MySQL Syntax Error at line 5 (but there's no mysql stuff anywhere near there) [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit 开发者_Go百科the help center. Closed 9 years ago.

So, I'm assuming that it has something to do with whats inside one of the variables i'm trying to insert into the database. But after looking at them (print_r($var);), they seem fine.

I don't know why I'm getting this vague as hell error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5

Here's code from line 0 through to where there's no more php/mysql stuff:

$o = $_REQUEST["order"]; // this is line 5!!!!!!!!!!!!!!!!!!!!!

$a=$_REQUEST["amount"];
$f=$_REQUEST["freight"];

    $connection =
    mysql_connect(".com","2345687654","jljljkl1") or die(
    mysql_error());
    if($connection)
    {
        mysql_select_db("dba") or die(mysql_error());

        mysql_query("INSERT INTO mysql_9269_dba.o 
                                   (amount, freight, sessionid) 
                                 VALUES 
                                   ('".$a."', '".$f."', '".$o."'") or die(mysql_error());

                    // get their email..

        $result = mysql_query("SELECT email 
                                             FROM cart 
                                            WHERE sessionid = '$o'") or die(mysql_error());
        while($row = mysql_fetch_array($result)){
          $email = $row["email"];
        }

I have no idea what to do. Syntax looks normal to me, and I've checked the values of all the variables that are being inserted into the db, and they're fine. Any help at all is appreciated

---

Assuming that missing quote is just a red herring from where you took out your real credentials, bear in mind that the MySQL error will be on line 5 of the MySQL statement, not of the PHP. Given that, you're missing a closing bracket at the end of the MySQL statement, which is line 5.

It should be:

VALUES 
    ('".$a."', '".$f."', '".$o."')") or die(mysql_error());

Note the extra backet to close the VALUES list.

Also bear in mind that this statement is likely to die if $a $f or $o contain a single quote, or anything else nasty. You might want to look up some advice on preventing "SQL injection" attacks at this point.

---

I recommend using sprintf instead:

$query = sprintf("INSERT INTO mysql_9269_dba.o 
                    (amount, freight, sessionid) 
                  VALUES 
                    ('%s', '%s', '%s')",
                  mysql_real_escape_string($_REQUEST["amount"]),
                  mysql_real_escape_string($_REQUEST["freight"]),
                  mysql_real_escape_string($_REQUEST["order"]));

mysql_query($query) or die(mysql_error());

It separates variable handling from the query building, making it easier to see syntax errors.

---

Aside from the MySQL error, you're also missing a quotation mark on the...

mysql_connect(".com","2345687654,"jljljkl1") or die(

...line. :-)

i.e.: It should be:

mysql_connect(".com", "2345687654", "jljljkl1") or die(

---

You're missing a closing parentheses in your SQL statement:

        mysql_query("INSERT INTO mysql_9269_dba.o 
                               (amount, freight, sessionid) 
                             VALUES 
                               ('".$a."', '".$f."', '".$o."')") or die(mysql_error());

I added it in directly after $o."'