Ok its late and I am not catching why this is broken. So here goes.. the error is as follows
syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
typically I would assume its a mising ; ' " or similar, I've checked I have found nothing missing from the surrounding code.
Now despite the possible "injection" factors which I don't care about currently someone please tell me whats wrong with this one line.
mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, $when, $email, $fakeHash, '0', mysql_real_escape_string($_POST['fileID']))") or die(mysql_error());
Besides using a quoted subscript on an embedded (interpolated) variable, you are likely missing some quotes (around values) in the query.
Try this:
mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, '".mysql_real_escape_string($when)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($fakeHash)."', '0', '".mysql_real_escape_string($_POST['fileID'])."')") or die(mysql_error());
If the $_POST['fileID'] is always expected to be an integer, then it does not need to be wrapped in a mysql_real_escape_string call and it would actually be safer (against SQL injection) and possibly more efficient to just cast it to an int:
mysql_query("INSERT INTO files_posted (ID, when, email, randomkey, count, fileID) VALUES (NULL, '".mysql_real_escape_string($when)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($fakeHash)."', '0', ".((int)$_POST['fileID']).')') or die(mysql_error());
One of your variables contains an apostrophe: $when, $email, $fakeHash
That's my guess. You should use mysql_real_escape_string() for all of those.
Make sure you enclose all text field values in (single or double) quotes (and make sure they are escaped). The quotes are required to make sure MySQL treats the text as strings and not as something else.
Alternatively, use PDO, and you don't have to worry about that.