I am trying to make a simple invoicing program. I have 1 form page where I can input customers and it saves that data to the table "customers" I then have a page where I can input invoice details. It pulls the customer information from the "customers" table and then saves that information along with the added information such as "cost" to the "invoice" table. It works, but as soon as I input any new information such as "cost" I get a syntax error.
This is the code that pulls the info from the "customers" table.
$gresult = ''; //declare global variable
if(isset($_POST["action"]) and $_POST["action"]=="edit"){
$id = (isset($_POST["ci"])? $_POST["ci"] : '');
$sql = "select contact_id, first_name, last_name,
contact_no, address,
company, email, cost from customers
where contact_id = $id";
$result = mysqli_query($link, $sql);
if(!$result)
{
echo mysqli_error($link);
exit();
}
$gresult = mysqli_fetch_array($result);
include 'invoiceupdate.php';
exit();
Which is then passed to invoiceupdate.php which is just a simple web form.
The results are posted to invoiceadd.php which contains this code.
$sql = "insert into invoice set
first_name = '$fname',
last_name = '$lname',
contact_no = '$contact_no',
address = '$ResAddress',
company = '$Company',
email = '$CompAddress'
cost = '$cost'";
Everything works fine if I take out cost = '$cost' but if its in there I get "Error Saving Data. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'cost = '5'' at line 9"