You have an error in your SQL syntax; check the manual that corresponds to your MySQL server

Question

mysql_query("
    INSERT INTO trades (id, cpair, oprice, cprice, bos, ooc, dateandtime) 
    VALUES (null, $currency, $openingprice, $closingprice, $buysell, 
    $openorclosed, $datetime"
);

What's wrong with this code that is making is error like this?

Error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , 1, 1, 2012-10-12 13:57:08' at line 1

Answer 1

Wow! For one, you're not treating strings like strings. You're just echoing out anything into that query. Bad idea, and as you can see, not going to work.

you need to add single quotes around each var that is a string in your VALUES() statement at least.

mysql_query("
    INSERT INTO trades (id, cpair, oprice, cprice, bos, ooc, dateandtime) 
    VALUES (null, $currency, $openingprice, $closingprice, $buysell, 
    $openorclosed, '$datetime'"
);

Next step is to switch to PDO and sanitize your input.

Answer 2

Any strings need to be quoted in the MySQL command string, and you might need to invoke functions for converting the datetime from a string.

Answer 3

You cannot insert a NULL for the id, this is probably a required field.

If it is auto-incrementing, just ignore it and it will automatically fill itself in.