Some advice to a guy new in the Application Environment working with MySQL

[oldbag]

Hello,

I would like some advice on how to code a PHP section where I UPDATE many rows in one single page.before I start, please bear in mind that my SQL knowledge is very limited and I'm in the learning process and this is NOT a some pet project or school stuff.
Here's the logic:
An user is selected from the DB and the data is in $row array.
Next step is to pass the $row to a page that will do the UPDATE.
It is in the UPDATE script definition I need some advice and this is what I coded so far but with error message:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\LoginARI\rewrite.php on line 51.

PHP Code:

<?php
#                                         
include("info_db.php");
session_start();
if (isset($_POST['uid']))
    { 
        $uid = $_POST['uid'];
    }
else
    {
        echo "REWRITE :   UID NOT FOUND<br/>";
        die;
    }
if    (isset($_POST['fname']))
    {
         $fname = $_POST['fname'];
    }
else
    {
        echo "REWRITE :  FNAME NOT FOUND<br/>";
        die;
    }
if    (!isset($_POST['$row']))
    {
      echo "REWRITE :  ROW NOT FOUND<br/>";
           die;                   # miserably
    }

/*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/
$uid = stripslashes($uid);
$uid = mysql_real_escape_string($uid);
$fname = stripslashes($fname);
$fname = mysql_real_escape_string($fname);
/*------------------------- PROTECT AGAINST MySQL INJECTION -----------------------------------*/

$mysql  = mysql_connect($dbhost, $dbuname, $dbpass) or die("No connect to mysql server : ".mysql_error());
mysql_select_db($database) or die("Unable to select database : ".mysql_error());
         
$conn = mysql_connect($dbhost, $dbuname, $dbpass) or die('ADMLOGON_020E-Could not connect: ' . mysql_error());
$sel  = mysql_select_db($database) or die('ADMLOGON_030E-The database is unavailable '. mysql_error());
         
          $fname         = mysql_real_escape_string(stripslashes(trim(strip_tags($fname))),$conn);  

$query  = "UPDATE ariusers SET name =   mysql_real_escape_string(stripslashes(trim(strip_tags($row['name']))),$conn);";  [B]   [COLOR="#FF0000"]#  THIS IS LINE 51 !!![/COLOR][/B]
$query .= "fullname                     =      mysql_real_escape_string(stripslashes(trim(strip_tags($row['fullname']))),$conn);";
$query .= "dob                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dob']))),$conn);";
$query .= "ssn                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['ssn']))),$conn);"; 
$query .= "address                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['addr']))),$conn);";
$query .= "city                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['city']))),$conn);";
$query .= "state                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['state']))),$conn);";
$query .= "zip                        =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['zip']))),$conn);";
$query .= "phone                    =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['phone']))),$conn);";
$query .= "cell_phone                =     mysql_real_escape_string(stripslashes(trim(strip_tags($row['cellph']))),$conn);";
$query .= "emer_contact_name        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emername']))),$conn);";
$query .= "emer_contact_phone        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['emerph']))),$conn);";
$query .= "date_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateempl']))),$conn);";
$query .= "date_termination             =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['dateterm']))),$conn);";
$query .= "years_employed            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['yearsemp']))),$conn);";
$query .= "hours_vacation_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacal']))),$conn);";
$query .= "hours_vacation_taken        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvactk']))),$conn);";
$query .= "hours_vacation_left        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hoursvacleft']))),$conn);"; 
$query .= "hours_sick_leave_accrued    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssical']))),$conn);";
$query .= "hours_sick_leave_taken    =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssictk']))),$conn);";
$query .= "hours_sick_left            =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['hourssicleft']))),$conn);"; 
$query .= "obs1                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs1']))),$conn);";
$query .= "obs2                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs2']))),$conn);";
$query .= "obs3                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['obs3']))),$conn);";
$query .= "last_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['lastaccss']))),$conn);";
$query .= "times_access                =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['numaccss']))),$conn);";
$query .= "pass                        =    mysql_real_escape_string(stripslashes(trim(strip_tags($row['encrypt']))),$conn);";
$query .= "  WHERE name = $fname" ');

1. Where in the syntax I'm going wrong?
2. by doing ..... ($row['...'] ) am I really getting the data or it should be coded in some other way?

I'd appreciate some advice and correction on what I'm doing wrong.


Thank You for Your time

[NogDog]

One of PHP's peccadilloes is how it parses associative array element variables within a double-quoted string. There are several ways around it:

"complex notation" (which can be used for any case where it might be difficult for the parser to figure out what the variable is within a string, not just array elements):

PHP Code:

$string = "this string has {$foo['bar']} in it"; 


concatenation:

PHP Code:

$string = "this string has ".$foo['bar']." in it"; 


sprintf():

PHP Code:

$string = sprintf("this string has %s in it", $foo['bar']); 


Strangely enough, the following is valid, but I don't like it, as it's the only time it is correct to not quote an associative array key, so I choose to never use it:

PHP Code:

$string = "this string has $foo[bar] in it"; 


Unless you're working with a team that has a specific standard for this situation, all I can say is to use the one you find clearest and most maintainable, then try to be consistent.

[oldbag]

NogDog,

Thanks for the reply.

it was useful and things are now easier for me.

Good examples.

Thank You

[NogDog]

*The optimist see the glass of water half-full. The pessimist see the same glass half-empty. What was the engineer's conclusion when looking at the same glass of water? *

I'm guessing it's the same as for a pragmatist: The glass is twice as big as it needs to be.