SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2010
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    trouble with update

    Hi, please take a look at my code and advise what's wrong. Following is an error message pertaining to the code that follows:
    -----------------------------------------------------
    Update query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE acctno='xxx-xxx-xxxx'' at line 5
    -----------------------------------------------------
    following is the php document code
    -----------------------------------------------------
    HTML Code:
    <html><head> 
    <!--when the paidamt is keyed in, the current date & paid code are autoinserted-->
    <script type="text/javascript" src="payment.js"></script>
    <!--<script type="text/javascript">
    window.google_analytics_uacct = "UA-256751-2";
    </script>
    <script type="text/javascript">
    window.google_analytics_uacct = "UA-256751-2";
    </script>-->
    </head><body bgcolor="#ccffff"><b><center>
    PHP Code:
    <?php
    // error_reporting(0);
    error_reporting(E_ALL E_NOTICE);
    mysql_connect('localhost','root','my_password');
    mysql_select_db('homedb') or die( "Unable to select database");
    if(!empty(
    $_POST["submit"]))
    {
    $acctno $_POST['acctno'];
    $query="SELECT * FROM oocust Where acctno='$acctno'";
    $result=mysql_query($query);
    if(
    mysql_num_rows($result))
    {
    echo 
    date('m/d/y');
    echo 
    "<form action='#' method='post'>Invoice Payment :<br /><br />
    <table cellspacing=0 cellpadding=0 border=1>         
    <th colspan=4></th> 
    <th colspan=2>amounts</th>
    <tr>
    <th>check#</th>          
     <th>acct#</th>
    <th>Name</th>          
    <th>Descr</th>
    <th>Paid</th>
    <th>Due</th>
    <th>Date Paid</th>
    <th>pd</th>
       </tr>"
    ;    
    while(
    $row mysql_fetch_assoc($result))
       {
    echo 
    "<tr>
    <td><input type='text' size=5 name='checkno' value='" 
    $row['checkno'] . "' ></td>
    <td><input type='text' readonly size=15 name='acctno' value='" 
    $row['acctno'] . "' ></td>
    <td><input type='text' readonly size=25 name='bname' value='" 
    $row['bname'] . "'></td>
    <td><input type='text' readonly size=25 name='purpose' value='" 
    $row['purpose'] . "'></td>

    <td><input type='text' size=7 id='paidamt' name='paidamt' value='" 
    $row['paidamt'] ."' 
    onBlur='calculate_paid(this)'></td>

    <td><input type='text' size=7 id='amtdue' name='amtdue' value='" 
    $row['amtdue'] . "'></td>
    <td><input type='text' size=10 id='datepaid' name='datepaid' value='" 
    $row['datepaid'] . "'></td>
    <td><input type='text' size=1 id='pd' name='pd' value='" 
    $row['pd'] . "' ></td>           
          </tr>"
    ;
    }
    echo 
    "</table>
    <input type='submit' name='update' value='make payment' />
    </form>"
    ;
    }  
     else{echo 
    "invalid entry for account# $acctno.<br />Select another?<br />";}
    }
    if(!empty(
    $_POST["update"]))
    {
    $sql "UPDATE oocust SET 
      amtdue = '" 
    mysql_real_escape_string($_POST['amtdue']) . "', 
     datepaid = '" 
    mysql_real_escape_string($_POST['datepaid']) . "',  
     pd = '" 
    mysql_real_escape_string($_POST['pd']) . "',     
          WHERE acctno='"
    .$_POST["acctno"]."'";
    mysql_query($sql) or die("Update query failed: " mysql_error());
    echo 
    "Record for acct# ".$_POST["acctno"]." has been updated";
    }
    ?>
    HTML Code:
    <form method="post" action="#">
    <br />
    <input type="text" name="acctno"/> <p>
    <input type="submit" name="submit" value="select acct#."/><p>
    </form>
    
    </body></html>
    ----------------------------------------------------
    following is the payment.js - the if statement doesn't work ?
    ----------------------------------------------------
    Code:
    function $_(IDS) { return document.getElementById(IDS); }
    function calculate_paid() 
      {
       var pd = document.getElementById("pd");
       var datepaid = document.getElementById("datepaid");
       var paidamt = document.getElementById("paidamt");
       var amtdue = document.getElementById("amtdue");  
       var shipamt = document.getElementById("shipamt");  
       var dateNow = new Date 
       var dayNow = dateNow.getDate();
       var datePaid = (dateNow.getMonth()+1)+"/"+dateNow.getDate()+"/"+dateNow.getFullYear();
    datepaid.value = datePaid;    
    amtdue.value = parsefloat(amtdue.value) + parsefloat(shipamt.value) - parsefloat(paidamt.value);
    // *********************   
    if (amtdue.value=="0")
      { pd.value = "P"; }
    //********************
      }

  2. #2
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,880
    Mentioned
    74 Post(s)
    Tagged
    6 Thread(s)
    Try this:

    PHP Code:

    <?php 
      
    // error_reporting(0); 
      // error_reporting(E_ALL ^ E_NOTICE); 

    error_reporting(-1); // Maximum errors
    mysql_connect('localhost','root','my_password'); 
    mysql_select_db('homedb') or die( "Unable to select database"); 

    if(!empty(
    $_POST["submit"])) 

       
    $acctno = isset($_POST['acctno']) ? $_POST['acctno'] : FALSE// Ensure $acctno has a value
       
    if( ! $acctno)
       {
         echo 
    'Yes we have NO $acctno ???';
         die;
       }

       
    $query  'SELECT * FROM oocust Where acctno=" ' .$acctno .' " '
      
    $result=mysql_query($query); 
      if(
    mysql_num_rows($result)) 
      {  
        echo 
    date('m/d/y');
        ...
        ...
    Last edited by John_Betong; Apr 9, 2014 at 00:22. Reason: mis-matched quotes
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Wolfshade on earning Member of the Month for August 2014

  3. #3
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    You might also try escaping the post
    Code:
    $acctno = mysql_real_escape_string($_POST['acctno']);
    You might need to bracket that variable because of the dashes.
    Code:
    $query="SELECT * FROM oocust Where acctno='{$acctno}'";

  4. #4
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Duh... UPDATE...

    You have a comma after pd = '" . mysql_real_escape_string($_POST['pd']) . "',
    PHP Code:
    $sql "UPDATE oocust SET 
      amtdue = '" 
    mysql_real_escape_string($_POST['amtdue']) . "', 
     datepaid = '" 
    mysql_real_escape_string($_POST['datepaid']) . "',  
     pd = '" 
    mysql_real_escape_string($_POST['pd']) . "'     
          WHERE acctno='"
    .$_POST["acctno"]."'"
    I'm sure you've heard it... Move away from mysql and don't post directly to query.

  5. #5
    SitePoint Zealot
    Join Date
    Jun 2010
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes and thanks. I'm trying absorb the info. it's like comparing Cobol to Rpg


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •