Well, the error is in the query of course, hebu paste here what <span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">echo $query; </span>gives you.<br><br>Then, on a totally unrelated matter, i hope your application is not on the internet coz its vulnerable to SQL Injection. You are using the form variables <span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">$_POST[&#39;status&#39;], </span><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">$_POST[&#39;reason&#39;] and </span><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">$_POST[&#39;policy&#39;]</span><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);"> </span>directly in the query without any visible form of sanitizing, thats a bad bad idea, extremely bad idea!<br>
<br>At the very least, use the PHP function striptags() and htmlentities(). Check these two articles for more detailed background information:<br><br><a href="http://blogs.msdn.com/b/raulga/archive/2007/01/04/dynamic-sql-sql-injection.aspx">http://blogs.msdn.com/b/raulga/archive/2007/01/04/dynamic-sql-sql-injection.aspx</a><br>
<a href="http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet</a><br><br><br><div class="gmail_quote">On Thu, Aug 5, 2010 at 12:07 PM, Calvin Omari <span dir="ltr">&lt;<a href="mailto:calvinebarongo@gmail.com">calvinebarongo@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><br clear="all">Updating sql server using php is am using the following code and am getting an error<br>
<br><br><br><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">&lt;?php require_once(&#39;mssqldbcon.php&#39;); ?&gt;</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">&lt;?php </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">if(isset($_POST[&#39;status&#39;]))</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">{        </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $policyNumber=($_POST[&#39;policy&#39;]);</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $bso_id=($_SESSION[&#39;myid&#39;]);</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $bso_status=($_POST[&#39;status&#39;]);</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $reason=($_POST[&#39;reason&#39;]); </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $mgr_status=($_POST[&#39;mgr_status&#39;]);</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">    </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $query = &quot;update new_policies set bso_id = $bso_id, bso_status =$bso_status, Decision_bso=$reason, bso_date = GETDATE()</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        where Policy_Number = $policyNumber&quot;;</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">         echo $query;</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $result = mssql_query($query);</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">        $info = &quot;&lt;div class=\&quot;message\&quot;&gt;Proposals Submitted Successful&lt;/div&gt;&quot;;</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">   </span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">}</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">else{</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">         $info = &quot; Submisson error&quot;;</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);">

<span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">}</span><br style="font-family: courier new,monospace; color: rgb(51, 51, 255);"><span style="font-family: courier new,monospace; color: rgb(51, 51, 255);">?&gt;</span><br>

<br><br><br>-- <br><br>This is the error I get<br>It is our light, not our darkness, that frightens us.<br><br><br><b>Warning</b>: mssql_query() [<a href="http://function.mssql-query" target="_blank">function.mssql-query</a>]: message: Line 1: 
Incorrect syntax near &#39;,&#39;. (severity 15) in 
<b>C:\xampp\htdocs\newbusiness\checkConfirm.php</b> on line 
<b>37</b><br><br><b>Warning</b>: mssql_query() [<a href="http://function.mssql-query" target="_blank">function.mssql-query</a>]: Query failed in 
<b>C:\xampp\htdocs\newbusiness\checkConfirm.php</b> on line <b>37</b><br><br><br><br><br><br><br>I will much appreciate help or idea<br><font color="#888888"><br><br>Calvin Omari Systems Developer/Designer<br><a href="http://www.facebook.com/barongo" target="_blank">http://www.facebook.com/barongo</a> <br>


</font><br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Server donations spreadsheet<br>
<a href="http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en" target="_blank">http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en</a><br>

------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br>