1

I was trying to connect to my local database through the php code but I get this error:

Syntax error, unexpected '$result' (T_VARIABLE), expecting ',' or ')'

and I don't understand where's the problem. Here's my code:

    <?php
    $hostname = "localhost";
    $username = "root";
    $password = "";

    $databaseName = "newspage";

    $dbConnected = @mysqli_connect($hostname, $username, $password);

    $dbSelected = @mysqli_connect($databaseName, $dbConnected);

    $query = "INSERT INTO news(titolo, testo, data)VALUES('".$_POST["titolo"]."', '".$_POST["testo"]."', NOW())";
    $result = @mysqli_query($query);
    if(!$result){
    echo("Errore aggiunta news: " . mysqli_error(mysqli $result));
    exit();
    }

    else {
    mysqli_close(mysqli $dbConnected);
    echo('News caricata!<br><a href="add.php">Clicca qui</a> per aggiungere altre news.<br><a href="edit.php">Clicca qui</a> per apportare modifiche alle news.<br><a href="../index.php">Clicca qui</a> per tornare alla pagina principale.'); 
    }
?>
Improve this question
5
  • 2
    Learn to use prepared statements instead of concatenating variables, to protect against SQL injection. And don't use @ when you're still debugging. Commented Jul 12, 2018 at 22:14
  • Your second call to mysqli_connect() should be mysqli_select_db(), and the arguments are in the wrong order. Commented Jul 12, 2018 at 22:15
  • WARNING: Using the error-suppressing YOLO operator (@) obscures problems with your code and makes debugging issues like this a whole lot more complicated. That's a tool of last resort and should only be used in exceptional circumstances. You should display an error message for the user, log a problem, initiate some kind of retry, or all of these things in conjunction. Commented Jul 12, 2018 at 22:20
  • Note: The object-oriented interface to mysqli is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete mysql_query interface. Before you get too invested in the procedural style it’s worth switching over. Example: $db = new mysqli(…) and $db->prepare("…") The procedural interface is an artifact from the PHP 4 era when mysqli API was introduced and should not be used in new code. Commented Jul 12, 2018 at 22:20
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put $_POST, $_GET or any user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. Commented Jul 12, 2018 at 22:20

2 Answers 2

Reset to default
1

Your problem is in this line:

echo("Errore aggiunta news: " . mysqli_error(mysqli $result));

It should be:

echo("Errore aggiunta news: " . mysqli_error($result));
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If I edit it I get this: Warning: mysqli_error() expects parameter 1 to be mysqli, null given
That's because you are not running the query against any database.
0

You should pass dbname too in mysqli_connect

$dbConnected = @mysqli_connect($hostname, $username, $password, $databaseName);

and to execute query. 

$result = $dbConnected->query("select * from tablename");

Further your query should be:

    $query = "INSERT INTO news(titolo, testo, data) 
    VALUES('".$_POST['titolo']."', '".$_POST['testo']."', NOW())";
Improve this answer

2 Comments

Neither of these is related to the syntax error being reported.
That query is in urgent need of placeholder values.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.