unexpected T_VARIABLE in /home2/swhisa/public_html/suggestion/sugadddb.php on line 8

I have the same problem. Please help is needed.

try to make your "mysql_query ('INSERT INTO `swhisa_swhisadb`.`tblsug` SET
2ale = '$HTTP_GET_VARS['txtsuggest']' ');" a one line..i hope it will help..

Hi. Welcome to Bytes!.

The problem there is that you are opening and closing the string in random places while you try to build it...
You can't use a single-quote mark inside a single-quote mark enclosed string, obviously.

For example, this is a simplifyed version of what you are doing:

You can see why that would be a problem right?
The single-quote mark meant to be inside the string is in fact closing the string, at which point the $yourname variable is out of place, causing the parse error.

Instead, try to either enclose the string in double-quote marks or escape the additional single-quotes.
Like:

Note, that because the second example there is enclosed in single-quote marks, I can not use variable names directly in the string. I had to end the string and add it using a dot.

Also note that when adding array elements directly into a string, it is advisable to use curly-braces.
Like:

And please remember to post your code inside [code] tags.

I've also removed the email in your post, as posting emails is not allowed in the technical forums.

Please take a look at our Posting Guidelines for more detail on that.

Moderator

Quote: Originally Posted by darksteel21 try to make your "mysql_query ('INSERT INTO `swhisa_swhisadb`.`tblsug` SET 2ale = '$HTTP_GET_VARS['txtsuggest']' ');" a one line..i hope it will help..

Thank you darksteel21 and Atli, too. You are great help. I tried your suggestions. Yes I put it all in double quotes and into a single line. There is still a problem though it does not show an error message. The new problem is that it goes smoothly but when I checked the database from PhpMyAdmin, there is no data entered. In the table named tblsug, the column name is 2ale, which is identical to the code.

Please help.

The improved codes as per your suggestion is as follows:

You don't want to put the function call into double-quotes, only the query strings itself.

Like:


P.S.
You should never put unvalidated user input into a query string like you do there.
What if I were to type the following as the GET parameter?:

Now there I've just added three additional rows into your database that your code didn't account for...
And that example is a very innocent one... I could do some serious damage there if I really wanted to.

Before you use any user input anywhere in your site, make sure that it is in fact valid.
These function may help get you started:
mysql_real_escape_string, htmlentities, addslashes.

And again...
Please remember to post your code inside [code] tags!

Thank you.