bigsenator bigsenator - 5 months ago 8x
PHP Question

Generate specific data from database?

I have been working a some code that contains a form which asks you to enter the ID of a customer and once the form is submitted the PHP behind the form will access the database and display a table of information on the ID that was entered.

However my PHP doesn't seem to be working, when i enter an ID and hit submit i get this error message "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '987451'' at line 1"

Here is my HTML :


<h1>Task 8</h1>

<form id="customerform" action="task8.php" method="get">

<p>please fill in the following form</p>
<p>Customer ID: <input type="text" name="custID" /><br/>
<p><input type="submit" value="Submit">
<input type="reset" value="Reset"></p>


Here is my PHP :


$conn = mysql_connect("localhost", "twa312", "dam6av9a");
mysql_select_db("warehouse312", $conn)
or die ('Database not found ' . mysql_error() );

$cust = $_GET["custID"];
$sql = "select * from orders";
$sql = $sql . "where customerID = '$cust'";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());

<p>information for customer ID <?php echo $cust ?> :</p>

<?php if (mysql_num_rows($rs)>0){ ?>

<table width="700" border="1" cellpadding="10" summary="Customer Details">

<th>Order Number</th>
<th>Order Date</th>
<th>Shipping Date</th>

<?php while ($row = mysql_fetch_array($rs)) { ?>

<td><?php echo $row["orderNumber"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shippingDate"]?></td>

<?php } mysql_close($conn); ?>


<?php }
else {?> <p>No customer with ID <?php echo $cust ?> in the database</p>
<?php } ?>


If you need any more information just ask and any help would be really appreciated!


You're missing a space between your tablename name and WHERE:

$sql = "select * from orders";
$sql = $sql . "where customerID = '$cust'";

should be

$sql = "select * from orders";
$sql = $sql . " where customerID = '$cust'";

or just

$sql = "select * from orders where customerID = '$cust'";

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Also, you're wide open to SQL injections