0

I am getting the following error message:

Parse error: syntax error, unexpected ''.$E_phone_No."'' (T_CONSTANT_ENCAPSED_STRING) in E:\Xamp\htdocs\CreateEmployee.php on line 28

What is the error, I am facing a problem and I can't find the error.

<?php
                   $conn=oci_connect("system","123","localhost/orcl");
    ob_start();
    $current_file=$_SERVER['SCRIPT_NAME'];
    $massage= "";
    if(isset($_POST['E_First_Name'])&&
    isset($_POST['E_Last_Name'])&&isset($_POST['E_Gender'])&&
    isset($_POST['E_address'])&&isset($_POST['E_phone_No'])&&
    isset($_POST['E_category'])&&isset($_POST['EMP_salary'])&&
    isset($_POST['work_hour'])&&isset($_POST['Date_Of_Join'])                      )
    {

        $E_First_Name= $_POST['E_First_Name'];
        $E_Last_Name = $_POST['E_Last_Name'];
        $E_Gender = $_POST['E_Gender'];
        $E_address = $_POST['E_address'];
        $E_phone_No = $_POST['E_phone_No'];
        $E_category = $_POST['E_category'];
        $EMP_salary = $_POST['EMP_salary'];
                                       $work_hour =$_POST['work_hour'];
                                       $Date_Of_Join=$_POST['Date_Of_Join'];

        if(!empty($E_First_Name)&&!empty($E_Last_Name)&&
        !empty($E_Gender)&&!empty($E_address)&&!empty($E_phone_No)&&
        !empty($E_category)&&!empty($EMP_salary)&&!empty( $work_hour)&&!empty($Date_Of_Join))
        {

                 $sql = "insert into Employee (E_First_Name,E_Last_Name,user_name,password,E_Gender,E_address,E_phone_No,E_category,EMP_salary,work_hour,Date_Of_Join) values('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."',"'.$E_phone_No."','".$E_category .'",'".$EMP_salary.'",'".  $work_hour.'","'.$Date_Of_Join.'")";

                $stid = oci_parse($conn,$sql);
                $r = @oci_execute($stid);
                if($r)
                {
                    echo ' data is inserted...<br>';
                }
                else
                {
                    echo 'data was not inserted...<br>';
                }

        }
        else
        {
            $massage = "please fill up all the form correctly<br>";
        }
    }

?>
<html>
<head>
<title>Create FoodItem Table</title>
<style>
body
{
background:orange;
}
</style>
<head>
<body>
fill all the forms for inserting data:<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">

    E_First_Name:<br> <input type="text" name ="E_First_Name" ><br><br>
    E_Last_Name:<br> <input type="text" name="E_Last_Name" ><br><br>
    E_Gender:<br> <input type="text" name="E_Gender" ><br><br>
    E_address:<br> <input type="text" name ="E_address"><br><br>
    E_phone_No:<br> <input type= "text" name="E_phone_No" ><br><br>
    E_category:<br><input type="text" name="E_category"><br><br>
    EMP_salary:<br><input type="text" name="EMP_salary" ><br><br>
    work_hour:<br><input type="text"name="work_hour"><br><br>
                  Date_Of_Join:<br><input type="text"name="Date_Of_Join"><br><br>
    <input type ="submit" value="Create employee "><br><br>
    <a href="EmployeeTableshow.php">Show Employee Table</a>

</form>
</body>

Improve this question
3
  • 2
    If you look at your code highlighting in your question, you should be able to see the transposed "' and '". Note that simple variables like $var automatically expand in double quoted strings, so interpolating string concatenation is not necessary. Commented Mar 22, 2014 at 15:00
  • $E_address."',"'.$E_phone_No."' Commented Mar 22, 2014 at 15:01
  • 1
    Your code is vulnerable to SQL injections. You should read on how to prevent them in PHP. Commented Mar 22, 2014 at 15:04

3 Answers 3

Reset to default
1

The error is caused by the quotes mismatches for the four following variables in your VALUES:

$E_phone_No $E_category $work_hour $Date_Of_Join

"'.$E_phone_No."','".$E_category .'"

To be changed to:

'".$E_phone_No."','".$E_category ."'

as well as:

'".  $work_hour.'","'.$Date_Of_Join.'"

To be changed to:

'".  $work_hour."','".$Date_Of_Join."'

VALUES rewrite:

('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','".$work_hour."','".$Date_Of_Join."')

You may also want to add spacing between "text" and "name=... (for clarity):

<input type="text"name="Date_Of_Join">

to:

<input type="text" name="Date_Of_Join">

It has already been addressed in a comment, that your code is vulnerable to SQL injections.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The syntax highlighter shows your error. You have a quotes issue:

$EMP_salary.'",'".  $work_hour.'","'.$Date_Of_Join.'")";
             ^^^^^^
               HERE

Change it to:

$EMP_salary.'","'.  $work_hour.'","'.$Date_Of_Join.'")";
Improve this answer

Comments

0

There is a wrong concatenation of your query and your variables the correct way to insert string in the query is

'".$variable."'

Somewhere you place the closing single quote before the double while you should do the opposite. So change this part

NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','".  $work_hour."','".$Date_Of_Join."')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.