asked on

php error I cannot find

I have this line of php code

$qryn = "INSERT into projects (ruid, pid, project_name, date) VALUES ($_SESSION['ruid'] . ", " . $npid . ", '" . $pname . "', '" . date('Y-m-d') . ")'";

Open in new window

The attached file says there are syntax errors. From php code checker.

What is wrong?
php_checker.JPG

ASKER CERTIFIED SOLUTION

hielo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

gr8gonzo

Change:
($_SESSION['ruid']

to:
(" . $_SESSION['ruid']

gr8gonzo

Looks like hielo beat me to it. And he's correct - prepared statements are a little more code-y but they're much safer.

Richard Korts

ASKER

gr8gonzo,

What is the difference between what you say & what is already there?

VALUES (" . $_SESSION['ruid'] .

gr8gonzo

If by "what is already there" you're referring to hielo's suggestion - we suggested the same thing a few seconds apart - I was just typing up my response while he was finishing his.

If you're referring to what you already had in your original question, the issue was simply that you had not closed out of your quoted string. This is what you had:

$qryn = "INSERT into projects (ruid, pid, project_name, date) VALUES ($_SESSION['ruid'] . ", " . $npid . ",...etc...

Open in new window

So in that code, PHP thinks that your quoted string goes all the way to the second " that it finds, so it thinks the quoted string is:

"INSERT into projects (ruid, pid, project_name, date) VALUES ($_SESSION['ruid'] . "

Open in new window

And then after that ", you had a comma, which isn't valid PHP syntax at that location, so that's why you were getting the error. By putting the extra quote and period before your $_SESSION, you finished the quoted string at its proper place, so the initial quoted string became:

"INSERT into projects (ruid, pid, project_name, date) VALUES ("

Open in new window

...and then the rest of the code worked fine.