On Sat, 15 Nov 2003 22:38:07 +0100, you wrote:
>Get a parse error on line 42, but i can't see what is causing the trouble. (Parse
>error: parse error in /home/.sites/95/site92/web/admin/editreis.php on line 42)
>
>if(is_array($_POST['accomodatieid'])) {
>foreach($_POST['accomodatieid'] as $Key => $Value) {
>$query = 'INSERT INTO ttra(reisid, accomodatieid) VALUES ('. $id2 .', '. $Value .')';
>$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
>};
>} else {
>$query = 'INSERT INTO ttra(reisid, accomodatieid) VALUES ('$id2',
>'.$_POST['accomodatieid'].')'; <- THIS IS LINE 42
>$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
>}
if (is_array ($_POST['accomodatieid']))
{
foreach ($_POST['accomodatieid'] as $Key => $Value)
{
$query = "INSERT INTO ttra (reisid, accomodatieid) VALUES ($id2,
$Value)";
$result = mysql_query ($query) or die ("Error in query: $query. " .
mysql_error ());
}
} else {
$query = "INSERT INTO ttra(reisid, accomodatieid) VALUES ($id2,
{$_POST['accomodatieid']})";
$result = mysql_query ($query) or die ("Error in query: $query. " .
mysql_error ());
}
The problem was the lack of concatenation operators around $id2. If you
can't see a parse error, a syntax-highlighting editor or breaking the code
into several lines can help.
I can't be bothered to figure out a test case, but you apparently have a SQL
injection risk with your code. You're assuming that the data from the client
is correct.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
