Mysql syntax error!!!! Urgent help!!!

Database > MySQL database

(1/1)

ave_pie:
My code gives following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order(id,name,mobile,base,cheese,topping,filling,quantity) VALUES('','','','',''' at line 1

MY CODE is:

--- Code: ---<html>
<head>
<title> A1 RESTAURANT </title>

<script type="text/javascript">
function validate()
{
if(document.form1.name.value=="")
{
alert('Please enter name');
document.form1.name.focus();
return false ;
}
if(document.form1.mobile.value=="")
{
alert('Please enter mobile no.');
document.form1.mobile.focus();
return false;
}
var m= document.form1.mobile.value;
if(isNaN(m) || m.indexOf(" ") != -1)
{
alert('Enter numeric value');
document.form1.mobile.focus();
return false;
}
if(m.length > 10)
{
alert('More than 10 digits! Invalid number');
document.form1.mobile.focus();
return false;
}
if(m.charAt(0)!="9")
{
alert('Mobile no. starts with 9');
return false;
}
}
</script>
</head>
<body>
<form name="form1" method="post" action="one.php" onSubmit="return validate();"> <p>                                                                                                             
PLACE YOUR ORDER HERE  </p>

<table width="1091" border="1">
<tr>
<td width="532">CUSTOMER NAME : </td>
<td width="543"><input name="name" type="text" value="" size="100" maxlength="100"></td>
</tr>
<tr>
<td>CUSTOMER MOBILE NUMBER: </td>
<td><input name="mobile" type="text" size="100"></td>
</tr>
</table>

<p>PIZZAS:                                                                                                           SANDWITCHES:</p><p>Pizza Base:
<input name="base" type="radio" value="deep dish">Deep Dish
<input name="base" type="radio" value="thin & crispy">Thin & Crispy                                                     Say the Filling for your Sandwitch:
<input type="text" name="filling"></p>

<p>Cheese:
<select name="cheese">
<option value="Single Layer">Single Layer</option>
<option value="Double Dose">Double Dose</option>
<option value="Extra Cheesy">Extra Cheesy</option>
<option value="Grinded & Baked"> Grinded & baked</option>
</select>
                                                                         Quantity(1-9):                              
<input type="text" name="quantity">
</p>

<p>Topping:
<select multiple="multiple"name="topping">
<option value="Pepper">Pepper</option>
<option value="Tomatoes">Tomatoes</option>
<option value="Olives">Olives</option>
<option value="Onions">Onions</option>
</select>
</p>

<p>
<input type="submit" name="submit" value="Confirm Order and Check Out"></p>
</form>
</body>
</html>

--- End code ---

--- PHP Code: ---
<?php

$aa= mysql_connect("localhost","root","") or die("Cannot connect to the server");
$ss= mysql_select_db("final_db") or die("No database found");

$name = @$_REQUEST['name'];
$mob = @$_REQUEST['mobile'];
$base = @$_REQUEST['base'];
$cheese = @$_REQUEST['cheese'];
$topping = @implode(",",$_POST['topping']);
$filling = @$_REQUEST['filling'];
$quantity = @$_REQUEST['quantity'];

$data = "INSERT INTO order(id,name,mobile,base,cheese,topping,filling,quantity) VALUES('','$name','$mob','$base','$cheese','$topping','$filling','$quantity')";

$sql = mysql_query($data) or die(mysql_error());

echo "<html><script> alert('Your order has been placed. Please wait till we deliever'); </script> </html>";
print "<script language='javascript'> document.location='one.php'
</script>";
?>

--- End code ---

Please help what can I do with this error and codes!!!
Its urgent I need to use this file tomorrow to gain access to my basic php test.
Any help would be appreciated.

wilson382:
this query should work

--- Code: ---$data = "INSERT INTO `order` (`name`,`mobile`,`base`,`cheese`,`topping`,`filling`,`quantity`) VALUES('$name','$mob','$base','$cheese','$topping','$filling','$quantity')";

--- End code ---

however

--- Quote from: ave_pie on August 06, 2012, 12:09:39 PM ---My code gives following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order(id,name,mobile,base,cheese,topping,filling,quantity) VALUES('','','','',''' at line 1

--- End quote ---

if you look at the end of error, all you see if ('','','','',''') these are the value which are not passing thru.

please check your form and script and make sure all data are passing thru

you can test by echoing each variable to see if they got the text you entered on the form.

Vision Hive:
Ok a few concerns:
1. You will only be able to insert one row before you get another error "row already exists". If id is an autoincrement field and is the primary key (and it should be), you do not need to include it in your insert query. MySQL will automatically generate the id. Wilson382 removed the id, correctly.
2. The reason your sql wasn't working may be due to using reserved MySQL keywords or function names for fields - I am not sure about this because I haven't memorized them all. This is ok, but you should always enclose your field and table names in back-quotes, i.e. `name` instead of name. See http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
3. For the love of all things holy please tell me that you are sanitizing your SQL data. You should read this thoroughly: http://php.net/manual/en/security.database.sql-injection.php

wilson382:
he never answered back i guess we helped him and he just took the answer and left LOL

Navigation

[0] Message Index

Go to full version