Help write a Very Simple Code that keeps giving me errors

PHP Programming > Code Snippets

(1/1)

infektid:
I need help with a Very simple code for my job and i just can not get it to work i dont know very much about php but i'm trying?!?

Ok, i would like someone to write the php code for me or fix what i have to work right.

______________________________________________________________________________________
Here is the Error I am Getting:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, machine)

This is my INPUT.PHP

#
<?php
$con = mysql_connect("localhost","MyUsername","MYPASSWORD");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("MY DATABASE", $con);

$sql="INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine)
VALUES
('$_POST[partnum]','$_POST[partname]','$_POST[shelf]','$_POST[bin]','$_POST[instock]','$_POST[order]','$_POST[machine]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "You Have Suceccfully Added a New Part";

mysql_close($con)
?>#

HERE IS MY FORM PAGE

#
<head>
<title>Form Input Data</title>
</head>

<body>
<table border="1">
<tr>
<td align="center">Form Input Employees Data</td>
</tr>
<tr>
<td>
<table>
<form method="post" action="input.php">
<tr>
<td>Part Number:</td>
<td><input type="text" name="partnum" size="20">
</td>
</tr>
<tr>
<td>Part Name:</td>
<td><input type="text" name="partname" size="40">
</td>
</tr>
<tr>
<td>Shelf Number:</td>
<td><input type="text" name="shelf" size="20">
</td>
</tr>
<tr>
<td>Bin Number:</td>
<td><input type="text" name="bin" size="20">
</td>
</tr>
<tr>
<td>Cost:</td>
<td><input type="text" name="instock" size="20">
</td>
</tr>
<tr>
<td>Stock Amount:</td>
<td><input type="text" name="stockamount" size="20">
</td>
</tr>
<tr>
<td>Amount In Stock:</td>
<td><input type="text" name="order" size="20">
</td>
</tr>
<tr>
<td>Machine/Model:</td>
<td><input type="text" name="machine" size="40">
</td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit"
name="submit" value="Sent"></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
</body>
</html>#

basically what i want is a simple code that will input a part number, part name, Shelf number, Bin Number, Cost, Stock Amount, Amount In Stock, Machine/model that is goes to on a searchable display page

So far this is what i have:

http://imageshack.us/photo/my-images/525/40797206.jpg/

i need a search and a way to edit each of them so i can remove the table or edit the info on a certain table and add info

Thanks

Sarthak Patel:

--- Quote ---Hello infektid,
please do the below changes in your code.

--- PHP Code: ---
Replace your query
$sql="INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine) VALUES ('$_POST[partnum]','$_POST[partname]','$_POST[shelf]','$_POST[bin]','$_POST[instock]','$_POST[order]','$_POST[machine]')";

//use this code instead of above code

$partnum = $_POST['partnum'];
$partname = $_POST['partname'];
$shelf = $_POST['shelf'];
$bin = $_POST['bin'];
$instock = $_POST['instock'];
$order = $_POST['order'];
$machine = $_POST['machine'];
//NOTE: if any of the field is define as integer than remove single quote
# here i am thinking that partnum is define as integer so did not use single quotes. if there is more fields are integer than also remove single quotes form below query.
$sql="INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine) VALUES ($partnum ,'$partname','$shelf','$bin','$instock','$order','$machine')";

--- End code ---

I hope this will helpful for you.
Reply your feedback
~~SR~~

--- End quote ---

benanamen:
Simpler way without creating more variables...
Notice the {}. This is also better because it will always be obvious where your data is coming from.

--- PHP Code: ---

$sql="INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine)
VALUES
('{$_POST[partnum]}','{$_POST[partname]}','{$_POST[shelf]}','{$_POST[bin]}','{$_POST[instock]}','{$_POST[order]}','{$_POST[machine]}')";

--- End code ---

Gears:
use {}
always the best way to make sure only "data" and not "commands" get used.

Navigation

[0] Message Index

Go to full version