[RESOLVED] SQL Syntax

talkster5

I am having a problem with inserting a form again and it giving the SQL Syntax. I have used addslashes this time aswell but it still errors once it gets to "input type" if you can let me know what is wrong that would be great as I can't see any difference between the first one which actually works and the ones labelled 3,6,12 that don't work.

<?php require_once('../connections/database.php');

session_start();
if(!session_is_registered("admin")) {
header("Location: login.php");
exit;
}

$game = $_POST['game'];
$type = $_POST['type'];
$slots = $_POST['slots'];
$price = $_POST['price'];

$manualform = "<form action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_xclick'>
<input type='hidden' name='business' value='shikane@blueyonder.co.uk'>
<input type='hidden' name='item_name' value='Net-Play Service'>
<input type='hidden' name='item_number' value='1'>
<input type='hidden' name='amount' value=' $price '>
<input type='hidden' name='no_note' value='1'>
<input type='hidden' name='currency_code' value='GBP'>
<input type='image' src='https://www.paypal.com/en_US/i/btn/x-click-but01.gif' border='0' name='submit' alt='Make payments with PayPal - it's fast, free and secure!'>
</form>";

$subscriptionform = "<form action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='image' src='https://www.paypal.com/en_US/i/btn/x-click-but20.gif' border='0' name='submit' alt='Make payments with PayPal - it's fast, free and secure!'>
<input type='hidden' name='cmd' value='_xclick-subscriptions'>
<input type='hidden' name='business' value='shikane@blueyonder.co.uk'>
<input type='hidden' name='item_nam' value='Net-Play Service'>
<input type='hidden' name='item_number' value='1'>
<input type='hidden' name='no_shipping' value='1'>
<input type='hidden' name='no_note' value='1'>
<input type='hidden' name='currency_code' value='GBP'>
<input type='hidden' name='a3' value=' $price '>
<input type='hidden' name='p3' value='1'>
<input type='hidden' name='t3' value='M'>
<input type='hidden' name='src' value='1'>
<input type='hidden' name='sra' value='1'>
</form>";

$manual = addslashes($manualform);
$subscription = addslashes($subscriptionform);

$percent3 = "5"; 
$percentage3 = $price/100*$percent3;
$dif3 = $price-$percentage3;
$final3 = round($dif3, 2);

$form3 = "<form action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_xclick'>
<input type='hidden' name='business' value='shikane@blueyonder.co.uk'>
<input type='hidden' name='item_name' value='Net-Play Service'>
<input type='hidden' name='item_number' value='1'>
<input type='hidden' name='amount' value=' $final3 '>
<input type='hidden' name='no_note' value='1'>
<input type='hidden' name='currency_code' value='GBP'>
<input type='image' src='https://www.paypal.com/en_US/i/btn/x-click-but01.gif' border='0' name='submit' alt='Make payments with PayPal - it's fast, free and secure!'>
</form>";

$percent6 = "10"; 
$percentage6 = $price/100*$percent6;
$dif6 = $price-$percentage6;
$final6 = round($dif6, 2);

$form6 = "<form action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_xclick'>
<input type='hidden' name='business' value='shikane@blueyonder.co.uk'>
<input type='hidden' name='item_name' value='Net-Play Service'>
<input type='hidden' name='item_number' value='1'>
<input type='hidden' name='amount' value=' $final6 '>
<input type='hidden' name='no_note' value='1'>
<input type='hidden' name='currency_code' value='GBP'>
<input type='image' src='https://www.paypal.com/en_US/i/btn/x-click-but01.gif' border='0' name='submit' alt='Make payments with PayPal - it's fast, free and secure!'>
</form>";

$percent12 = "20"; 
$percentage12 = $price/100*$percent12;
$dif12 = $price-$percentage12;
$final12 = round($dif12, 2);

$form12 = "<form action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_xclick'>
<input type='hidden' name='business' value='shikane@blueyonder.co.uk'>
<input type='hidden' name='item_name' value='Net-Play Service'>
<input type='hidden' name='item_number' value='1'>
<input type='hidden' name='amount' value=' $final12 '>
<input type='hidden' name='no_note' value='1'>
<input type='hidden' name='currency_code' value='GBP'>
<input type='image' src='https://www.paypal.com/en_US/i/btn/x-click-but01.gif' border='0' name='submit' alt='Make payments with PayPal - it's fast, free and secure!'>
</form>";

$insert3 = addslashes($form3);
$insert6 = addslashes($form6);
$insert12 = addslashes($form12);

mysql_select_db($database, $connect);
$sql = "INSERT INTO prices SET game='$game', type='$type', slots='$slots', price='$price', manual='$manual', subscription='$subscription', 3='$insert3', 6='$insert6', 12='$insert12'";
mysql_query($sql) or die(mysql_error()); 
header("Location: prices.php");
?>

drew010

try putting a around the 3 6 and 12. see if it makes a difference. this tells mysql that you are referring to a column or table name, and not a reserved word.

talkster5

That didnt seem to work but if it helps here is the exact error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3'='
<in' at line 1"

talkster5

I changed the names of the columns instead and it works now. Thanks once again.

drew010

yeah i was thinking you couldnt have columns named beginning with numbers so i was just testing it and gonna suggest you check the names. but glad its all worked out now.