0

Can someone tell me where I'm wrong with my request?

$sql = "INSERT INTO order (order_id,prod) VALUES ('','".$prod."')";
mysql_query($sql) or die ('Error SQL !'.$sql.'<br />'.mysql_error());
$_SESSION['orderid']=mysql_insert_id();

Here is my table configuration:

Columns for order table:

'order_id'=>int(11) auto_increment
'prod'=> varchar(20) utf8_general_ci

And this is the error message:

Error SQL !INSERT INTO order (order_id,prod) VALUES ('','xxx') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (order_id,prod) VALUES ('','xxx')' at line 1

Thank you

Sal00m
  • 2,938
  • 3
  • 22
  • 33
Baylock
  • 1,246
  • 4
  • 25
  • 49

4 Answers4

2

ORDER is a reserved keyword and happens to be the name of your column/table. To avoid syntax error, you need to escape it using backtick. E.g.

`ORDER`

If you have the privilege to alter the table, change the table name to which is not a reserved keyword to avoid problem from occurring again.

Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
Rikesh
  • 26,156
  • 14
  • 79
  • 87
1

Try this:

INSERT INTO `order` (order_id,prod) VALUES ('','".$prod."')
user1094553
  • 786
  • 5
  • 15
1

replace with this, just use single quote with table name

$sql = "INSERT INTO `order` (order_id,prod) VALUES ('','".$prod."')";
Rajendra Yadav
  • 645
  • 3
  • 12
0

$insert="INSERT INTO order (order_id,prod) VALUES ('','".$prod."')";

Vivek Singh
  • 2,453
  • 1
  • 14
  • 27