1
$sql3 = 
    "INSERT INTO `orders` (cid, eid, order, date_ordered, date_called, status) 
  VALUES ('$cid', '$eid', '$order', '$date_ordered', '$date_called', '$status')";

The error is:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, date_ordered, date_called, status) VALUES ('0012', '0', 'gydfhtfhjghj', '' at line 1

Naftali
  • 144,921
  • 39
  • 244
  • 303
Stefano
  • 93
  • 2
  • 7
  • 7
    `ORDER` is a reserved word. You need to wrap it in backticks or rename the column to something unambiguous. – Evan Mulawski Jul 06 '12 at 15:44
  • Your error message doesn't appear to agree with your statement. Also, trying to insert the value `'gydfhtfhjghj'` into a date field is always likely to fail. –  Jul 06 '12 at 15:48
  • 2
    Please, when possible, don't interpolate variables to make dynamic SQL queries. It's too easy to forget to escape them, to be confounded by charset issues when you do escape, or to be confounded by future maintenance done in haste. Instead use [parameterized queries](http://stackoverflow.com/a/60496/132382). – pilcrow Jul 06 '12 at 15:49
  • possible duplicate of [Syntax error due to using a reserved word as a table or column name in MySQL](http://stackoverflow.com/questions/23446377/syntax-error-due-to-using-a-reserved-word-as-a-table-or-column-name-in-mysql) – Ian Ringrose May 06 '14 at 10:16

2 Answers2

4

ORDER is a reserved word. So you can escape it with backticks:

$sql3 = 
"INSERT INTO `orders` (cid, eid, `order`, date_ordered, date_called, status) 
 VALUES ('$cid', '$eid', '$order', '$date_ordered', '$date_called', '$status')";
Naftali
  • 144,921
  • 39
  • 244
  • 303
1

ORDER is a reserved keyword. Use a different name or wrap it in backticks (they're not called quotes apparently). 

`order`
sachleen
  • 30,730
  • 8
  • 78
  • 73
  • 2
    ... Or escape the column name with backticks – bfavaretto Jul 06 '12 at 15:45
  • 2
    AHHHHHH! **DO NOT WRAP IN QUOTES!** – Naftali Jul 06 '12 at 15:46
  • 1
    Yeah I was trying to do that but it wouldn't in the inline code. Sorry, fixed. lol @Neal my bad man. I didn't know the name for the "`" kind of quote. – sachleen Jul 06 '12 at 15:47
  • 1
    Everyone familiar with MySQL (and other query languages) knows they are called backticks. – Evan Mulawski Jul 06 '12 at 15:49
  • It'd be acceptable to wrap them in *double-quotes*, which MySQL will recognize as delimiting identifiers when syntactically plausible, or, better, when in [ANSI_QUOTES](http://dev.mysql.com/doc/refman/5.5/en/server-sql-mode.html#sqlmode_ansi_quotes) mode. – pilcrow Jul 06 '12 at 15:54