Code:

$sql = "UPDATE machines SET oil_pr='$_REQUEST['en_oil_pr']' WHERE id='$_REQUEST['machid']'";
mysql_query($sql);

Getting this error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

Because when you use an array syntax, either you need to enclose it between {}, or you need to declare it outside the string:

PHP Code:

$sql = "UPDATE machines SET oil_pr='{$_REQUEST['en_oil_pr']}' WHERE id='{$_REQUEST['machid']}'";
mysql_query($sql); 


or

PHP Code:

$sql = "UPDATE machines SET oil_pr='".$_REQUEST['en_oil_pr']."' WHERE id='".$_REQUEST['machid']."'";
mysql_query($sql); 


And on a side note, it's a very bad idea to pass $_REQUEST parameters like that directly from the page call.
I seriously hope you sanitize the values in your array before sending them to the db...

oh, sanitize the values of what?

Of $_REQUEST['en_oil_pr'] and$_REQUEST['machid']
If someone forge the page query simply adding

PHP Code:

http://www.site.com/update.php?en_oil_pr=test&machid=1';drop table machines; 


If you have not sanitized your variables, you will send a query like this:

PHP Code:

UPDATE machines SET oil_pr='test' WHERE id='1';drop table machines; 


which are 2 correct sql statements for the db, and those will result in the loss of the machines table.

It's called SQL injection, and believe me, it's very common.
I see dozens of tries on my server every days...

The rule: don't use $_REQUEST/$_POST nor $_GET directly in a query.
If machid is an id, it should be numeric, so test it before:

PHP Code:

$machid=$_REQUEST['machid'];
if(!is_numeric($machid)){
  die('wrong record id');
} 


and so on...

Thank you for the detailed response. This particular script is used by only a handful of people I work with so security is not a problem because it will be run locally. I will definitly keep this in mind for the future.