Quoted syntax -- why the error?

jalperin

Why does this statement

$query="SELECT * FROM source WHERE email=$_POST['source_email'] AND campaign=$_SESSION['campaign']";

generate an error? [Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING ]

I know that I can fix it by rewriting it like this:

$query="SELECT * FROM source WHERE email='".$_POST['source_email']."' AND campaign='".$_SESSION['campaign']."'";

but I don't understand why the original statement isn't "legal."

Thanks.

--Jeff

jerdo

Try this $query="SELECT * FROM source WHERE email='$POST[source_email]' AND campaign='$SESSION[campaign]'";
You must have quotes around variables/text in your query for mysql.

jalperin

You're right; I messed up my example. Here's what I meant to show:

$query="SELECT * FROM source WHERE email='$_POST['source_email']'";

Leaving the index (source_email) unquoted works on a Linux box, but bombs on a Windows version of PHP, and I read somewhere that there's some other problem with it; apparantly, the better form is quote the index name. But whether I use single or double quotes around the index name, I get the error. I'm trying to understand
why the error is occuring; it must have something to do with how PHP evaluates the expression. If you or anyone can shed some light on this, I'd appreciate it.

--Jeff

netizen

When this statement is read into your sql:

$query="SELECT * FROM source WHERE email='$_POST['source_email']'";

it parses '$_POST[' as a variable and ']' as another, then having an undecypherable source_email in the middle. A parse error because the variable could not be translated before querying the sql.

jalperin

why do I also get the same error for this:

$query="SELECT * FROM source WHERE email='$_POST["source_email"]";