在17行解析錯誤，如何解決它

Question

它顯示17行解析錯誤，我已經徹底檢查，但無法找到error.So如何解決這個error.it是insert_city_query.php

<?php 
    include('../../Connections/autodealers.php'); 
    //error_reporting(0); 
    $cityname=$_POST['cityname']; 
    $cityorder=$_POST['cityorder']; 
    $status=$_POST['status']; 
    if($status="Enabled") 
    $status=1; 
    else 
    $status=0; 

    $query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values 
    (
    '" . addslashes($cityname) . "' , 
    '" . addslashes($cityorder) . "' , 
    '" . addslashes($status) . " ' 
    WHERE LCASE='strtolower($_REQUEST['cityname'])')"; 
    echo $query; 
    $result=mysql_query($query); 

    if(!$result) 
    { 
    die ('ERROR: '.mysql_error()); 
    header("Location: " .$base_url. "admin/city_insert.php");//if query fails 
    } 
    else 
    { 
    header("Location: " .$base_url. "admin/cities.php");//if query suceeds 
    } 
    mysql_close($autodealers); 



    ?> 

Answer 1

查詢更改爲，

$query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values 
('" . addslashes($cityname) . "' , 
'" . addslashes($cityorder) . "' , 
'" . addslashes($status) . " ' 
WHERE LCASE='" . strtolower($_REQUEST['cityname']) . "')"; 

注：Please, don't use mysql_* functions in new code。他們不再維護and are officially deprecated。看到red box？請改爲了解prepared statements，並使用PDO或MySQLi - this article將幫助您決定哪個。如果您選擇PDO，here is a good tutorial。

警告：查詢是SQL Injection脆弱的，如果變量的值（小號）從外面走了進來。請看下面的文章，瞭解如何防止它。

• How to prevent SQL injection in PHP?

Answer 2

不要使用strtolower()的功能。

你應該改變這一行：

WHERE LCASE='strtolower($_REQUEST['cityname'])')"; 

到

WHERE LCASE='".strtolower($_REQUEST['cityname'])."')";