MySQL error 1064 while inserting serialized object

Question

So I have a custom PHP object which I have serialized and I am trying to insert it into a MySQL database with PHP Code:

$serializedOrder = serialize($objectOrder);

//I have tried both of these, and all combinations of them
$serializedOrder = mysql_real_escape_string($serializedOrder);
$serializedOrder = stripslashes($serializedOrder);

$result = mysql_query("INSERT INTO orders(order) VALUES('".$serializedOrder."')");
if ($result == false) {
   echo "mysql_query failed  ";
   echo mysql_error();
   echo "   ";
   echo mysql_errno();
}

This produces the reponse:

mysql_query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order) VALUES('O:10:"OrderClass":6:{s:9:"foodArray";a:0:{}s:8:"baseTime";i:0;s:1' at line 1 1064

The total serialized string is:

O:10:"OrderClass":6:{s:9:"foodArray";a:0:{}s:8:"baseTime";i:0;s:11:"orderNumber";i:0;s:11:"truckNumber";i:0;s:10:"customerID";i:0;s:11:"orderStatus";s:0:"";}

Any help is appreciated.

`ORDER` is a [MySQL reserved keyword](http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html), and you must quote it with backticks to use it as a column identifier. — Michael Berkowski, Mar 04 '13 at 00:50
Don't call `stripslashes()` after `mysql_real_escape_string()`! You are _undoing_ the escaping done by `mysql_real_escape_string()`. — Michael Berkowski, Mar 04 '13 at 00:52
A VERY important thing to note here is that all mysql_* functions are deprecated and soon to be removed so if PHP gets updated on your sever, your scripts won't work anymore. You'll see this message all over at php.net: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: — thatthatisis, Mar 04 '13 at 00:58

score 0 · Answer 1 · answered Apr 23 '13 at 19:01

0

right query

$result = mysql_query("INSERT INTO orders(`order`) VALUES('".$serializedOrder."')");

https://dev.mysql.com/doc/refman/4.1/en/reserved-words.html

answered Apr 23 '13 at 19:01

Ejaz

8,719
3
34
49

MySQL error 1064 while inserting serialized object

1 Answers1