current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote -1 down vote favorite

Im trying to run a query(UPDATE) inside a while loop like this:

<?php
session_start();
include("../DB/thedb.php");

$user = $_POST['u'];
$ruta = $_POST['r'];
$select_all_p_from_user = @mysql_query("SELECT * FROM publicaciones WHERE from_user_p = '$user' AND user = '$user'");

while($rows_all_user = @mysql_fetch_array($select_all_p_from_user)){
$update_from_user = $rows_all_user['from_user_p'];
$update_user = $rows_all_user['user'];
$update_foto = $ruta;
$update_nombre = $rows_all_user['nombre'];
$update_comentario = $rows_all_user['comentario'];
$update_time = $rows_all_user['time'];
$update_date = $rows_all_user['date'];
$update_p_photo = $rows_all_user['p_photo'];
$update_to_delete = $rows_all_user['to_delete'];

//Process to update selected ROW
// This is the line 55
 $update_current_row = @mysql_query("UPDATE publicaciones SET from_user_p = '$update_from_user', user = '$update_user', foto = '$ruta', nombre = '$update_nombre', comentario = '$update_comentario', time = '$update_time', date = '$update_date', p_photo = 
'$update_p_photo', to_delete = '$update_to_delete' WHERE from_user_p = '$user' AND user = '$user'") or die mysql_error(); // End of the line

}
?>

I'm getting the following error: Parse error: syntax error, unexpected T_STRING on line 55

share|improve this question

closed as off-topic by Tomasz Kowalczyk, Michael Berkowski, david strachan, andrewsi, Sai Kalyan Kumar Akshinthala Feb 27 '14 at 6:33

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • "This question was caused by a problem that can no longer be reproduced or a simple typographical error. While similar questions may be on-topic here, this one was resolved in a manner unlikely to help future readers. This can often be avoided by identifying and closely inspecting the shortest program necessary to reproduce the problem before posting." – Michael Berkowski, david strachan, andrewsi, Sai Kalyan Kumar Akshinthala
If this question can be reworded to fit the rules in the help center, please edit the question.
1  
Don't use @ to suppress error messages. That's generally a bad programming practice. – John Conde Feb 26 '14 at 20:42
1  
Change die mysql_error(); to die(mysql_error()); – John Conde Feb 26 '14 at 20:43
1  
And line 55 is?? – Hackerman Feb 26 '14 at 20:44
    
@RobertRozas: One would assume that it's the one that he commented as // This is line 55 – The Blue Dog Feb 26 '14 at 20:44
    
Excellent...try the answer of @Krish – Hackerman Feb 26 '14 at 20:45
up vote 1 down vote accepted

Try this,

 or die (mysql_error());

instead of 

or die mysql_error();

Also, in update query, for the time and date columns need to be wrapped with backticks since those are all reserved words.

`time` = '$update_time', `date` = '$update_date'
share|improve this answer
    
Copied thanks you. – Pepe Perez Feb 26 '14 at 20:47
up vote 0 down vote

The error you're encountering is a parse error. It does not have anything to do with MySQL. The error is that you have not placed the argument for or die inside parenthesis.

A couple of BIG warnings:

  1. You've not escaped the data you send to MySQL. If any of the fields you're fetching from the publicaciones table contains ' you'll get errors.
  2. If a user logs in with $_POST['u'] = "' OR ''='" the select statement will result in every record.

Please look into http://no2.php.net/mysql_real_escape_string to fix your big security issues.

Illustrative comic:

SQL injection

share|improve this answer
    
Copied thanks :) – Pepe Perez Feb 26 '14 at 21:11
    
So, if i am sending a value from an input, i should use mysql_real_escape_string(); am i right? – Pepe Perez Feb 26 '14 at 21:16
    
Simple rule: Instead of "..... = '$variable' ...." you should ALWAYS use "..... = '".MySQL_real_escape_string($variable)."' ....". In addition, you should call MySQL_set_charset($charset) in the beginning of your script. $charset is "iso-8859-1" or "utf-8" often. utf-8 is the most versatile. – frodeborli Feb 26 '14 at 21:48

Not the answer you're looking for? Browse other questions tagged or ask your own question.