I need help with a Very simple code for my job and i just can not get it to work i dont know very much about php but i’m trying?!?

Ok, i would like someone to write the php code for me or fix what i have to work right.

---

Here is the Error I am Getting:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, machine)

This is my INPUT.PHP

<?php $con = mysql_connect("localhost","MyUsername","MYPASSWORD"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("MY DATABASE", $con); $sql="INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine) VALUES ('$_POST[partnum]','$_POST[partname]','$_POST[shelf]','$_POST[bin]','$_POST[instock]','$_POST[order]','$_POST[machine]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "You Have Suceccfully Added a New Part"; mysql_close($con) ?>#

HERE IS MY FORM PAGE

Form Input Data

Form Input Employees Data

Part Number: Part Name: Shelf Number: Bin Number: Cost: Stock Amount: Amount In Stock: Machine/Model:

#

basically what i want is a simple code that will input a part number, part name, Shelf number, Bin Number, Cost, Stock Amount, Amount In Stock, Machine/model that is goes to on a searchable display page

So far this is what i have:

i need a search and a way to edit each of them so i can remove the table or edit the info on a certain table and add info

Thanks

Hello infektid, please do the below changes in your code.

[php]
Replace your query
$sql=“INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine) VALUES (’$_POST[partnum]’,’$_POST[partname]’,’$_POST[shelf]’,’$_POST[bin]’,’$_POST[instock]’,’$_POST[order]’,’$_POST[machine]’)”;

//use this code instead of above code

$partnum = $_POST[‘partnum’];
$partname = $_POST[‘partname’];
$shelf = $_POST[‘shelf’];
$bin = $_POST[‘bin’];
$instock = $_POST[‘instock’];
$order = $_POST[‘order’];
$machine = $_POST[‘machine’];
//NOTE: if any of the field is define as integer than remove single quote

here i am thinking that partnum is define as integer so did not use single quotes. if there is more fields are integer than also remove single quotes form below query.

$sql=“INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine) VALUES ($partnum ,’$partname’,’$shelf’,’$bin’,’$instock’,’$order’,’$machine’)”;

[/php]

I hope this will helpful for you.
Reply your feedback
SR

Simpler way without creating more variables…
Notice the {}. This is also better because it will always be obvious where your data is coming from.

[php]

$sql=“INSERT INTO test (partnum, partname, shelf, bin, instock, order, machine)
VALUES
(’{$_POST[partnum]}’,’{$_POST[partname]}’,’{$_POST[shelf]}’,’{$_POST[bin]}’,’{$_POST[instock]}’,’{$_POST[order]}’,’{$_POST[machine]}’)”;

[/php]

use {}
always the best way to make sure only “data” and not “commands” get used.