i used `` for column name though im getting error... my code is
$sql = "INSERT INTO order(`pcode`) VALUES ('$pcode')";
if(!mysql_query($sql,$con))
die('cant connect ' .mysql_error());
Asked
Active
Viewed 76 times
0
Shakti Singh
- 84,385
- 21
- 134
- 153
Milan Delvadia
- 90
- 1
- 6
-
Not directly related but you are exposing yourself to SQL injection. You should consider prepared statements and parametrized queries: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php – mihaisimi Jun 27 '12 at 13:04
-
1Also try upgrading to PDO http://php.net/manual/en/book.pdo.php, it is a much nicer extension for SQL, as the mysql extension is now deprecated – Kris Jun 27 '12 at 13:05
2 Answers
5
Order is a reserved word for the "ORDER BY" clause try
"INSERT INTO `order`(pcode) VALUES ('$pcode')";
Note: Please ensure $pcode is being run through mysql_real_escape_string, or better yet look into the PDO extension and their prepared queries
Kris
- 6,094
- 2
- 31
- 46
-
thnx .. it works.. im tryinf all possible ways using ` ` bt not used in table name.. big relief aftr two days – Milan Delvadia Jun 27 '12 at 13:23
0
if order is your table name and pcode is your column name then you can use this:
$sql = sprintf("INSERT INTO `order` (pcode) VALUES('%s')", $pcode);
Gabriel Baker
- 1,209
- 11
- 21
-
1The language is the language listed for the question, PHP, but sprintf is pretty universal – Gabriel Baker Jun 27 '12 at 13:09