-1

there is something wrong with my query but I have no idea what the problem is.

Here are my queries:

$result=mysql_query("UPDATE user_info SET Money = '$newmoney' WHERE Username ='$user'"); 

$result=mysql_query("INSERT INTO order (username, amount, stock, company) VALUES 
('$user','$amount','$stock','$symbol')");

When I run it the first query works, but the second doesn't. There are now errors given. Any help would be great, thank you.

user1760791
  • 403
  • 3
  • 12
  • I tried that and it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (username, amount, stock, company) VALUES (username,23, 15.84,YHOO)' at line 1" – user1760791 Oct 20 '12 at 17:35
  • That error does not have `'` around your parameters. Either your query or your error message are not identical to what you have posted here. I also ***strongly*** advise against Building your queries this way; you get no type safety, more difficult debugging and all the SQL injection attacks under the sun. – MatBailie Oct 20 '12 at 17:41

3 Answers3

3

order is a reserved word. Quote it with backticks:

$result = mysql_query("
  INSERT INTO `order`
    (username, amount, stock, company)
  VALUES
    ('$user','$amount','$stock','$symbol')
");

Furthermore, notice that on the PHP manual page for the mysql_query() function, it states in a big red box:

Suggested alternatives

Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

eggyal
  • 122,705
  • 18
  • 212
  • 237
  • I tried this and still it gives the same error message. Thank you anyway. – user1760791 Oct 20 '12 at 17:37
  • hope you used backticks and not single quote on the ORDER table? – codingbiz Oct 20 '12 at 17:41
  • @user1760791: From the error message you posted in [your comment](http://stackoverflow.com/questions/12990917/why-doesnt-my-query-succeed-php-mysql/12990975#comment17622348_12990917), it appears that you are not quoting your string literals. When you switch to PDO or mysqli, you should use [prepared statements](http://stackoverflow.com/a/60496/623041) instead, into which you pass your variables as parameters that do not get evaluated for SQL. – eggyal Oct 20 '12 at 17:42
0

Really look fine, can you try this?

$result=mysql_query("INSERT INTO order (username, amount, stock, company) VALUES 
($user,$amount,$stock,$symbol)");
itaka
  • 399
  • 1
  • 5
  • 16
  • I tried this and it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (username, amount, stock, company) VALUES (username,23, 15.84,YHOO)' at line 1" – user1760791 Oct 20 '12 at 17:35
  • Hint: what goes around string literals in SQL? –  Oct 31 '12 at 21:34
0

As previously stated order is a reserved mysql word. In this link you can find other reserved words: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html, Instead of using backticks I would change the column's name it would be easier.

ralatorre
  • 22
  • 4