I have an add to cart script. When I run the script it says I have an SQL Syntax error. I cant find the SQL syntax error.
Here is the script.
function addToCart($connection, $pagesRow, $homeSpecNum, &$xtpl)
{
set_error_handler("errorHandler");
// Have the correct parameters been provided?
if (empty($_GET["prodID"]) && empty($_GET["qty"]))
{
$_SESSION["message"] = $message;
$message = "Incorrect parameters to addToCart.inc";
// Redirect the browser back to the calling page,
home($connection, $pagesRow, $homeSpecNum, &$xtpl);
}
$prodID = clean($_GET["prodID"], 5);
$qty = clean($_GET["qty"], 3);
$update = false;
// If the user has added items to their cart, then
// the variable order_no will be registered
// First, decide on which tables to lock
// We don't touch orders if the cart already exists
if (isset($_SESSION['order_no']))
$query = "LOCK TABLES tbl_inventory READ, tbl_items WRITE";
else
$query = "LOCK TABLES tbl_inventory READ, tbl_orders WRITE, tbl_items WRITE";
// LOCK the tables
if (!(@ mysql_query ($query, $connection)))
showerror();
// Second, create a cart if we don't have one yet
// or investigate the cart if we do
if (!isset($_SESSION['order_no']))
{
// Find out the maximum order_id, then
// register a session variable for the new order_id
// A cart is an order for the customer with cust_id = -1
$query = "SELECT max(order_id) FROM tbl_orders
WHERE cust_id = -1";
if (!($result = @ mysql_query ($query, $connection)))
showerror();
// Save the cart number as order_no
// This is used in all cart scripts to access the cart
$_SESSION['order_no'] = $order_no;
$row = @ mysql_fetch_array($result);
$order_no = $row["max(order_id)"] + 1;
// Now, create the shopping cart
$query = "INSERT INTO tbl_orders
SET cust_id = -1,
order_id = $order_no";
if (!(@ mysql_query ($query, $connection)))
showerror();
// Default the item_id to 1
$item_id = 1;
}
else
{
// We already have a cart. Check if the customer already
// has this item in their cart
$query = "SELECT item_id, qty FROM tbl_items
WHERE cust_id = -1
AND order_id = $order_no
AND product_id = $prodID";
if (!($result = @ mysql_query ($query, $connection)))
showerror();
// Is the item in the cart already?
if (mysql_num_rows($result) > 0)
{
$update = true;
$row = @ mysql_fetch_array($result);
// Save the item number
$item_id = $row["item_id"];
}
// If this is not an update, find the next available item_id
if ($update == false)
{
// We already have a cart, find the maximum item_id
$query = "SELECT max(item_id) FROM tbl_items
WHERE cust_id = -1
AND order_id = $order_no";
if (!($result = @ mysql_query ($query, $connection)))
showerror();
$row = @ mysql_fetch_array($result);
// Save the item number of the new item
$item_id = $row["max(item_id)"] + 1;
}
}
// Third, add the item to the cart or update the cart
if ($update == false)
{
// Get the cost of the wine
// The cost comes from the cheapest inventory
$query = "SELECT product_cost FROM tbl_products
WHERE product_id = $prodID";
if (!($result = @ mysql_query ($query, $connection)))
showerror();
$row = @ mysql_fetch_array($result);
// We still have some of this wine, so save the
// cheapest available price
$cost = $row["product_cost"];
$query = "INSERT INTO tbl_items
SET cust_id = -1,
order_id = $order_no,
item_id = $item_id,
product_id = $prodID,
qty = $qty,
price = $cost";
}
else
$query = "UPDATE tbl_items
SET qty = qty + $qty
WHERE cust_id = -1
AND order_id = $order_no
AND item_id = $item_id";
// Either UPDATE or INSERT the item
// (Only do this if there wasn't an error)
if (!(@ mysql_query ($query, $connection))))
showerror();
// Last, UNLOCK the tables
$query = "UNLOCK TABLES";
if (!(@ mysql_query ($query, $connection)))
showerror();
// Redirect the browser back to the calling page,
// using the HTTP response header "Location:"
// and the PHP environment variable $HTTP_REFERER
home($connection, $pagesRow, $homeSpecNum, &$xtpl);
}
?>
