);  

$query  = "UPDATE ariusers SET name =   mysql_real_escape_string(stripslashes(trim(strip_tags($row['name']))),$conn);";  [B]   [COLOR="#FF0000"]#  THIS IS LINE 51 !!![/COLOR][/B]
$query .= "fullname                     =      mysql_real_escape_string(stripslashes(trim(strip_tags($row['fullname']))),$conn);";
$query .= "dob                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dob']))),$conn);";
$query .= "ssn                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['ssn']))),$conn);"; 
$query .= "address                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['addr']))),$conn);";
$query .= "city                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['city']))),$conn);";
$query .= "state                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['state']))),$conn);";
$query .= "zip                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['zip']))),$conn);";
$query .= "phone                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['phone']))),$conn);";
$query .= "cell_phone                =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['cellph']))),$conn);";
$query .= "emer_contact_name        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emername']))),$conn);";
$query .= "emer_contact_phone        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emerph']))),$conn);";
$query .= "date_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateempl']))),$conn);";
$query .= "date_termination             =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateterm']))),$conn);";
$query .= "years_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['yearsemp']))),$conn);";
$query .= "hours_vacation_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacal']))),$conn);";
$query .= "hours_vacation_taken        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvactk']))),$conn);";
$query .= "hours_vacation_left        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacleft']))),$conn);"; 
$query .= "hours_sick_leave_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssical']))),$conn);";
$query .= "hours_sick_leave_taken    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssictk']))),$conn);";
$query .= "hours_sick_left            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssicleft']))),$conn);"; 
$query .= "obs1                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs1']))),$conn);";
$query .= "obs2                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs2']))),$conn);";
$query .= "obs3                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs3']))),$conn);";
$query .= "last_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['lastaccss']))),$conn);";
$query .= "times_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['numaccss']))),$conn);";
$query .= "pass                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['encrypt']))),$conn);";
$query .= "  WHERE name = $fname" ');

---

1. Where in the syntax I'm going wrong?
2. by doing ..... ($row['...'] ) am I really getting the data or it should be coded in some other way?

I'd appreciate some advice and correction on what I'm doing wrong.


Thank You for Your time

One of PHP's peccadilloes is how it parses associative array element variables within a double-quoted string. There are several ways around it:

"complex notation" (which can be used for any case where it might be difficult for the parser to figure out what the variable is within a string, not just array elements):

PHP Code:

---

$string = "this string has {$foo['bar']} in it"; 


---

concatenation:

PHP Code:

---

$string = "this string has ".$foo['bar']." in it"; 


---

sprintf():

PHP Code:

---

$string = sprintf("this string has %s in it", $foo['bar']); 


---

Strangely enough, the following is valid, but I don't like it, as it's the only time it is correct to not quote an associative array key, so I choose to never use it:

PHP Code:

---

$string = "this string has $foo[bar] in it"; 


---

Unless you're working with a team that has a specific standard for this situation, all I can say is to use the one you find clearest and most maintainable, then try to be consistent. :)

NogDog,

Thanks for the reply.

it was useful and things are now easier for me.

Good examples.

Thank You

Quote:

---

Originally Posted by oldbag

*The optimist see the glass of water half-full. The pessimist see the same glass half-empty. What was the engineer's conclusion when looking at the same glass of water? *

---

I'm guessing it's the same as for a pragmatist: The glass is twice as big as it needs to be. :p