I am getting a error when trying to post. I can not seem to figure it out.I have change the script several time and still get the error. the error is Insertion Failed:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''10','10','10','40','0')' at line 4
The data come from a form in which the the the values are entered, The 0 is the calculated field from the script.
Here is the script
<?php
$err = array();
if($_POST['doPickup'] == 'Enter Pickup')
if(empty($err)) {
$pallets_a = $_post['grade_a_pal'];
$pallets_b = $_post['grade_b_pal'];
$pallets_c = $_post['grade_c_pal'];
$pallets_cus = $_post['cus_pal'];
$companyid = $_POST['companyid'];
$sql_grd = "SELECT companyid, pu_price, grade_a_pu, grade_b_pu, grade_c_pu, custom_pu FROM company WHERE companyid = $companyid";
$result_grd=mysql_query($sql_grd) or die(mysql_error());
while ($row_grd=mysql_fetch_array($result_grd))
{
$price_a = $row_grd["grade_a_pu"];
$price_b = $row_grd["grade_b_pu"];
$price_c = $row_grd["grade_c_pu"];
$price_cus = $row_grd["custom_pu"];
}
$pallet_a_cr = $pallets_a*$price_a;
$pallet_b_cr = $pallets_b*$price_b;
$pallet_c_cr = $pallets_c*$price_c;
$pallet_cus_cr = $pallets_cus*$price_cus;
$total_credit = $pallet_a_cr + $pallet_b_cr + $pallet_c_cr + $pallet_cus_cr;
$sql_insert = "INSERT into `pickups`
(`companyid`,`pu_date`,`trail_num`,`grade_a_pal`,`grade_b_pal`,`grade_c_pal`,`cus_pal`,`pal_pu`,`credit`)
VALUES
('$_POST[companyid]','$_POST[pu_date]','$_POST[trail_num]','$_POST[grade_a_pal]',,'$_POST[grade_b_pal]','$_POST[grade_c_pal]','$_POST[cus_pal]','$_POST[pal_pu]','$total_credit')";
mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
?>'
EDIT: Error is fixed but the calculation still does not work. any suggestions?
The problem looks like it is at:
'$_POST[grade_a_pal]',,'$_POST[grade_b_pal]'
That double comma is breaking it, I would bet.
Take one of the commas out. (This will also fix the inevitable field and value count don't match that will likely appear.)
Also, you are extremely vulnerable to SQL injection. You should be using prepared statements as opposed to directly placing the variables in the query.
You have two comma following one after one. You have to remove one.
$sql_insert = "INSERT into `pickups`
(`companyid`,`pu_date`,`trail_num`,`grade_a_pal`,`grade_b_pal`,`grade_c_pal`,`cus_pal`,`pal_pu`,`credit`)
VALUES
('$_POST['companyid']','$_POST['pu_date']','$_POST['trail_num']','$_POST['grade_a_pal']','$_POST['grade_b_pal']','$_POST['grade_c_pal']','$_POST['cus_pal']','$_POST['pal_pu']','$total_credit')";
You also forgot the quotes for the indexes of an array ($_POST), you need to add them. They won't stop PHP from processing the script, but raise a PHP warning.
Also you are still using the deprecated mysql_* functions. You might want to do yourself a favor and migrate to PDO and use Prepared Statements, to prevent SQL injections.