whats wrong with this MYSQL QUERY?

Question

$sql = "UPDATE site_ayarlar 
 SET site_baslik = '$_POST[site_baslik]',
  site_slogan = '$_POST[site_slogan]', 
  meta_desc = '$_POST[meta_desc]',
  meta_key = '$_POST[meta_key]',
  meta_auth = '$_POST[meta_auth]',
  meta_copy = '$_POST[meta_copy]', 
  meta_robots = '$_POST[meta_robots]' ";

and error is

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

UPDATE FIXED!

Answer 1

$_POST[key_name] must be ".$_POST['key_name']."

Answer 2

$sql = "UPDATE site_ayarlar SET site_baslik = '$_POST[site_baslik]', site_slogan = '$_POST[site_slogan]', meta_desc = '$_POST[meta_desc]', meta_key = '$_POST[meta_key]', meta_auth = '$_POST[meta_auth]', meta_copy = '$_POST[meta_copy]', meta_robots = '$_POST[meta_robots]' ";

Answer 3

if you are using array variables inside a double-quoted string you need to enclose them in {} like this {$_POST['meta']}.

But as Jensgram pointed out, this approach is extremely vulnerable to injections.

Answer 4

Try this way,

    $site_baslik = mysql_real_escape_string($_POST['site_baslik']);
    $site_slogan = mysql_real_escape_string($_POST['site_slogan']);
    $meta_desc = mysql_real_escape_string($_POST['meta_desc']);
    $meta_key = mysql_real_escape_string($_POST['meta_key']);
    $meta_auth = mysql_real_escape_string($_POST['meta_auth']);
    $meta_copy = mysql_real_escape_string($_POST['meta_copy']);
    $meta_robots = mysql_real_escape_string($_POST['meta_robots']);

    $sql = "UPDATE site_ayarlar 
        SET site_baslik = '$site_baslik' ,
          site_slogan = '$site_slogan', 
          meta_desc = '$meta_desc',
          meta_key = '$meta_key',
          meta_auth = '$meta_auth',
          meta_copy = '$meta_copy', 
          meta_robots = '$meta_robots' 

        WHERE some_condition
    ";

and if you dont put some where condition, you will update all your db with the same data set

Answer 5

Just a thought. I never use $_POST enclosed in single quotes.