Home/ Questions/Q 6777287
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T16:07:47+00:00

Ok its late and I am not catching why this is broken. So here

  • 0

Ok its late and I am not catching why this is broken. So here goes.. the error is as follows

syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING
or T_VARIABLE or T_NUM_STRING

typically I would assume its a mising ; ‘ ” or similar, I’ve checked I have found nothing missing from the surrounding code.

Now despite the possible “injection” factors which I don’t care about currently someone please tell me whats wrong with this one line.

mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, $when, $email, $fakeHash, '0', mysql_real_escape_string($_POST['fileID']))") or die(mysql_error());
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Besides using a quoted subscript on an embedded (interpolated) variable, you are likely missing some quotes (around values) in the query.

    Try this:

    mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, '".mysql_real_escape_string($when)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($fakeHash)."', '0', '".mysql_real_escape_string($_POST['fileID'])."')") or die(mysql_error());

    If the $_POST['fileID'] is always expected to be an integer, then it does not need to be wrapped in a mysql_real_escape_string call and it would actually be safer (against SQL injection) and possibly more efficient to just cast it to an int:

    mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, '".mysql_real_escape_string($when)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($fakeHash)."', '0', ".((int)$_POST['fileID']).')') or die(mysql_error());
    • 0