Thanks Benjamin's idea did the trick, thanks all of you Close of thread On Thu, Aug 5, 2010 at 12:20 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Well, the error is in the query of course, hebu paste here what echo $query; gives you.
Then, on a totally unrelated matter, i hope your application is not on the internet coz its vulnerable to SQL Injection. You are using the form variables $_POST['status'], $_POST['reason'] and $_POST['policy'] directly in the query without any visible form of sanitizing, thats a bad bad idea, extremely bad idea!
At the very least, use the PHP function striptags() and htmlentities(). Check these two articles for more detailed background information:
http://blogs.msdn.com/b/raulga/archive/2007/01/04/dynamic-sql-sql-injection.... http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
On Thu, Aug 5, 2010 at 12:07 PM, Calvin Omari <calvinebarongo@gmail.com>wrote:
Updating sql server using php is am using the following code and am getting an error
<?php require_once('mssqldbcon.php'); ?> <?php if(isset($_POST['status'])) { $policyNumber=($_POST['policy']); $bso_id=($_SESSION['myid']); $bso_status=($_POST['status']); $reason=($_POST['reason']); $mgr_status=($_POST['mgr_status']);
$query = "update new_policies set bso_id = $bso_id, bso_status =$bso_status, Decision_bso=$reason, bso_date = GETDATE() where Policy_Number = $policyNumber";
echo $query;
$result = mssql_query($query); $info = "<div class=\"message\">Proposals Submitted Successful</div>";
} else{ $info = " Submisson error"; } ?>
--
This is the error I get It is our light, not our darkness, that frightens us.
*Warning*: mssql_query() [function.mssql-query]: message: Line 1: Incorrect syntax near ','. (severity 15) in * C:\xampp\htdocs\newbusiness\checkConfirm.php* on line *37*
*Warning*: mssql_query() [function.mssql-query]: Query failed in * C:\xampp\htdocs\newbusiness\checkConfirm.php* on line *37*
I will much appreciate help or idea
Calvin Omari Systems Developer/Designer http://www.facebook.com/barongo
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Our greatest fear is not that we are inadequate, but that we are powerful beyond measure. It is our light, not our darkness, that frightens us. Calvin Omari Systems Developer/Designer http://www.facebook.com/barongo