www.webdeveloper.com
Results 1 to 4 of 4

Thread: Some advice to a guy new in the Application Environment working with MySQL

  1. #1
    Join Date
    Jun 2008
    Location
    Omaha
    Posts
    15

    Question Some advice to a guy new in the Application Environment working with MySQL

    Hello,

    I would like some advice on how to code a PHP section where I UPDATE many rows in one single page.before I start, please bear in mind that my SQL knowledge is very limited and I'm in the learning process and this is NOT a some pet project or school stuff.
    Here's the logic:
    An user is selected from the DB and the data is in $row array.
    Next step is to pass the $row to a page that will do the UPDATE.
    It is in the UPDATE script definition I need some advice and this is what I coded so far but with error message:
    Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\LoginARI\rewrite.php on line 51.
    PHP Code:
    <?php
    #                                         
    include("info_db.php");
    session_start();
    if (isset(
    $_POST['uid']))
        { 
            
    $uid $_POST['uid'];
        }
    else
        {
            echo 
    "REWRITE :   UID NOT FOUND<br/>";
            die;
        }
    if    (isset(
    $_POST['fname']))
        {
             
    $fname $_POST['fname'];
        }
    else
        {
            echo 
    "REWRITE :  FNAME NOT FOUND<br/>";
            die;
        }
    if    (!isset(
    $_POST['$row']))
        {
          echo 
    "REWRITE :  ROW NOT FOUND<br/>";
               die;                   
    # miserably
        
    }

    /*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/
    $uid stripslashes($uid);
    $uid mysql_real_escape_string($uid);
    $fname stripslashes($fname);
    $fname mysql_real_escape_string($fname);
    /*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/

    $mysql  mysql_connect($dbhost$dbuname$dbpass) or die("No connect to mysql server : ".mysql_error());
    mysql_select_db($database) or die("Unable to select database : ".mysql_error());
             
    $conn mysql_connect($dbhost$dbuname$dbpass) or die('ADMLOGON_020E-Could not connect: ' mysql_error());
    $sel  mysql_select_db($database) or die('ADMLOGON_030E-The database is unavailable 'mysql_error());
             
              
    $fname         mysql_real_escape_string(stripslashes(trim(strip_tags($fname))),$conn);  

    $query  "UPDATE ariusers SET name =   mysql_real_escape_string(stripslashes(trim(strip_tags($row['name']))),$conn);";  [B]   [COLOR="#FF0000"]#  THIS IS LINE 51 !!![/COLOR][/B]
    $query .= "fullname                     =      mysql_real_escape_string(stripslashes(trim(strip_tags($row['fullname']))),$conn);";
    $query .= "dob                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dob']))),$conn);";
    $query .= "ssn                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['ssn']))),$conn);"
    $query .= "address                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['addr']))),$conn);";
    $query .= "city                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['city']))),$conn);";
    $query .= "state                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['state']))),$conn);";
    $query .= "zip                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['zip']))),$conn);";
    $query .= "phone                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['phone']))),$conn);";
    $query .= "cell_phone                =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['cellph']))),$conn);";
    $query .= "emer_contact_name        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emername']))),$conn);";
    $query .= "emer_contact_phone        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emerph']))),$conn);";
    $query .= "date_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateempl']))),$conn);";
    $query .= "date_termination             =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateterm']))),$conn);";
    $query .= "years_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['yearsemp']))),$conn);";
    $query .= "hours_vacation_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacal']))),$conn);";
    $query .= "hours_vacation_taken        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvactk']))),$conn);";
    $query .= "hours_vacation_left        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacleft']))),$conn);"
    $query .= "hours_sick_leave_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssical']))),$conn);";
    $query .= "hours_sick_leave_taken    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssictk']))),$conn);";
    $query .= "hours_sick_left            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssicleft']))),$conn);"
    $query .= "obs1                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs1']))),$conn);";
    $query .= "obs2                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs2']))),$conn);";
    $query .= "obs3                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs3']))),$conn);";
    $query .= "last_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['lastaccss']))),$conn);";
    $query .= "times_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['numaccss']))),$conn);";
    $query .= "pass                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['encrypt']))),$conn);";
    $query .= "  WHERE name = $fname" ');
    1. Where in the syntax I'm going wrong?
    2. by doing ..... ($row['...'] ) am I really getting the data or it should be coded in some other way?

    I'd appreciate some advice and correction on what I'm doing wrong.


    Thank You for Your time
    *The optimist see the glass of water half-full. The pessimist see the same glass half-empty. What was the engineer's conclusion when looking at the same glass of water? *

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,330
    One of PHP's peccadilloes is how it parses associative array element variables within a double-quoted string. There are several ways around it:

    "complex notation" (which can be used for any case where it might be difficult for the parser to figure out what the variable is within a string, not just array elements):
    PHP Code:
    $string "this string has {$foo['bar']} in it"
    concatenation:
    PHP Code:
    $string "this string has ".$foo['bar']." in it"
    sprintf():
    PHP Code:
    $string sprintf("this string has %s in it"$foo['bar']); 
    Strangely enough, the following is valid, but I don't like it, as it's the only time it is correct to not quote an associative array key, so I choose to never use it:
    PHP Code:
    $string "this string has $foo[bar] in it"
    Unless you're working with a team that has a specific standard for this situation, all I can say is to use the one you find clearest and most maintainable, then try to be consistent.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Jun 2008
    Location
    Omaha
    Posts
    15
    NogDog,

    Thanks for the reply.

    it was useful and things are now easier for me.

    Good examples.

    Thank You
    *The optimist see the glass of water half-full. The pessimist see the same glass half-empty. What was the engineer's conclusion when looking at the same glass of water? *

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,330
    Quote Originally Posted by oldbag View Post
    *The optimist see the glass of water half-full. The pessimist see the same glass half-empty. What was the engineer's conclusion when looking at the same glass of water? *
    I'm guessing it's the same as for a pragmatist: The glass is twice as big as it needs to be.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles