0

I want to navigate records with next & prev buttons, But i gor the following error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY Sr_no DESC LIMIT 1' at line 1" Pls help me to resolve this error

MY code is 

<?php
$id = $_GET['Sr_no'];
$id = $currentid;
$prevquery = "SELECT Sr_no, Entry_Date, Agent_Name, Process_Name, Donar_Name,Company_Name,Designation, Add1, Add2, Add3, Pincode, City, Contact_no,Mobile_no,Nearest_station,Suburbans, Pickup_time,Pickup_Date, Confirmation_Status,Last_Yr_Contribution,Pickup_Amount,Final_Donate_amt,Final_Status,DOB,Email_Id,Chq_Deposite_Date,Form_No,Cheque_Date,Cheque_No,Bank_Name,Chq_Amount,Pan_No,MICR_No,CLR_Loc,Batch_File,Donar_Code FROM leads WHERE Sr_no < $currentid ORDER BY Sr_no DESC LIMIT 1";
$prevresult = mysql_query($prevquery) or die(mysql_error());
while ($prevrow = mysql_fetch_array($prevresult)) {
    $previd = $prevrow['Sr_no'];
}
$nextquery = "SELECT Sr_no, Entry_Date, Agent_Name, Process_Name, Donar_Name,Company_Name,Designation, Add1, Add2, Add3, Pincode, City, Contact_no, Mobile_no,Nearest_station,Suburbans, Pickup_time, Pickup_Date, Confirmation_Status, Last_Yr_Contribution, Pickup_Amount,Final_Donate_amt,Final_Status,DOB,Email_Id,Chq_Deposite_Date,Form_No,Cheque_Date,Cheque_No,Bank_Name,Chq_Amount,Pan_No,MICR_No,CLR_Loc,Batch_File,Donar_Code FROM  leads WHERE Sr_no < $currentid ORDER BY Sr_no DESC LIMIT 1";
$nextresult = mysql_query($nextquery) or die(mysql_error());
while ($nextrow = mysql_fetch_array($nextresult)) {
    $nextid = $nextrow['Sr_no'];
}
?>

<a href="edit1.php?Sr_no=<?php echo $previd; ?>">Previous</a>
<a href="edit1.php?Sr_no<?php echo $nextid; ?>">Next</a>
Vahid Hallaji
  • 7,159
  • 5
  • 42
  • 51
Vishaal
  • 17
  • 1
  • 8
  • 1
    Make sure `$currentid` is set and not empty before inserting it into the query. You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use [a modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to** [**SQL injection attacks**](http://bobby-tables.com/) that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – DCoder Sep 03 '13 at 08:58
  • Wrap your variable in single quotes. `'$currentid'` – Ben Fortune Sep 03 '13 at 09:34

1 Answers1

1

I think your code is 

$id=$_GET['Sr_no'];
$currentid = $id;

and not this

$id=$_GET['Sr_no'];
$id = $currentid;
yantrakaar
  • 374
  • 3
  • 15
  • Thanx alot, I made the changes prev link working fine but on next linki got an error same error – Vishaal Sep 03 '13 at 09:13
  • Thanx alot, I made the changes now Prev link works fine ,but on the next link i got same error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY Sr_no DESC LIMIT 1' at line 1" – Vishaal Sep 03 '13 at 09:15
  • Both of your sql statement are same . try doing Sr_no > $currentid instead of Sr_no < $currentid in your $nextquery. – yantrakaar Sep 03 '13 at 09:41
  • or try this : "SELECT Sr_no, Entry_Date, Agent_Name, Process_Name, Donar_Name,Company_Name,Designation, Add1, Add2, Add3, Pincode, City, Contact_no, Mobile_no,Nearest_station,Suburbans, Pickup_time, Pickup_Date, Confirmation_Status, Last_Yr_Contribution, Pickup_Amount,Final_Donate_amt,Final_Status,DOB,Email_Id,Chq_Deposite_Date,Form_No,Cheque_Date,Cheque_No,Bank_Name,Chq_Amount,Pan_No,MICR_No,CLR_Loc,Batch_File,Donar_Code FROM leads WHERE Sr_no < ".$currentid." ORDER BY Sr_no DESC LIMIT 1"; – yantrakaar Sep 03 '13 at 09:45