hi, I faced a problem but unable to find my error. Bellow codes show me this message "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1". Any help as I'm new. <?php session_start(); if (!isset($_SESSION["manager"])){ header("location: admin_login.php"); exit(); } $managerID = preg_replace('#[^0-9]#i', '' , $_SESSION["id"]); $manager = preg_replace('#[^A-Za-z0-9]#i', '' , $_SESSION["manager"]); $password = preg_replace('#[^A-Za-z0-9]#i', '' , $_SESSION["password"]); include_once("../storescripts/connect_to_mysql.php"); $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); if ($existCount==0){ echo "Your login session data is not record in database."; exit(); } ?> <?php error_reporting(E_ALL); ini_set('desplay_errors','1'); ?> <?php if (isset($_POST["product_name"])){ $product_name = mysql_real_escape_string($_POST['product_name']); $price = mysql_real_escape_string($_POST['price']); $category = mysql_real_escape_string($_POST['category']); $subcategory = mysql_real_escape_string($_POST['subcategory']); $details = mysql_real_escape_string($_POST['details']); $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1"); $productMatch = mysql_num_rows($sql); if($productMatch>0){ echo 'Sorry, You tried to place a duplicate "Product Name" to the system, <a href="inventory_list.php">Click Here</a>'; exit(); } $sql = mysql_query("INSERT INTO products(product_name, price, details, category, subcategory, date_added) VALUES('$product_name','$price','$details','$category','$subcategory',now()") or die(mysql_error()); $pid = mysql_insert_id(); $newname = "$pid.jpg"; move_uploaded_file($_FILES['fileField']['tmp_name'],"../inventory_images/$newname"); } ?> <?php $product_list = ""; $sql = mysql_query("SELECT * FROM products"); $productCount = mysql_num_rows($sql); if ($productCount>0){ while ($row=mysql_fetch_array($sql)){ $id = $row["id"]; $product_name = $row["product_name"]; $product_list .="$id-$product_name<br />"; } }else{ $product_list = "You have no products listed in your store yet"; } ?>
My guess is the problem lies in this line, as its the only one with mysql_error() But you may want to look at this (un-related) php line also, for a spelling mistake Hope this helps?
Assuming that price is a numeric field: $sql = mysql_query("INSERT INTO products(product_name, price, details, category, subcategory, date_added) VALUES('$product_name',$price,'$details','$category','$subcategory',now()") or die(mysql_error()); ($price, not '$price') You can't insert a character value into a numeric field.
Looks like an old thread, but it someone is looking... You did not close the bracket after "VALUES" that is why you are getting that error. You should have a ) after now(). Try this. mysql_query("INSERT INTO products(product_name, price, details, category, subcategory, date_added) VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die(mysql_error());