A last part in query is not working

Question

I have some code, but $query_last is not working, previous identica part $query -without problems.

I Don't understand what the problem is.

<?php
    if ($_SERVER["REQUEST_METHOD"]=="POST"){
        require 'connect_k.php';
        createMessage();
    }

    function createMessage(){
        global $connect;    
        $email = $_POST["email"];
        $price_main = $_POST["price_main"];
        $date = $_POST["date"];
        $order_number = $_POST["order_number"];
        $query="INSERT INTO final(email,name,size,quantity,price)SELECT email,name,size,quantity,price FROM items_cart WHERE email like ('$email');";
        $query_del="DELETE FROM items_cart WHERE email like ('$email');";
        $query_upd="UPDATE final SET price_main='$price_main',order_number='$order_number',date='$date' WHERE email like ('$email');";
----problem is here----
        $query_last="INSERT INTO order(email,name,size,quantity,price,price_main,order_number,date)SELECT email,name,size,quantity,price,price_main,order_number,date FROM final WHERE email like ('$email');";
        mysqli_query ($connect,$query)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_del)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_upd)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_last)or die (mysqli_error($connect));
        mysqli_close($connect);
    }
?>

You should let your code breathe more - spacing it more up and formatting makes it a lot easier to read - and in turn, easier to troubleshoot. And if there is any error from the query, `mysqli_error()` should tell you about it. You can also verify that the query works by running it in phpMyAdmin. — Qirel, Jun 05 '17 at 07:08
run this query in mysql directly and check what error is showing. — shubham715, Jun 05 '17 at 07:09
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Jun 05 '17 at 07:13
your insert queries don't have `VALUES ()` part. Are you sure they are running? did you get any error — Alive to die - Anant, Jun 05 '17 at 07:13
This code is all jumbled up. Clean, organized code makes mistakes more obvious. — tadman, Jun 05 '17 at 07:14
@AlivetoDie `INSERT...SELECT` doesn't use `VALUES` if you match columns one-to-one. — Qirel, Jun 05 '17 at 07:17
`order` is a reserved keyword, and needs to be backticked - or you should rename the table altogether if its not too late - See this thread: https://stackoverflow.com/questions/23446377/syntax-error-due-to-using-a-reserved-word-as-a-table-or-column-name-in-mysql — Qirel, Jun 05 '17 at 07:20
@Qirel THHHAAAANKS! THIS IST! QIREL it should be in 'answers' and i will accept it — Romik romikromik, Jun 05 '17 at 07:32
Its a duplicate, so the question should really be closed by the duplicate instead ;-) better to gather information in one place! — Qirel, Jun 05 '17 at 07:35

Ravi Kumar · Answer 1 · 2017-06-05T07:25:55.387

Try this I have modified my query

    $query_last  = "SELECT email,name,size,quantity,price,price_main,order_number,date FROM final WHERE email like ('$email');";
    mysqli_query ($connect,$query_last)or die (mysqli_error($connect));
    $new_last_qr ="INSERT INTO order(email,name,size,quantity,price,price_main,order_number,date) values (-- Set return values of $query_last --");
mysqli_query ($connect,$new_last_qr)or die (mysqli_error($connect));

Thanks

score 0 · Answer 2 · answered Jun 05 '17 at 09:03

Maybe the problem is that you are not escaping the query before passing it to the database, you should try using addslashes function for your inputs.

    function createMessage(){
        global $connect;    
        $email = addslashes($_POST["email"]);
        $price_main = addslashes($_POST["price_main"]);
        $date = addslashes($_POST["date"]);
        $order_number = addslashes($_POST["order_number"]);
        $query="INSERT INTO final(email,name,size,quantity,price)SELECT email,name,size,quantity,price FROM items_cart WHERE email like ('$email');";
        $query_del="DELETE FROM items_cart WHERE email like ('$email');";
        $query_upd="UPDATE final SET price_main='$price_main',order_number='$order_number',date='$date' WHERE email like ('$email');";
----problem is here----
        $query_last="INSERT INTO order(email,name,size,quantity,price,price_main,order_number,date)SELECT email,name,size,quantity,price,price_main,order_number,date FROM final WHERE email like ('$email');";
        mysqli_query ($connect,$query)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_del)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_upd)or die (mysqli_error($connect));
        mysqli_query ($connect,$query_last)or die (mysqli_error($connect));
        mysqli_close($connect);
    }

score 0 · Accepted Answer · answered Jun 05 '17 at 10:24

"INSERT INTO order(email,name,size,quantity,price,price_main,order_number,date)SELECT email,name,size,quantity,price,price_main,order_number,date FROM final WHERE email like ('$email');";

Syntax error due to using a reserved word as a table or column name in MySQL

order is a reserved keyword, and needs to be backticked or renamed.

A last part in query is not working

3 Answers3