Query was empty

Why do I get an error:
ERROR: Remarks could not be added.Query was empty

My code is here:

FILE : pshow.php:

<?php
session_start();

?>
<body> 

<?php
$i='';
$added='';
$alreadyexists='';

mysql_connect("localhost","kamlaneh_mk","sbbsiet12") or die(mysql_error()); 

 mysql_select_db("kamlaneh_kam") or die(mysql_error()); 
 


$tmp='';
$sql=mysql_query("select * from teacher order by teachername ASC", $connection);
while ( $row = mysql_fetch_assoc($sql) ){

    $first_letter = mb_substr($row['teachername'],0,1);
    if($tmp!=$first_letter){
        $tmp = $first_letter;
        echo '<h3 >'.$tmp.'</h3>';
        //$id=$row['teacherid'];
    }
    echo "<a href='teacherreports.php?id=".$row['teacherid']."'>".$row['teachername']."</a><br />";

} //end while

mysql_data_seek($row, 0);
 
 
 if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if(empty($_POST['startdate']))
{
$i= "* Please enter a startdate";
}
if(empty($_POST['enddate']))
{
$i= "* Please enter an enddate";
}
else
{
$i='';
$startdate=$_POST['startdate'];
$enddate=$_POST['enddate'];


$result=mysql_query("SELECT * FROM teachersdiary, dateslots, teacher WHERE teacher.teacherid=teachersdiary.teacherid AND   dateslots.slotid=teachersdiary.slotid AND dateslots.startdate='$startdate' AND dateslots.enddate='$enddate'");
//$checked=$part['checked'];

echo "Reports of all teachers from ".$startdate." to ".$enddate." :";

//if ($checked=='yes')
//{
//$label="CHECKED";
//}
//else
//{
//$label="NOT CHECKED";
//}

function creategroup($result)
{
echo "<table border='1' p class ='style15' align='left'>
<tr>
<th>SERIAL NUMBER</th>
<th>TEACHER</th>
<th>SUBJECT/CLASS TIME</th>
<th>CONTENT/SUBTOPICS AND TEACHING POINTS </th>
<th>TEACHING AIDS/RESOURCES </th>
<th>INSTRUCTIONAL SEQUENCE (TEACHING METHODOLOGY WITH STUDENT ACTIVITIES) </th>
<th>APPLICATION ACTIVITY(PRACTICES AND/OR REFLECTION) </th>
<th>ASSESSMENT STRATEGIES(METHODS FOR OBTAINING EVIDENCE OF LEARNING) </th>
<th>LEARNING OUTCOMES</th>
<th>REMARKS</th>
<th>NEW REMARKS</th>

</tr>";
$num=1;
  while($group = mysql_fetch_array($result))
  {
  echo "<td valign='top'>" . $num. "</td>";
  echo "<td valign='top'>" . $group['teachername'] . "</td>";
  echo "<td valign='top'>" . $group['subject'] . "</td>";
  echo "<td valign='top'>" . $group['content'] . "</td>";
  echo "<td valign='top'>" . $group['teachingaids'] . "</td>";
  echo "<td valign='top'>" . $group['instructionalsequence'] . "</td>";
  echo "<td valign='top'>" . $group['applicationactivity'] . "</td>";
  echo "<td valign='top'>" . $group['assessmentstrategies'] . "</td>";
  echo "<td valign='top'>" . $group['learningoutcomes'] . "</td>";
  //echo "<td><input name='Submit' type='submit' class='style2' value='". $label. "'/></td>";
  //if ($group['premarks']=='')
 // {
  
  //}
  //else
 // {
  echo "<td valign='top'><table border=1><tr><td><b>Principal's Remarks</b><br />" . $group['premarks'] . "<br />Date: ".$group['pdate']."</td></tr><tr><td><b>Vice-Principal's Remarks</b><br />" . $group['vremarks'] . "<br />Date: ".$group['vdate']."</td></tr><tr><td><b>Coordinator's Remarks</b><br />" . $group['cremarks'] . "<br />Date: ".$group['cdate']."</td></tr><tr><td><b>HOD's Remarks</b><br />" . $group['hremarks'] . "<br />Date: ".$group['hdate']."</td></tr></table></td>";
  echo "<td valign='top'><form method='post' action='submitfeedback.php'><textarea name='txtremarks' id='txtremarks'></textarea> <input name='Submit' type='submit' class='style2' value='REMARKS FOR ". $group['teachername']." ' /><input type='hidden' name='id' value=".$group['diaryid']." /></form></td>";
  //}
  

  $num++;
  echo "</tr>";
 }
 echo "</table>";    
  }


 
creategroup($result);

    }
}


?>


  <span class="error"> <?php echo $i;?></span><br /> <br />
 <span class="error"> <?php echo $alreadyexists;?></span><br /> <br />
      <span class="error"> <?php echo $added;?></span><br /> <br />



</body>
<html>




FILE:  submitfeedback.php

<?php
session_start();

$user_check=$_SESSION['login_user'];
$connection = mysql_connect("localhost","kamlaneh_mk","sbbsiet12");
$db = mysql_select_db("kamlaneh_kam");

$ses_sql=mysql_query("select * from manager where username='$user_check'");
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['managername'];
$designation=$row['designation'];

$remarks=$_POST['txtremarks'];
$id=$_POST['id'];
//echo $id;

$i='';
$added='';
$alreadyexists='';


 if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if(empty($_POST['txtremarks']))
{
$i= "* Please enter remarks";
}

else
{
$i='';

switch($designation)
  {
  case "principal":
  $query="update teachersdiary set premarks='$remarks', pdate=now() where diaryid='$id'";
  break;
  case "viceprincipal":
  $query="update teachersdiary set vremarks='$remarks', vdate=now() where diaryid='$id'";
  break;
  case "coordinator":
  $query="update teachersdiary set cremarks='$remarks', cdate=now() where diaryid='$id'";
  break;
  case "hod":
  $query="update teachersdiary set hremarks='$remarks', hdate=now() where diaryid='$id'";
  break;
  
  }

//$query="update teachersdiary set premarks='$remarks', pdate=now() where diaryid='$id'";
mysql_query($query) or die ("ERROR: Remarks could not be added." . mysql_error());
$added="<br />Congratulations! Remarks are successfully posted.<br />";
    }
}


?>


  <span class="error"> <?php echo $i;?></span><br /> <br />
 <span class="error"> <?php echo $alreadyexists;?></span><br /> <br />
      <span class="error"> <?php echo $added;?></span><br /> <br />

Maybe because your query is commented out?
Remove // from the beggining of that string

You have a couple of big problems with your code, one of them is a major problem:

The major problem is that it’s wide open to potential SQL Injection attack as you’re letting user submitted data near the database without escaping it or validating it.

The second problem will also be a major problem if your host decides to upgrade the PHP version of your server to PHP7 as the old mysql_* extension was deprecated in version 5.5 of PHP and is being removed from version 7 of PHP.

You should be migrating all code over to use either the mysqli_* extension or PDO and whichever of them two you use you should be using prepared statements when dealing with any data that has been submitted by the user. You should also always validate all user submitted data to make sure it’s what you’re expecting to be receiving from the user.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.