What is the error talking about?

Question

well i am new to php .Now all i am trying to do is insert some data in a database table.

Here is the sample code

<?php 
include("DbMethods.php");
connectToDb();

$name=$_POST['name'];
$location=$_POST['location'];
$item=$_POST['item'];


    $result=mysql_query("SELECT id FROM `customer` WHERE `name`='".$name."' AND `location`='".$location."' AND `item`='".$item."')")or die(mysql_error());

?>

and this is what the error looks like

check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

What exactly is wrong?

[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — John Conde, Feb 01 '13 at 03:07
Please [Prevent SQL injection](http://stackoverflow.com/q/60174) — John Conde, Feb 01 '13 at 03:08
What is your intended purpose for that random unmatched `')`? — Matt Whipple, Feb 01 '13 at 03:08
Thank you so uch for your suggestion:)I will see how to use prepared statements:) — user1720616, Feb 01 '13 at 03:09

score 3 · Answer 1 · answered Feb 01 '13 at 03:08

You have an erroneous ) at the end of your query. The error message is pretty explicit about this.

$result=mysql_query(" ... AND `item`='".$item."')")or die(mysql_error());
                                                ^

As mentioned in the comments, please stop using mysql_ functions. Why? For one reason someone may submit '; DROP customer for item.

score 0 · Answer 2 · answered Feb 01 '13 at 03:09

0

...$item."')")or die... should be ...$item."'")or die... which means it can't find a matching parentheses which is why it is giving you that error

answered Feb 01 '13 at 03:09

Class

3,149
3
22
31

score 0 · Answer 3 · answered Feb 01 '13 at 03:09

0

Dont use mysql_*...

remove the extra )

$result=mysql_query("SELECT id FROM `customer` WHERE `name`='".$name."' AND `location`='".$location."' AND `item`='".$item."'")or die(mysql_error());

answered Feb 01 '13 at 03:09

Danilo Kobold

2,562
1
21
31

score 0 · Answer 4 · answered Feb 01 '13 at 03:13

Replace the line with the following:

$result = mysql_query("SELECT id FROM `customer` WHERE `name`='".$name."' AND `location`='".$location."' AND `item`='".$item."') or die(mysql_error());

Error is actually stating that there is syntax error near ')' character. Quite specific and clear error message ;)

And as it was already mentioned, don't use mysql_ ever again.

What is the error talking about?

4 Answers4