if command

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

if command

Post by joecrack »

hei i have this if command and its not working. the error is:
server version for the right syntax to use near 'WHERE projnr='8888' AND customernr='88.88.'' at line 1
But:
customernr='".$_POST['customernr']."
is right- isnt it???
The whole code is:

Code: Select all

if($actdeldate>0){
	$sql = "UPDATE sam_date_val SET plannedmonth='0000-00-00' WHERE projnr='" .$_POST['projnr']."' AND customernr='".$_POST['customernr']."'";

        mysql_query ( $sql ) or die ( 'MySQL-Fehler: ' . mysql_error () ); 

}
wyred
Forum Commoner
Posts: 86
Joined: Mon Dec 20, 2004 1:59 am
Location: Singapore

Post by wyred »

I usually echo the $sql statement variable together in die() function, makes troubleshooting a lot easier. Why don't you try that and copy and paste the executed SQL statement here?
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

hai
i found the problem ... i have another if/update command before this one in the script, and if i take that one out it is working. it also has this in it:

Code: Select all

$sql = "UPDATE sam_date_val SET tovalue=$tovalue WHERE projnr='".$_POST['projnr']."' AND customernr='".$_POST['customernr']."'";
        mysql_query ( $sql ) or die ( 'MySQL-Fehler: ' . mysql_error () );
So could that be the problem ????
I mean it has to be because when i delete it - it is working!!!
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

not nessecarily..since we don't have all the code it's kind of hard to speculate....
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

No Prob there u go =)

Code: Select all

if($cortval3>0){
   $tovalue=$tovalue+$cortval1+$cortval2+$cortval3;	
}
    elseif($cortval2>0){
        $tovalue=$tovalue+$cortval1+$cortval2;
    }
        elseif($cortval1>0){
        $tovalue=$tovalue+$cortval1;
        } 
$sql = "UPDATE sam_date_val SET tovalue=$tovalue WHERE projnr='".$_POST['projnr']."' AND customernr='".$_POST['customernr']."'";

        mysql_query ( $sql ) or die ( 'MySQL-Fehler: ' . mysql_error () ); 



if($actdeldate>0){
	$sql2 = "UPDATE sam_date_val SET plannedmonth=$plannedmonth WHERE projnr='" .$_POST['projnr']."' AND customernr='".$_POST['customernr']."'";

        mysql_query ( $sql2 ) or die ( 'MySQL-Fehler: ' . mysql_error () );
}
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

hum...try this....maybe...

Code: Select all

if ($cortval3>0)
{
   $tovalue=$tovalue+$cortval1+$cortval2+$cortval3;    
}
else if($cortval2>0)
{
  $tovalue=$tovalue+$cortval1+$cortval2;
}
else if($cortval1>0)
{
  $tovalue=$tovalue+$cortval1;
}

$projnr=$_POST['projnr'];
$customernr=$_POST['customernr'];

$sql = "UPDATE sam_date_val SET tovalue='$tovalue' WHERE (projnr='$projnr' AND customernr='$customernr')";

mysql_query ( $sql ) or die ( 'MySQL-Fehler: ' . mysql_error () );


if($actdeldate>0)
{
     $sql2 = "UPDATE sam_date_val SET plannedmonth='$plannedmonth' WHERE (projnr='$projnr' AND customernr='$customernr')";

        mysql_query ( $sql2 ) or die ( 'MySQL-Fehler: ' . mysql_error () );
}
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

NO still same error:
server version for the right syntax to use near 'WHERE projnr='8888' AND customernr='88.88.'' at line 120
(line 120 is the second update command)
Why is it a problem to use it a second time ???
I mean it doesnt say anything about the first update!
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

echo the two SQL commands and compaer them..
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

hmmm .. i write the same echo after both UPDATEs and its not showing me the second one....
same: echo"$sql"
and nothing at the second UPDATE ????? 8O
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

because the second one is called sql2?:-d
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

nope - renamed it !!!
both "sql " now !!!
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

You'll need to see what the actual string of the SQL statement contains in order to suss the error, which you are on track to doing.

But another very vital point about your use of SQL and $_POST .. you are so, so open to SQL Injection attacks, please read up on PHP+MySQL security. (For example, take a look at the mysql_real_escape_string() function)
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

the script i haveis only available on the intranet of my firm....
do i still have to change things because of sql injections???
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Yes. As SQL injection can be accidental as well as deliberate. (if any of your $_POST values contain an apostrophe for example, your script will break)
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

so do you have any suggestions???
or do you have a good url or tutorial???
and the script is finally working ... hbut still one thing i need to know.
if i updatet like this:

Code: Select all

$sql = "UPDATE sam_date_val SET tovalue=tovalue+$tovalue WHERE (projnr='$projnr' AND customernr='$customernr' AND contrdate='$contrdate')";
        mysql_query ( $sql ) or die ( 'MySQL-Fehler: ' . mysql_error () );
And now i want to save the value again (sam_date_val.tovalue).
How can i get this new Value so i can save it like
$newsamtoval=......;

thx
joe
Post Reply