I have problem in sql
The SQL Error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '58.47 €'')' at line 1
The sql code:
mysql_query("INSERT INTO ponudba
(ime_ponudbe,zaporedna_stevilka,id_podjetja,veljavnost,znesek) VALUES('$ime_ponudbe','$zaporedna_stevilka','$id_podjetja','$veljavnost,'$znesek'')");
zaporedna_stevilka -> value 1
id_podjetja -> value 2
veljavnost -> value 17.11.2010
znesek-> value is 58.47
Try:
mysql_query("INSERT INTO ponudba (ime_ponudbe,zaporedna_stevilka,id_podjetja,veljavnost,znesek) VALUES('$ime_ponudbe','$zaporedna_stevilka','$id_podjetja','$veljavnost,'$znesek')");
You have an extra ' (apostrophe) at the end of the last variable.
Change '$znesek'' to '$znesek'. You have used a double quote. Should be a single quote.
<?php
$podjetje = $_POST['podjetje'];
$veljavnost = $_POST['datepicker'];
$naziv_artikla_storitve = $_POST['naziv_artikla_storitve'];
$kolicina = $_POST['kolicina_st'];
$storitev_em = $_POST['em_ime'];
$cena_st = $_POST['cena_st'];
$cena_popust = $_POST['cena_popust'];
$cena_s_popustom = $_POST['cena_s_popustom'];
$vrednost_st = $_POST['vrednost_st'];
$znesek = $_POST['znesek'];
$popust_na_vse = $_POST['popust_na_vse'];
$z_z_popustom = $_POST['z_z_popustom'];
$ddv = $_POST['ddv'];
$koncni_znesek = $_POST['koncni_znesek'];
$datum = date("d.m.Y");
$preveri_zap_stevilko = mysql_fetch_array(mysql_query("SELECT max(zaporedna_stevilka) as zaporedna_stevilka FROM ponudba"));
$stevilka = $preveri_zap_stevilko['zaporedna_stevilka'];
$preveri_st = mysql_query("SELECT zaporedna_stevilka FROM ponudba ORDER BY zaporedna_stevilka ASC");
$i=1;
while ($row = mysql_fetch_array($preveri_st))
{
if($i != $row['zaporedna_stevilka'])
{
$manjkajoca_stevilka = $i;
break;
}
$i++;
}
$vel = sizeof($manjkajoca_stevilka);
if($vel == 0)
{
$zaporedna_stevilka = $stevilka+1;
}
else
{
$zaporedna_stevilka = $manjkajoca_stevilka;
}
$dobi_id_podjetja = mysql_fetch_array(mysql_query("SELECT * FROM stranka WHERE ime_podjetja='$podjetje'"));
$id_podjetja = $dobi_id_podjetja['id'];
$arr = str_split($zaporedna_stevilka);
$vel = sizeof($arr);
if($vel == 1)
{
$nova_st = "0000".$zaporedna_stevilka;
}
if($vel == 2)
{
$nova_st = "000".$zaporedna_stevilka;
}
if($vel == 3)
{
$nova_st = "00".$zaporedna_stevilka;
}
if($vel == 4)
{
$nova_st = "0".$zaporedna_stevilka;
}
if($vel == 5)
{
$nova_st = $zaporedna_stevilka;
}
$ime_ponudbe = "P-".$nova_st."-".$datum;
mysql_query("INSERT INTO ponudba (ime_ponudbe,zaporedna_stevilka,id_podjetja,veljavnost,znesek) VALUES('$ime_ponudbe','$zaporedna_stevilka','$id_podjetja','$veljavnost,'$znesek')");
?>
What character set is the mysql table? Is '€' valid? As others mentioned, the last quote mark is wrong. Also, more dangerously, this code smells bad of SQL Injection vulnerability. Please research placeholders to handle your parameters.
A few recommendations:
Enclose all field names between ` characters
Where you are referencing variables/values, replace:
'$variable' with '".mysql_real_escape_string ($variable)."'
If your table field znesek is double, make sure $znesek is double too, looks like it's string.