Mysql syntax error!!!! Urgent help!!!

ave_pie · August 6, 2012, 4:09pm

My code gives following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘order(id,name,mobile,base,cheese,topping,filling,quantity) VALUES(’’,’’,’’,’’,’’’ at line 1

MY CODE is:

<html>
<head>
<title> A1 RESTAURANT </title>

<script type="text/javascript"> 
function validate()
{
if(document.form1.name.value=="")
{
alert('Please enter name');
document.form1.name.focus();
return false ;
}
if(document.form1.mobile.value=="")
{
alert('Please enter mobile no.');
document.form1.mobile.focus();
return false;
}
var m= document.form1.mobile.value;
if(isNaN(m) || m.indexOf(" ") != -1)
{
alert('Enter numeric value');
document.form1.mobile.focus();
return false;
}
if(m.length > 10)
{
alert('More than 10 digits! Invalid number');
document.form1.mobile.focus();
return false;
}
if(m.charAt(0)!="9")
{
alert('Mobile no. starts with 9');
return false;
} 
}
</script>
</head>
<body>
<form name="form1" method="post" action="one.php" onSubmit="return validate();"> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
PLACE YOUR ORDER HERE&nbsp;  </p>

<table width="1091" border="1">
  <tr>
  <td width="532">CUSTOMER NAME : </td>
    <td width="543"><input name="name" type="text" value="" size="100" maxlength="100"></td>
	</tr>
  <tr>
  <td>CUSTOMER MOBILE NUMBER: </td>
    <td><input name="mobile" type="text" size="100"></td>
	</tr>
 </table>

 <p>PIZZAS:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SANDWITCHES:</p><p>Pizza Base: 
  <input name="base" type="radio" value="deep dish">Deep Dish
  <input name="base" type="radio" value="thin & crispy">Thin & Crispy&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Say the Filling for your Sandwitch:
  <input type="text" name="filling"></p>

  <p>Cheese:
  <select name="cheese">
  <option value="Single Layer">Single Layer</option>
  <option value="Double Dose">Double Dose</option>
  <option value="Extra Cheesy">Extra Cheesy</option>
  <option value="Grinded & Baked"> Grinded & baked</option>
  </select>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Quantity(1-9):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="text" name="quantity">
</p>

<p>Topping:
  <select multiple="multiple"name="topping">
  <option value="Pepper">Pepper</option>
  <option value="Tomatoes">Tomatoes</option>
  <option value="Olives">Olives</option>
  <option value="Onions">Onions</option>
  </select>
</p>

<p>
  <input type="submit" name="submit" value="Confirm Order and Check Out"></p>
  </form>
</body>
</html>

[php]

<?php $aa= mysql_connect("localhost","root","") or die("Cannot connect to the server"); $ss= mysql_select_db("final_db") or die("No database found"); $name = @$_REQUEST['name']; $mob = @$_REQUEST['mobile']; $base = @$_REQUEST['base']; $cheese = @$_REQUEST['cheese']; $topping = @implode(",",$_POST['topping']); $filling = @$_REQUEST['filling']; $quantity = @$_REQUEST['quantity']; $data = "INSERT INTO order(id,name,mobile,base,cheese,topping,filling,quantity) VALUES('','$name','$mob','$base','$cheese','$topping','$filling','$quantity')"; $sql = mysql_query($data) or die(mysql_error()); echo " "; print ""; ?>

[/php]

Please help what can I do with this error and codes!!!
Its urgent I need to use this file tomorrow to gain access to my basic php test.
Any help would be appreciated.

wilson382 · August 6, 2012, 5:40pm

this query should work

$data = "INSERT INTO `order` (`name`,`mobile`,`base`,`cheese`,`topping`,`filling`,`quantity`) VALUES('$name','$mob','$base','$cheese','$topping','$filling','$quantity')";

however

if you look at the end of error, all you see if (’’,’’,’’,’’,’’’) these are the value which are not passing thru.

please check your form and script and make sure all data are passing thru

you can test by echoing each variable to see if they got the text you entered on the form.

Vision_Hive · September 6, 2012, 11:09am

Ok a few concerns:

You will only be able to insert one row before you get another error “row already exists”. If id is an autoincrement field and is the primary key (and it should be), you do not need to include it in your insert query. MySQL will automatically generate the id. Wilson382 removed the id, correctly.
The reason your sql wasn’t working may be due to using reserved MySQL keywords or function names for fields - I am not sure about this because I haven’t memorized them all. This is ok, but you should always enclose your field and table names in back-quotes, i.e. name instead of name. See http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
For the love of all things holy please tell me that you are sanitizing your SQL data. You should read this thoroughly: http://php.net/manual/en/security.database.sql-injection.php

wilson382 · September 7, 2012, 6:26am

he never answered back i guess we helped him and he just took the answer and left LOL