Member Avatar for andrewnim

Hi all
getting this error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

if($_POST['paypalsubmit']) {
$upsql = "UPDATE orders SET status =2, payment_type =1 WHERE id =" . $_SESSION['SESS_ORDERNUM'];
$upres = mysql_query($upsql)or die(mysql_error());

$itemssql = "SELECT total FROM orders WHERE id =" . $_SESSION['SESS_ORDERNUM'];

$itemsres = mysql_query($itemssql);
$row = mysql_fetch_assoc($itemsres);

if($_SESSION['SESS_LOGGEDIN']) { unset($_SESSION['SESS_ORDERNUM']);
} else
	{ session_register("SESS_CHANGEID");
	  $_SESSION['SESS_CHANGEID'] = 1; }
	header("Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=you%40youraddress.com&item_name=".urlencode($config_sitename) . "+Order&item_number=PROD" . $row['id'] ."&amount= " . urlencode(sprintf('%.2f', $row['total'])) . "&no_note=1&currency_code=GBP&lc=GB&submit.x=41&submit.y=15");
	}

else if ($_POST['chequesubmit']) { $upsql = "UPDATE orders SET status =2, payment_type =2 WHERE id =" . $_SESSION['SESS_ORDERNUM'];
$upres = mysql_query($upsql);

if($_SESSION['SESS_LOGGEDIN']) { unset($_SESSION['SESS_ORDERNUM']);
} else
{ session_register("SESS_CHANGEID"); $_SESSION['SESS_CHANGEID'] = 1; }

Tried changing all quote around and read every forum post i can find, still no luck. Please help.

  • 2 Contributors
  • 4 Replies
  • 125 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by andrewnim
Member Avatar for darkagn

Are you sure that your $_SESSION is set correctly? Try echo'ing your sql statement before you send it to mysql_query and see...

Member Avatar for andrewnim

Thanks darkagn
The solution was much simpler and came from another coder.

if($_POST['paypalsubmit']) {
$upsql = "UPDATE orders SET status ='2', payment_type ='1' WHERE id ='" . $_SESSION['SESS_ORDERNUM'] . "'";
$upres = mysql_query($upsql)or die(mysql_error());

$itemssql = "SELECT total FROM orders WHERE id = '" . $_SESSION['SESS_ORDERNUM'] . "'";

as you can see its all in the quotes.

Member Avatar for darkagn

Ah ok, so are all of your fields of type VARCHAR? Might be worthwhile changing to NUMERICs if you are going to be joining tables a bit, that is if that doesn't mess everything else up!

Member Avatar for andrewnim

No those fields are all int(11) I try to minimize use of Varchars. But thanks for the help.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.