I'm just a beginner, What's wrong with my code, I'm trying to experiment on this so that the webpages I'm going to create will not be vulnerable to mysql injections. What's the correct way of doing this:
<?php
$host="localhost";
$username="root";
$password="";
$db_name="testing";
$tbl="hospital";
$connection=mysql_connect($host, $username, $password) or die("cannot connect!");
mysql_select_db($db_name, $connection) or die("cannot select db!");
$LASTNAME = $_POST[lname];
$FIRSTNAME = $_POST[fname];
$FIRSTNAME=(isset($_POST['fname']||trim($_POST['fname'])=="")?die('Error:Enter Firstname!')
mysql_escape_string(trim($_POST['fname']));
$sqlque="INSERT INTO hospital (LASTNAME, FIRSTNAME)
VALUES ('$LASTNAME', '$FIRSTNAME')";
if (!mysql_query($sqlque,$con))
{
die('Error: ' . mysql_error());
}
echo "<script>alert('Record successfully added!')</script>";
mysql_close($con)
?>
Here's the error, please help, thanks:
Parse error: parse error, expecting `','' or `')'' in C:\wamp\www\sql injection check\aisaction.php on line 20