kahodges Posted August 9, 2010 Share Posted August 9, 2010 I'm trying to build a small php script to help automate adding vacation time to keep track of employees available vacation. I can run the sql below, and it executes fine: Update `vacation` set avail_vacation = `avail_vacation` - `used` where employee = "employee1"; I'm trying to build this into a php function. This is what I have so far: <?php function sql_addition() { global $conn; global $_POST; $sql = "update `vacation` set `avail_vacation`= `avail_vacation` + `added` where employee = .sqlvalue(@$_POST["employee"])"; mysql_query($sql, $conn) or die(mysql_error()); } <html> <tr> <td class="hr"><?php echo htmlspecialchars("Add Hours")." " ?></td> <td class="dr"><input type="text" name="added" value="<?php echo sql_addition('"', '"', trim($row["added"])) ?>"></td> </tr> ?> </html> It's showing the error below where the field should be for submitting hours to add: <input type="text" name="added" value="You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
schilly Posted August 9, 2010 Share Posted August 9, 2010 Couple things: -you call sql_addition with 3 arguments. the function declaration doesn't take in any -missing a semi colon <?php echo htmlspecialchars("Add Hours")." " ?> -need single quotes on your query. double quotes is breaking it. "update `vacation` set `avail_vacation`= `avail_vacation` + `added` where employee = .sqlvalue(@$_POST['employee'])" Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 9, 2010 Share Posted August 9, 2010 Your calling the function sql_addition() and passing it three arguments <?php echo sql_addition('"', '"', trim($row["added"])) ?> But you never use them function sql_addition() { global $conn; global $_POST; $sql = "update `vacation` set `avail_vacation`= `avail_vacation` + `added` where employee = .sqlvalue(@$_POST["employee"])"; mysql_query($sql, $conn) or die(mysql_error()); } It is generally bad practice to define variables as global. You should instead pass these variables to the function function sql_addition(&$conn, $employee) { $sql = "update `vacation` set `avail_vacation`= `avail_vacation` + `added` where employee = " . sqlvalue($employee); mysql_query($sql, $conn) or die(mysql_error()); } echo sql_addition($conn, $_POST['employee']) ?> Quote Link to comment Share on other sites More sharing options...
btherl Posted August 10, 2010 Share Posted August 10, 2010 And, it is never necessary to declare "global $_POST;" - $_POST is automatically global. To fix your error message, the first thing to do is to print out $sql whenever there is an error. For example: mysql_query($sql, $conn) or die("Error in $sql\n" . mysql_error()); Then you can see exactly what query is getting sent to mysql and having the error. And use the code wildteen88 posted under "It is generally bad practice to ...", that has fixed the syntax problems, assuming sqlvalue() does what we're expecting it to. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.