Jump to content

Inserting into MySQL Newbie

skoobi

By skoobi
in PHP Coding Help

 Share

Recommended Posts

skoobi Member

skoobi

Posted
Posted

Hi ive got a slight problem where ive made a simple web form where the customer inserts the ammount of tickets and then enters their personal details... then this form does the post method and it then comes up with the confirmation page with all the calculations and how much it is going to cost including postage... All that works fine... When i press the send button to send it to the database and give a message 'order recieved' i get this error...

 

'Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (qty_child,qty_adult,adult_cost,child_cost, postage,c_name, h_name, town, ' at line 1'

 

Right heres the code for the First page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Buy your tickets</title>
</head>

<body>
<form action="includes/confirm.php" method="post"> 
Adult Ticket: 
<br />
Quantity:<input type="text" size="5" name="qty_adult" id="Adult Ticket" /> <br /><br />

<div>
Child Ticket: 
<br />
Quantity:<input type="text" size="5" name="qty_child" id="Child Ticket" /> <br /><br />
</div>

<div>
Customer Details: 
<br />
Name:<br /><input type="text" size="50" name="c_name" id="Customer Name" /> <br /><br />
House Name / Number:<br /><input type="text" size="50" name="h_name" id="House Name" /> <br /><br />
Town:<br /><input type="text" size="50" name="town" id="Town Name" /> <br /><br />
County:<br /><input type="text" size="50" name="county" id="County" /> <br /><br />
Post Code:<br /><input type="text" size="50" name="p_code" id="Post Code" /> <br /><br />
Email Address:<br /><input type="text" size="50" name="email" id="Email" /> <br /><br />
Phone Number:<br /><input type="text" size="50" name="p_num" id="Phone Number" /> <br /><br />
</div>

<input type="submit" />
</form>
</body>
</html>

 

Heres my confirmation page:

<title>Order Confirmation</title>
<form action="send.php" method="post"> 
<?php
include("helper.php");

/* DISPLAY THE OUTPUT
   ======= === ======*/

# Display Adult Order
if ($qty_adult > 0 )
{
echo "You ordered ". $qty_adult . " adult tickets.<br />";
echo "The cost of the tickets is £" .number_format ($calcItem,2) . "<br />";
echo "and the postage is £" .number_format ($calcPost,2) . "<br /><br />";

if ($qty_child == 0) 
{
	echo "Which gives you a total of £" .number_format ($calcTotal,2) . "<br /><br /> ";
}
}


# Display Child Order
if ($qty_child > 0 )
{
echo "You ordered ". $qty_child . " child tickets.<br />";
echo "The cost of the tickets is £".number_format ($calcChild,2) . "<br />";
echo "and the postage is £".number_format ($calcChildPost,2) ."<br /><br/>";

echo "Which gives you a total of £" .number_format ($calcAll,2) . "<br /> ";
}

# If nothing is ordered

if ($qty_child && $qty_adult = 0)
{
echo "Please choose the ammount of tickets you require before carrying on";
}

echo "<br/>";
echo "Name : " .$c_name ;
echo "<br/>";
echo "House name / Number: " .$h_name ;
echo "<br/>";
echo "Town: " .$town ;
echo "<br/>";
echo "County: " .$county ;
echo "<br/>";
echo "Post Code: " .$p_code ;
echo "<br/>";
echo "Email: " .$email ;
echo "<br/>";
echo "Phone Number: " .$p_num ;
echo "<br/>";
echo "<br/>";
?>
<input type="submit" />

</form>

 

Heres my helper file with all the calculations and what not:

<?php
# Calculation VARS
$qty_adult = $_POST['qty_adult'];
$qty_child = $_POST['qty_child'];
$a_ticket = $_POST['a_ticket'];
$c_ticket = $_POST['c_ticket'];
$a_price = 25;
$c_price = 0;
$p_price = 1.50;
$calcItem = totalItem($qty_adult, $a_price);
$calcPost = totalPost($qty_adult, $p_price);
$calcTotal = total($calcItem, $calcPost);
$calcChildPost = totalChildPost ($qty_child, $p_price);
$calcAll = totalAll ($calcItem,$calcChildPost,$calcPost);
$calcChild = totalChild ($qty_child, $c_price);

# Customer Detail Input VARS
$c_name = $_POST['c_name'];
$h_name = $_POST['h_name'];
$town = $_POST['town'];
$county = $_POST['county'];
$p_code = $_POST['p_code'];
$email = $_POST['email'];
$p_num = $_POST['p_num'];


/* FUNCTIONS
   =========*/

# Calculates the Item total for the adults
function totalItem($price, $qty)
{
    $totalItem = ($price * $qty);
    return $totalItem; 
}

# Calculates the Postage total for the adults
function totalPost($postage, $qty)
{
    $totalPost = ($postage * $qty);
    return $totalPost; 
}

# Calculates the Order Total for the adults
function total($item, $post)
{
    $total = ($item + $post);
    return $total; 
}

# Calculates the Order Total for childrens
function totalChildPost($childQty, $childPost)
{
    $totalChildPost = ($childQty * $childPost);
    return $totalChildPost; 
}

# Calculates the Order Total for childrens
function totalChild($childQty, $childCost)
{
    $totalChild = ($childQty * $childCost);
    return $totalChild; 
}

# Calculates the Order Total
function totalAll($adult, $child, $postA)
{
    $totalAll = ($adult + $child + $postA );
    return $totalAll; 
}
?>

 

And lastly and the most problematic is the sql :

<?php
include("helper.php");
$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


mysql_select_db("tickets", $con);

# Order
$sql=
"INSERT INTO order (qty_child,qty_adult,adult_cost,child_cost, postage,c_name, h_name, town, county, p_code, email, p_num) 
VALUES 
('$_POST[qty_child]','$_POST[qty_adult]','$_POST[calcItem]','$_POST[calcChild]','$_POST[calcAll]','$_POST[c_name]', '$_POST[h_name]', '$_POST[town]', '$_POST[county]', '$_POST[p_code]', '$_POST[email]', '$_POST[p_num])";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Order Recieved";

mysql_close($con)
?>

 

 

 

Any help would be greatfull... Or if someone could point me in the right direction that would be great....

 

Thanks in advance

Chris

Link to comment
Share on other sites
skoobi Member

skoobi

Posted
  • Author
Posted

Well spotted... i think thats from me pottering around so much with different variations... Unfortunetly i still get an error whith that file...

 

'Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (qty_child,qty_adult,adult_cost,child_cost, postage,c_name, h_name, town, ' at line 1'

 

Im stumped... I know im no php gurru but i cant see what ive done wrong and unfortunetly its probably going to be the most simple thing....

 

Thanks anyway...

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

you need to learn, mysql_real_escape_string()  added,

 

 

 

try this please...

<?php
//database connection.

mysql_select_db("tickets", $con);

# Order
$sql="INSERT INTO order
(qty_child,qty_adult,adult_cost,child_cost, postage,c_name,
h_name, town, county, p_code, email, p_num)VALUES(
".mysql_real_escape_string($_POST['qty_child']).",
".mysql_real_escape_string($_POST['qty_adult']).",
".mysql_real_escape_string($_POST['calcItem']).",
".mysql_real_escape_string($_POST['calcChild']).",
".mysql_real_escape_string($_POST['calcAll']).",
".mysql_real_escape_string($_POST['c_name']).",
  ".mysql_real_escape_string($_POST['h_name']).",
  ".mysql_real_escape_string($_POST['town']).",
   ".mysql_real_escape_string($_POST['county']).",
   ".mysql_real_escape_string($_POST['p_code']).",
   ".mysql_real_escape_string($_POST['email']).",
  ".mysql_real_escape_string($_POST['p_num'])." ";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Order Recieved";

mysql_close($con);

?>

Link to comment
Share on other sites
skoobi Member

skoobi

Posted
  • Author
Posted

Nope still the same error... But thank you for pointing the mysql_real_escape_string out im going to look that up to find out a bit more about it...

 

I have just thaught tho...

In the database there is the order_id... do i need to do anythign with that

Link to comment
Share on other sites
skoobi Member

skoobi

Posted
  • Author
Posted

Ye everythings right!!!  :confused:....

The error is

'Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (qty_adult,qty_child,adult_cost,child_cost,postage,c_name,h_name,town,coun' at line 1'

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The leading part of the query that is printed in the error message is the point where mysql could not figure out what you mean. In this case 'order' is a reserved keyword and was encountered in your query where it could not normally exist -

http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html

 

You should rename your table to something else.

Link to comment
Share on other sites
skoobi Member

skoobi

Posted
  • Author
Posted

Exellent im getting a little bit further now... that worked  but im getting a new error now...

 

'Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , , , ,' at line 2'

 

And the code is:

<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


mysql_select_db("tickets", $con);


# Order
$sql="INSERT INTO cust_order (qty_adult,qty_child,adult_cost,child_cost,postage,c_name,h_name,town,county,p_code,email,p_num)VALUES(
".mysql_real_escape_string($_POST['qty_adult']).",
".mysql_real_escape_string($_POST['qty_child']).",
".mysql_real_escape_string($_POST['calcItem']).",
".mysql_real_escape_string($_POST['calcChild']).",
".mysql_real_escape_string($_POST['calcAll']).",
".mysql_real_escape_string($_POST['c_name']).",
".mysql_real_escape_string($_POST['h_name']).",
".mysql_real_escape_string($_POST['town']).",
".mysql_real_escape_string($_POST['county']).",
".mysql_real_escape_string($_POST['p_code']).",
".mysql_real_escape_string($_POST['email']).",
".mysql_real_escape_string($_POST['p_num']).")";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Order Recieved";

mysql_close($con);

?>

 

Thank you for everybodys help so far...

Link to comment
Share on other sites
skoobi Member

skoobi

Posted
  • Author
Posted

Right ive got a little bit further now.....

 

Im only getting this error now...

 

'Parse error: syntax error, unexpected ';' in /home/skoobi/public_html/projects/cart/includes/send.php on line 27'

 

$sql="INSERT INTO cust_order (order_id,qty_adult,qty_child,adult_cost,child_cost,postage,c_name,h_name,town,county,p_code,email,p_num)
VALUES
(
".mysql_real_escape_string($_POST['qty_adult'].",
".mysql_real_escape_string($_POST['qty_child'].",
".mysql_real_escape_string($_POST['calcItem']).",
".mysql_real_escape_string($_POST['calcChild']).",
".mysql_real_escape_string($_POST['calcAll']).",
".mysql_real_escape_string($_POST['c_name']).",
".mysql_real_escape_string($_POST['h_name']).",
".mysql_real_escape_string($_POST['town']).",
".mysql_real_escape_string($_POST['county']).",
".mysql_real_escape_string($_POST['p_code']).",
".mysql_real_escape_string($_POST['email']).",
".mysql_real_escape_string($_POST['p_num']).")";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Order Recieved";

mysql_close($con);

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Once you fix that php syntax error, you will be back at the code in reply #10, which is missing the single-quotes that go around string data values in a query. I recommend NOT using string concatenation (the dot .) as it results in a huge number of syntax errors because it is difficult to see exactly what syntax you have for the query string and what syntax you have as part of the php statements.

 

If you use sprintf, it will make it easy to see the syntax of your query and the syntax of your php statements -

 

$sql = "INSERT INTO cust_order (qty_adult,qty_child,adult_cost,child_cost,postage,c_name,h_name,town,county,p_code,email,p_num) 
VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')";

$query = sprintf($sql,
mysql_real_escape_string($_POST['qty_adult']),
mysql_real_escape_string($_POST['qty_child']),
mysql_real_escape_string($_POST['calcItem']),
mysql_real_escape_string($_POST['calcChild']),
mysql_real_escape_string($_POST['calcAll']),
mysql_real_escape_string($_POST['c_name']),
mysql_real_escape_string($_POST['h_name']),
mysql_real_escape_string($_POST['town']),
mysql_real_escape_string($_POST['county']),
mysql_real_escape_string($_POST['p_code']),
mysql_real_escape_string($_POST['email']),
mysql_real_escape_string($_POST['p_num']));

 

If you use the above, don't forget to use the final $query variable in your mysql_query() instead of what you have now.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.