help with php mysql connect script

Report · Dec 05, 2008

Ok guys im new to php mysql and i'm trying to insert some form information in my database. Im using a script from sitepoint in which i went through the tutorial did some experiments of my own and it worked....

but now i'm getting this error which i cant figure out....

Error placing order: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order SET product ='1', size='medium', color='', quantity = '1' at line 1

here is the page
http://vaughntucker.com/imagecon/hats.php

and this is the script
<?php
//default page display
//connect to database
$dbcnx = @MySQL_connect('p3nl41mysql7.secureserver.net', 'imagecon', 'Dub*boss_1');
if (!$dbcnx) {
echo ' Unable to connect to the '. 'database server at this time.';
exit();

}

//select database
if (!@mysql_select_db('imagecon')) {
exit('Unable to locate the ' .
'database at this time.');
}

//Mysql query add joke
if (isset($_POST['submit'])) {
$product = 1;
$size = $_POST['size'];
$color = $_POST['color'];
$quan = $_POST['quantity'];
$sql = "INSERT INTO order SET
product ='$product',
size='$size',
color='$color',
quantity = '$quan',
date = CURDATE()";
}else{
echo 'No data submited';

}
if (@mysql_query($sql)) {
echo 'Your order has been submited.';
} else {
echo 'Error placing order: ' .
mysql_error() . '';
}

?>

thanks in advance

Report · Dec 05, 2008

$sql = "INSERT INTO order SET
product ='" . $product . "',
size='" . $size . "',
color='" . $color . "',
quantity = '" . $quan . "',

I believe there are other more elegant ways to do this, as well.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"beatzMalone" <webforumsuser@macromedia.com> wrote in message
news:ghbiup$5s3$1@forums.macromedia.com...
> Ok guys im new to php mysql and i'm trying to insert some form information
> in
> my database. Im using a script from sitepoint in which i went through the
> tutorial did some experiments of my own and it worked....
>
> but now i'm getting this error which i cant figure out....
>
> Error placing order: You have an error in your SQL syntax; check the
> manual
> that corresponds to your MySQL server version for the right syntax to use
> near
> 'order SET product ='1', size='medium', color='', quantity = '1' at line 1
>
> here is the page
> http://vaughntucker.com/imagecon/hats.php
>
> and this is the script
> <?php
> //default page display
> //connect to database
> $dbcnx = @mysql_connect('p3nl41mysql7.secureserver.net', 'imagecon',
> 'Dub*boss_1');
> if (!$dbcnx) {
> echo ' Unable to connect to the '. 'database server at this
> time.';
> exit();
>
> }
>
> //select database
> if (!@mysql_select_db('imagecon')) {
> exit('Unable to locate the ' .
> 'database at this time.');
> }
>
> //Mysql query add joke
> if (isset($_POST['submit'])) {
> $product = 1;
> $size = $_POST['size'];
> $color = $_POST['color'];
> $quan = $_POST['quantity'];
> $sql = "INSERT INTO order SET
> product ='$product',
> size='$size',
> color='$color',
> quantity = '$quan',
> date = CURDATE()";
> }else{
> echo 'No data submited';
>
> }
> if (@mysql_query($sql)) {
> echo 'Your order has been submited.';
> } else {
> echo 'Error placing order: ' .
> mysql_error() . '';
> }
>
>
>
> ?>
>
> thanks in advance
>

Report · Dec 05, 2008

Murray *ACE* wrote:
> $sql = "INSERT INTO order SET
> product ='" . $product . "',
> size='" . $size . "',
> color='" . $color . "',
> quantity = '" . $quan . "',

No, that's not what's causing the problem. It's the use of "order" as
the table name. Order is a SQL reserved word. Either the table name
should be changed, or the INSERT query rewritten like this:

$size = mysql_real_escape_string($_POST['size']);
$color = mysql_real_escape_string($_POST['color']);
$quan = mysql_real_escape_string($_POST['quantity']);
$sql = "INSERT INTO `order` SET
product = 1,
size= '$size',
color= '$color',
quantity = $quan,
`date` = CURDATE()";

Note that I have surrounded order and date with backticks. I have also
removed $product, since it has a fixed value. I removed the quotes from
around $quan, because numbers should not be quoted in SQL queries.

The changes I have made assume that magic quotes are turned off on the
server. If they are on, you also need to pass the $_POST variables to
stripslashes() like this:

$size = mysql_real_escape_string(stripslashes($_POST['size']));
$color = mysql_real_escape_string(stripslashes($_POST['color']));
$quan = mysql_real_escape_string(stripslashes($_POST['quantity']);

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS4",
"PHP Solutions" & "PHP Object-Oriented Solutions"
http://foundationphp.com/

Report · Dec 05, 2008

<sigh>

Thanks, David! 8)

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"David Powers" <david@example.com> wrote in message
news:ghbnbq$b1m$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> $sql = "INSERT INTO order SET
>> product ='" . $product . "',
>> size='" . $size . "',
>> color='" . $color . "',
>> quantity = '" . $quan . "',
>
> No, that's not what's causing the problem. It's the use of "order" as the
> table name. Order is a SQL reserved word. Either the table name should be
> changed, or the INSERT query rewritten like this:
>
> $size = mysql_real_escape_string($_POST['size']);
> $color = mysql_real_escape_string($_POST['color']);
> $quan = mysql_real_escape_string($_POST['quantity']);
> $sql = "INSERT INTO `order` SET
> product = 1,
> size= '$size',
> color= '$color',
> quantity = $quan,
> `date` = CURDATE()";
> Note that I have surrounded order and date with backticks. I have also
> removed $product, since it has a fixed value. I removed the quotes from
> around $quan, because numbers should not be quoted in SQL queries.
>
> The changes I have made assume that magic quotes are turned off on the
> server. If they are on, you also need to pass the $_POST variables to
> stripslashes() like this:
>
> $size = mysql_real_escape_string(stripslashes($_POST['size']));
> $color = mysql_real_escape_string(stripslashes($_POST['color']));
> $quan = mysql_real_escape_string(stripslashes($_POST['quantity']);
>
> --
> David Powers, Adobe Community Expert
> Author, "The Essential Guide to Dreamweaver CS4",
> "PHP Solutions" & "PHP Object-Oriented Solutions"
> http://foundationphp.com/

Report · Dec 05, 2008

Murray *ACE* wrote:
> <sigh>
>
> Thanks, David! 8)

No problemo. The approach you took is normally the right one. However,
what gave the game away to me was the original error message, which made
me think that an ORDER BY clause had been put in the wrong place. It was
then that the penny dropped about "order" being a reserved word.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS4",
"PHP Solutions" & "PHP Object-Oriented Solutions"
http://foundationphp.com/

Report · Dec 05, 2008

Yeah - I can see how that process worked. So, the use of the $variable
within single quotes within double quotes is OK? That will save me some
trouble!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"David Powers" <david@example.com> wrote in message
news:ghbo8q$bv2$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> <sigh>
>>
>> Thanks, David! 8)
>
> No problemo. The approach you took is normally the right one. However,
> what gave the game away to me was the original error message, which made
> me think that an ORDER BY clause had been put in the wrong place. It was
> then that the penny dropped about "order" being a reserved word.
>
> --
> David Powers, Adobe Community Expert
> Author, "The Essential Guide to Dreamweaver CS4",
> "PHP Solutions" & "PHP Object-Oriented Solutions"
> http://foundationphp.com/

Report · Dec 05, 2008

Yes. Usually I like to throw in some curly brackets (more to clarify
exactly what the variable is, but can also hit object properties or
array indexes)...

"...
`name`='{$dbData['name']}',
`rodent`='{$hamster}'
..."

...some might consider that overkill for simple variables though. I can
be a bit compulsive.

Murray *ACE* wrote:
> Yeah - I can see how that process worked. So, the use of the $variable
> within single quotes within double quotes is OK? That will save me some
> trouble!
>

Report · Dec 05, 2008

Murray *ACE* wrote:
> So, the use of the $variable
> within single quotes within double quotes is OK?

Yes. A lot of people get mixed up with the use of quotes in PHP, but the
rules are very simple:

1. Anything inside double quotes is interpreted.
2. Anything inside single quotes is treated as plain text.
3. The outermost pair of quotes determines which rule applies.

Example:

$name = 'Murray';
echo "$name Summers"; // displays "Murray Summers"
echo "His name is '$name'."; // displays "His name is 'Murray'."
echo '$name Summers'; // displays "$name Summers".
echo 'His name is "$name".'; // displays "His name is "$name"."

Many people use double quotes all the time, and create finger-twisting
(and illegible) code with backslashes. Best practice is to mix single
and double quotes for readability:

http://framework.zend.com/manual/en/coding-standard.coding-style.html#coding-standard.coding-style.s...

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS4",
"PHP Solutions" & "PHP Object-Oriented Solutions"
http://foundationphp.com/

Report · Dec 05, 2008

Thanks, Nate. That was the method I was trying to remember, but was not
sure about the exact details of the use of the curlies.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"Nate Baldwin" <fake@example.com> wrote in message
news:ghbpq5$e79$1@forums.macromedia.com...
> Yes. Usually I like to throw in some curly brackets (more to clarify
> exactly what the variable is, but can also hit object properties or array
> indexes)...
>
> "...
> `name`='{$dbData['name']}',
> `rodent`='{$hamster}'
> ..."
>
> ...some might consider that overkill for simple variables though. I can be
> a bit compulsive.
>
> Murray *ACE* wrote:
>> Yeah - I can see how that process worked. So, the use of the $variable
>> within single quotes within double quotes is OK? That will save me some
>> trouble!
>>

Report · Dec 05, 2008

Thanks. It was that #3 rule I wasn't aware of. This will indeed make my
life easier, and my code less eye-popping!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"David Powers" <david@example.com> wrote in message
news:ghbqcf$esi$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> So, the use of the $variable within single quotes within double quotes is
>> OK?
>
> Yes. A lot of people get mixed up with the use of quotes in PHP, but the
> rules are very simple:
>
> 1. Anything inside double quotes is interpreted.
> 2. Anything inside single quotes is treated as plain text.
> 3. The outermost pair of quotes determines which rule applies.
>
> Example:
>
> $name = 'Murray';
> echo "$name Summers"; // displays "Murray Summers"
> echo "His name is '$name'."; // displays "His name is 'Murray'."
> echo '$name Summers'; // displays "$name Summers".
> echo 'His name is "$name".'; // displays "His name is "$name"."
>
> Many people use double quotes all the time, and create finger-twisting
> (and illegible) code with backslashes. Best practice is to mix single and
> double quotes for readability:
>
> http://framework.zend.com/manual/en/coding-standard.coding-style.html#coding-standard.coding-style.s...
>
> --
> David Powers, Adobe Community Expert
> Author, "The Essential Guide to Dreamweaver CS4",
> "PHP Solutions" & "PHP Object-Oriented Solutions"
> http://foundationphp.com/

Report · Dec 05, 2008

Murray *ACE* wrote:
> Thanks. It was that #3 rule I wasn't aware of. This will indeed make
> my life easier, and my code less eye-popping!

Nate's suggestion about using curlies is also important when embedding
array elements in a double quoted string:

This works:

echo "You selected {$_POST['product']}";

This triggers a parse error:

echo "You selected $_POST['product']";

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS4",
"PHP Solutions" & "PHP Object-Oriented Solutions"
http://foundationphp.com/

Report · Dec 05, 2008

Thanks!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"David Powers" <david@example.com> wrote in message
news:ghbr5b$fk2$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> Thanks. It was that #3 rule I wasn't aware of. This will indeed make my
>> life easier, and my code less eye-popping!
>
> Nate's suggestion about using curlies is also important when embedding
> array elements in a double quoted string:
>
> This works:
>
> echo "You selected {$_POST['product']}";
>
> This triggers a parse error:
>
> echo "You selected $_POST['product']";
>
> --
> David Powers, Adobe Community Expert
> Author, "The Essential Guide to Dreamweaver CS4",
> "PHP Solutions" & "PHP Object-Oriented Solutions"
> http://foundationphp.com/

Report · Dec 06, 2008

wow a whole days worth of class room lessons from one question...

Awesome guys thanx alot it works now..

Report · Dec 06, 2008

Stick around. There's lots of good stuff here!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"beatzMalone" <webforumsuser@macromedia.com> wrote in message
news:ghf8oo$p6t$1@forums.macromedia.com...
> wow a whole days worth of class room lessons from one question...
>
> Awesome guys thanx alot it works now..

help with php mysql connect script

1 Correct answer