I'm getting this error from when I updated my SQL query.
The error is on this line:
$update_sql = "UPDATE table SET `column1` = IF(LENGTH('$_POST['column1']')=0, column1, '$_POST['column1']'), `column2` = '".$_POST['column2']."' WHERE name='".$_POST['movie_name']."';";
The error is:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
What's wrong with my code?
Bad string concatenation.
$update_sql = "UPDATE movies SET `nowvideo` = IF(LENGTH('" . $_POST['nowvideo'] . "')=0, nowvideo, '" . $_POST['nowvideo'] . "'), `nowvideohd` = '".$_POST['nowvideohd']."' WHERE name='".$_POST['movie_name']."';";
As a side note, your query is very insecure. You're putting data directly from the form into a query. Read up on SQL injection & sanitizing your queries.
I'd also read up on PDO if you're planning on securing your queries anyway.
You should save the POST variable into a variable, perform the checks and clean to avoid SQL injection
//Safe get the variables
$nowVideo = filter_input(INPUT_POST, 'nowVideo');
$nowVideoHd = filter_input(INPUT_POST, 'nowvideohd');
$movieName = filter_input(INPUT_POST, 'movie_name');
if (!empty($movieName)) {
//Avoid sql injection
$nowVideo = mysqli_real_escape_string($connectionLink, $nowVideo);
$nowVideoHd = mysqli_real_escape_string($connectionLink, $nowVideo);
$movieName = mysqli_real_escape_string($connectionLink, $movieName);
$update_sql = 'UPDATE movies SET nowvideo = ' . (empty($nowVideo) ? 'nowvideo' : "'$nowVideo'") . ', nowvideohd = ' . $nowVideoHd . " WHERE name = '$movieName'";
}
else {
//Show error
}
You should set a default value for nowVideoHd in case that the nowVideoHd variable is empty. You should set it like the $nowVideo var or with a default value.
all the $_POST['columnx'] should be ".$_POST['columnx']."