0

I am trying to insert form data posted through a html form in mysql database. Unfortunately it isn't working. It gives me the following error.

ERROR: Could not able to execute INSERT INTO order(order_id, cat_id, p_id, top_id, time_order, total, table_id, qty, size) VALUES(default ,'1','1',1', '2015-08-03 19:57:46' ,'1000','1','2','X-large'). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', '2015-08-03 19:57:46' ,'1000','1','2','X-large')' at line 1"

here is a php code.

php

include("db_connect.php");
 if(! get_magic_quotes_gpc() ) {
$flavor = addslashes( $_POST['sel']);
$topping = addslashes( $_POST['top']);
$size = addslashes( $_POST['sizes']);
 }
else{
$flavor =  $_POST['sel'];
$topping =  $_POST['top'];
$size =  $_POST['sizes'];
}
$qty=$_POST['qty'];
pid =  "SELECT p_id FROM product where name ='".$flavor. "'";
$result = mysqli_query($link, $pid) ;
while($row = mysqli_fetch_array($result)){
$res =  $row['p_id'];
 }
$tid="select top_id from toppings where type='" .$topping ."'";
$re = mysqli_query($link, $tid) ;

while($r = mysqli_fetch_array($re)){
$e =  $r['top_id'];
}



$abc="select XL_price from product where name= 'Chicken Fajita'";
$abcd = mysqli_query($link, $abc) ;

while($rows = mysqli_fetch_array($abcd)){
$resul = $rows['XL_price'];
}


$d=date("Y-m-d H:i:s");
$sql="INSERT INTO `order`( `cat_id`, `p_id`, `top_id`, `time_order`, `total`, `table_id`, `qty`, `size`) VALUES( '1','$res',$e', '$d' ,'$resul','1','$qty','$size')";


if(mysqli_query($link, $sql)){
echo "Records added successfully.";
}    else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}


mysqli_close($link);
?>

Any suggestions or code help please. Thanks in advance :)

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Tabia Rashid
  • 13
  • 1

1 Answers1

0

You do not need single quotes for numbers. The pid variable is with missing $ sign. Try now.

<?php
include("db_connect.php");
if (!get_magic_quotes_gpc()) {
    $flavor = addslashes($_POST['sel']);
    $topping = addslashes($_POST['top']);
    $size = addslashes($_POST['sizes']);
} else {
    $flavor = $_POST['sel'];
    $topping = $_POST['top'];
    $size = $_POST['sizes'];
}
$qty = $_POST['qty'];
$pid = "SELECT p_id FROM product where name ='" . $flavor . "'";
$result = mysqli_query($link, $pid);
while ($row = mysqli_fetch_array($result)) {
    $res = $row['p_id'];
}
$tid = "select top_id from toppings where type='" . $topping . "'";
$re = mysqli_query($link, $tid);

while ($r = mysqli_fetch_array($re)) {
    $e = $r['top_id'];
}
$abc = "select XL_price from product where name= 'Chicken Fajita'";
$abcd = mysqli_query($link, $abc);

while ($rows = mysqli_fetch_array($abcd)) {
    $resul = $rows['XL_price'];
}

$d = date("Y-m-d H:i:s");
$sql = "INSERT INTO `order`( `cat_id`, `p_id`, `top_id`, `time_order`, `total`, `table_id`, `qty`, `size`) 
        VALUES(1, " . $res . ", " . $e . ", '" . $d . "', " . $resul . ", 1, " . $qty . ", " . $size . ")";
koredalin
  • 446
  • 3
  • 11