Hellos.
Assist me with two queries in the file below intended to upload CSV files
Failing to upload to a MySQL without logging errors (Am I missing folder/file permissions?)
"Undefined offset" error from anything after column 10 in CSV (Is there a limit I declared unknowingly?)
Thank You.
if(isset($_POST['import'])){
$csvMimes = array('text/x-comma-separated-values',
'text/comma-separated-values',
'application/octet-stream',
'application/vnd.ms-excel',
'application/x-csv',
'text/x-csv', 'text/csv',
'application/csv',
'application/excel',
'application/vnd.msexcel',
'text/plain');
if(!empty($_FILES['file']['name'])
&& in_array($_FILES['file']['type'], $csvMimes))
{
if(is_uploaded_file($_FILES['file']['tmp_name'])){
$csvFile = fopen($_FILES['file']['tmp_name'], 'r');
fgetcsv($csvFile);
while(($line = fgetcsv($csvFile)) !== FALSE){
$ColID = $line[0];
$Col02 = $line[1];
$Col03 = $line[2];
$Col04 = $line[3];
$Col05 = $line[4];
$Col06 = $line[5];
$Col07 = $line[6];
$Col08 = $line[7];
$Col09 = $line[8];
$Col010 = $line[9];
$Col0n = $line[10];
$prevQuery = "SELECT id
FROM table_name
WHERE ColID = '".$line[0]."'";
$prevResult = $db->query($prevQuery);
if($prevResult){
if($prevResult->num_rows > 0){
$db->query("UPDATE table_name
SET ColHdg02 = '".$Col02."',
ColHdg03 = '".$Col03."',
ColHdg04 = '".$Col04."',
ColHdg05 = '".$Col05."',
ColHdg06 = '".$Col06."',
ColHdg07 = '".$Col07."',
ColHdg08 = '".$Col08."',
ColHdg09 = '".$Col09."',
ColHdg010 = '".$Col010."',
ColHdg0n = '".$Col0n."'
WHERE ColIDHdg = '".$ColID."'");
} else{
$db->query("INSERT INTO table_name
(ColIDHdg, ColHdg02, ColHdg03, ColHdg04,
ColHdg05, ColHdg06, ColHdg07, ColHdg08,
ColHdg09, ColHdg010, ColHdg0n)
VALUES ('".$ColID."', '".$Col02."', '".$Col03."',
'".$Col04."', '".$Col05."', '".$Col06."',
'".$Col07."', '".$Col08."', '".$Col09."',
'".$Col010."', '".$Col0n."')");
}
}
}
fclose($csvFile);
You're trying to get an Undefined offset, for your example please check if the number of items on $line is 11 or more.
if (count($line) > 10) {
$ColID = $line[0];
$Col02 = $line[1];
$Col03 = $line[2];
$Col04 = $line[3];
$Col05 = $line[4];
$Col06 = $line[5];
$Col07 = $line[6];
$Col08 = $line[7];
$Col09 = $line[8];
$Col010 = $line[9];
$Col0n = $line[10];
$prevQuery = "SELECT id FROM table_name WHERE ColID = '" . $line[0] . "'";
$prevResult = $db->query($prevQuery);
if ($prevResult) {
if ($prevResult->num_rows > 0) {
$db->query("UPDATE table_name SET ColHdg02 = '" . $Col02 . "', ColHdg03 = '" . $Col03 . "', ColHdg04 = '" . $Col04 . "', ColHdg05 = '" . $Col05 . "', ColHdg06 = '" . $Col06 . "', ColHdg07 = '" . $Col07 . "', ColHdg08 = '" . $Col08 . "', ColHdg09 = '" . $Col09 . "', ColHdg010 = '" . $Col010 . "', ColHdg0n = '" . $Col0n . "' WHERE ColIDHdg = '" . $ColID . "'");
} else {
$db->query("INSERT INTO table_name (ColIDHdg, ColHdg02, ColHdg03, ColHdg04, ColHdg05, ColHdg06, ColHdg07, ColHdg08, ColHdg09, ColHdg010, ColHdg0n) VALUES ('" . $ColID . "', '" . $Col02 . "', '" . $Col03 . "', '" . $Col04 . "', '" . $Col05 . "', '" . $Col06 . "', '" . $Col07 . "', '" . $Col08 . "', '" . $Col09 . "', '" . $Col010 . "', '" . $Col0n . "')");
}
}
}
Related
I've created a page where I've place for updating the attachment. While doing so, if a file with same name, size, extension is attached, the attachment table need not be updated. This is the scenario. This is how I tried to do:
else if($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../".$upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query_select = "SELECT
file_name,
file_extension,
file_size,
uploaded_file_name,
uploaded_file_path
FROM
attachments
WHERE
id = 'id';";
$result1 = mysqli_query($mysqli, $query_select) or throwexception(mysqli_error($mysqli));
$row = mysqli_fetch_row($result1);
write_log($row[0]);
write_log($row[1]);
write_log($row[2]);
write_log($row[3]);
write_log($row[4]);
if($row[0] == $file_name &&
$row[1] == $file_extension &&
$row[2] == $file_size &&
$row[3] == $uploaded_file_name &&
$row[4] == $uploaded_file_path)
{
write_log("inside if");
} else {
if($result[status] == true) {
$query = "UPDATE
attachments
SET
file_name = '".addslashes($result[file_name])."',
file_extension = '".$result[file_extension]."',
file_size = '".$result[file_size]."',
uploaded_file_name = '".$result[uploaded_file_name]."',
uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id';";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
}
}
echo json_encode(array("message" => "Updated successfully"));
exit;
}
The if condition does the thing. If all are true, the table will not be updated. If even any one fails, the table will be updated.
Here the problem is $file_name, $file_extension, $file_size, $uploaded_file_name are going null. I don't know how to retrieve it. Can someone tell how to retrieve those data, so that if can check it with the if condition?
In your case, You do not need to fire select query. just add AND condition in update query.
if ($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../" . $upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query = "UPDATE
attachments
SET
file_name = '" . addslashes($result[file_name]) . "',
file_extension = '" . $result[file_extension] . "',
file_size = '" . $result[file_size] . "',
uploaded_file_name = '" . $result[uploaded_file_name] . "',
uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id'
and file_name <> '" . addslashes($result[file_name]) . "',
and file_extension = '" . $result[file_extension] . "',
and file_size = '" . $result[file_size] . "',
and uploaded_file_name = '" . $result[uploaded_file_name] . "',
and uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
;";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
echo json_encode(array("message" => "Updated successfully"));
exit;
}
Your question need more clarity.
Can you share the function,
$result = file_upload("attachment", "../".$upload_directory);
Are you able to log the values of $filename and $row?
write_log($file_name);
AND
write_log($row[0]);
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I just got my last question answered but now I'm stuck again.. I'm using OpenCart and I want to change the style of my email you'll get when you register on my OpenCart webshop. But when I use add this for example, it just shows it in the email as normal text:
$message .= '<img src="logo.png" />' "\n";
When I searched it on Google, on every site it says that I have to use this:
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
I pasted it on a few places in my code but it never worked, it was still showing the HTML Tags as text in the email.
I will paste my code (from OpenCart) here and can somebody tell me then where I have to paste that code or just another way to use HTML in email via PHP?
<?php
class ModelAccountCustomer extends Model {
public function addCustomer($data) {
if (isset($data['customer_group_id']) && is_array($this->config->get('config_customer_group_display')) && in_array($data['customer_group_id'], $this->config->get('config_customer_group_display'))) {
$customer_group_id = $data['customer_group_id'];
} else {
$customer_group_id = $this->config->get('config_customer_group_id');
}
$this->load->model('account/customer_group');
$customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id);
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET store_id = '" . (int)$this->config->get('config_store_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "', salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', customer_group_id = '" . (int)$customer_group_id . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '1', approved = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()");
$customer_id = $this->db->getLastId();
$this->db->query("INSERT INTO " . DB_PREFIX . "address SET customer_id = '" . (int)$customer_id . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', company = '" . $this->db->escape($data['company']) . "', company_id = '" . $this->db->escape($data['company_id']) . "', tax_id = '" . $this->db->escape($data['tax_id']) . "', address_1 = '" . $this->db->escape($data['address_1']) . "', address_2 = '" . $this->db->escape($data['address_2']) . "', city = '" . $this->db->escape($data['city']) . "', postcode = '" . $this->db->escape($data['postcode']) . "', country_id = '" . (int)$data['country_id'] . "', zone_id = '" . (int)$data['zone_id'] . "'");
$address_id = $this->db->getLastId();
$this->db->query("UPDATE " . DB_PREFIX . "customer SET address_id = '" . (int)$address_id . "' WHERE customer_id = '" . (int)$customer_id . "'");
$this->language->load('mail/customer');
Here starts the part of the code what is going to be visible in the email itself.
<--From here-->
**$subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name'));
$message = sprintf($this->language->get('text_welcome'), $this->config->get('config_name')) . "\n\n";
if (!$customer_group_info['approval']) {
$message .= $this->language->get('text_login') . "\n";
} else {
$message .= $this->language->get('text_approval') . "\n";
}
$message .= $this->url->link('account/login', '', 'SSL') . "\n\n";
$message .= $this->language->get('text_services') . "\n\n";
$message .= $this->language->get('text_thanks') . "\n";
$message .= $this->config->get('config_name');**
<--Till here-->
$mail = new Mail();
$mail->protocol = $this->config->get('config_mail_protocol');
$mail->parameter = $this->config->get('config_mail_parameter');
$mail->hostname = $this->config->get('config_smtp_host');
$mail->username = $this->config->get('config_smtp_username');
$mail->password = $this->config->get('config_smtp_password');
$mail->port = $this->config->get('config_smtp_port');
$mail->timeout = $this->config->get('config_smtp_timeout');
$mail->setTo($data['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender($this->config->get('config_name'));
$mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
$mail->send();
// Send to main admin email if new account email is enabled
if ($this->config->get('config_account_mail')) {
$message = $this->language->get('text_signup') . "\n\n";
$message .= $this->language->get('text_website') . ' ' . $this->config->get('config_name') . "\n";
$message .= $this->language->get('text_firstname') . ' ' . $data['firstname'] . "\n";
$message .= $this->language->get('text_lastname') . ' ' . $data['lastname'] . "\n";
$message .= $this->language->get('text_customer_group') . ' ' . $customer_group_info['name'] . "\n";
if ($data['company']) {
$message .= $this->language->get('text_company') . ' ' . $data['company'] . "\n";
}
$message .= $this->language->get('text_email') . ' ' . $data['email'] . "\n";
$message .= $this->language->get('text_telephone') . ' ' . $data['telephone'] . "\n";
$mail->setTo($this->config->get('config_email'));
$mail->setSubject(html_entity_decode($this->language->get('text_new_customer'), ENT_QUOTES, 'UTF-8'));
$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
$mail->send();
// Send to additional alert emails if new account email is enabled
$emails = explode(',', $this->config->get('config_alert_emails'));
foreach ($emails as $email) {
if (strlen($email) > 0 && preg_match('/^[^\#]+#.*\.[a-z]{2,6}$/i', $email)) {
$mail->setTo($email);
$mail->send();
}
}
}
}
public function editCustomer($data) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "' WHERE customer_id = '" . (int)$this->customer->getId() . "'");
}
public function editPassword($email, $password) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
}
public function editNewsletter($newsletter) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET newsletter = '" . (int)$newsletter . "' WHERE customer_id = '" . (int)$this->customer->getId() . "'");
}
public function getCustomer($customer_id) {
$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE customer_id = '" . (int)$customer_id . "'");
return $query->row;
}
public function getCustomerByEmail($email) {
$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
return $query->row;
}
public function getCustomerByToken($token) {
$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE token = '" . $this->db->escape($token) . "' AND token != ''");
$this->db->query("UPDATE " . DB_PREFIX . "customer SET token = ''");
return $query->row;
}
public function getCustomers($data = array()) {
$sql = "SELECT *, CONCAT(c.firstname, ' ', c.lastname) AS name, cg.name AS customer_group FROM " . DB_PREFIX . "customer c LEFT JOIN " . DB_PREFIX . "customer_group cg ON (c.customer_group_id = cg.customer_group_id) ";
$implode = array();
if (isset($data['filter_name']) && !is_null($data['filter_name'])) {
$implode[] = "LCASE(CONCAT(c.firstname, ' ', c.lastname)) LIKE '" . $this->db->escape(utf8_strtolower($data['filter_name'])) . "%'";
}
if (isset($data['filter_email']) && !is_null($data['filter_email'])) {
$implode[] = "LCASE(c.email) = '" . $this->db->escape(utf8_strtolower($data['filter_email'])) . "'";
}
if (isset($data['filter_customer_group_id']) && !is_null($data['filter_customer_group_id'])) {
$implode[] = "cg.customer_group_id = '" . $this->db->escape($data['filter_customer_group_id']) . "'";
}
if (isset($data['filter_status']) && !is_null($data['filter_status'])) {
$implode[] = "c.status = '" . (int)$data['filter_status'] . "'";
}
if (isset($data['filter_approved']) && !is_null($data['filter_approved'])) {
$implode[] = "c.approved = '" . (int)$data['filter_approved'] . "'";
}
if (isset($data['filter_ip']) && !is_null($data['filter_ip'])) {
$implode[] = "c.customer_id IN (SELECT customer_id FROM " . DB_PREFIX . "customer_ip WHERE ip = '" . $this->db->escape($data['filter_ip']) . "')";
}
if (isset($data['filter_date_added']) && !is_null($data['filter_date_added'])) {
$implode[] = "DATE(c.date_added) = DATE('" . $this->db->escape($data['filter_date_added']) . "')";
}
if ($implode) {
$sql .= " WHERE " . implode(" AND ", $implode);
}
$sort_data = array(
'name',
'c.email',
'customer_group',
'c.status',
'c.ip',
'c.date_added'
);
if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
$sql .= " ORDER BY " . $data['sort'];
} else {
$sql .= " ORDER BY name";
}
if (isset($data['order']) && ($data['order'] == 'DESC')) {
$sql .= " DESC";
} else {
$sql .= " ASC";
}
if (isset($data['start']) || isset($data['limit'])) {
if ($data['start'] < 0) {
$data['start'] = 0;
}
if ($data['limit'] < 1) {
$data['limit'] = 20;
}
$sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
}
$query = $this->db->query($sql);
return $query->rows;
}
public function getTotalCustomersByEmail($email) {
$query = $this->db->query("SELECT COUNT(*) AS total FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
return $query->row['total'];
}
public function getIps($customer_id) {
$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_ip` WHERE customer_id = '" . (int)$customer_id . "'");
return $query->rows;
}
public function isBanIp($ip) {
$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_ban_ip` WHERE ip = '" . $this->db->escape($ip) . "'");
return $query->num_rows;
}
}
?>
The one that reads this, thank you for your time!
$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
Your setting it as text.
Try setting has HTML.
$mail->setHTML($message);
Please tell me what could be the problem, can not get the variable order_id when the query is refreshed, if not specified, then all the request passes, but updates all records in the table, give advice where to look or what to read.
Thank you!
controller:
public function edit(){
if (isset($this->request->get['order_id'])) {
$order_id = $this->request->get['order_id'];
} else {
$order_id = 0;
}
if ($this->request->server['REQUEST_METHOD'] == 'POST') {
$this->model_account_order->update($order_id, $this->request->post);
$this->redirect($this->url->link('account/myorders', '', 'SSL'));
}
....
$this->data['action'] = $this->url->link('account/myorders/edite', '', 'SSL');
if (isset($this->request->get['order_id']) && ($this->request->server['REQUEST_METHOD'] != 'POST')) {
$edit_order = $this->model_account_order->getOrderData($this->request->get['order_id']);
}
if (isset($this->request->post['linkto'])) {
$this->data['linkto'] = $this->request->post['linkto'];
} elseif (isset($edit_order)) {
$this->data['linkto'] = $edit_order['linkto'];
} else {
$this->data['linkto'] = '';
}
if (isset($this->request->post['description'])) {
$this->data['description'] = $this->request->post['description'];
} elseif (isset($edit_order)) {
$this->data['description'] = $edit_order['description'];
} else {
$this->data['description'] = '';
}
Model:
public function update($order_id,$data){
$this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");
}
Just very simple yet powerful solution - $order_id checking in the model:
public function update($order_id, $data) {
if (!$order_id) {
return false;
}
return $this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");
}
I have jtable working perfectly fine with adding/editing/removing records however I cant insert/update a record that contains an apostrophe ! Someone please help!
Below is a snapshot fo my code
Blockquote //Updating a record (updateAction)
$result = mysql_query("UPDATE teg_priority SET CustomerName = '" . $_POST["CustomerName"] . "', Service_Manager = '" . $_POST["Service_Manager"]. "', NGM = '" . $_POST["NGM"] . "', Tag = '" . $_POST["Tag"] . "', CBS = '" . $_POST["CBS"]. "' WHERE CIDN = " . $_POST["CIDN"] . ";");
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
print json_encode($jTableResult);
}
Blockquote
You can use addslashes on the variables before putting them in the query.
$result = mysql_query("UPDATE teg_priority SET CustomerName = '" . addslashes($_POST["CustomerName"]) . "', Service_Manager = '" . addslashes($_POST["Service_Manager"]). "', NGM = '" . addslashes($_POST["NGM"]) . "', Tag = '" . addslashes($_POST["Tag"]) . "', CBS = '" . addslashes($_POST["CBS"]). "' WHERE CIDN = " .addslashes( $_POST["CIDN"]) . ";");
<?php
if(isset($_POST['update']))
$dbhost = 'localhost';
$dbuser = 'XXXXX';
$dbpass = 'XXXXX';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() )
{
$OrderID=addslashes ($_POST['OrderID']);
$trackingnumber= addslashes ($_POST['trackingnumber']);
$trackingURL=addslashes ($_POST['trackingURL']);
$CustomerName=addslashes ($_POST['CustomerName']);
$LocationShipped=addslashes ($_POST['LocationShipped']);
$user_email=addslashes ($_POST['user_email']);
$ShipmentDate=addslashes ($_POST['ShipmentDate']);
$ShipmentMode=addslashes ($_POST['ShipmentMode']);
$CurrentStatus=addslashes ($_POST['CurrentStatus']);
}
else
{
$trackingnumber= $_POST['trackingnumber'];
$trackingURL=$_POST['trackingURL'];
$OrderID=$_POST['OrderID'];
$CustomerName=$_POST['CustomerName'];
$user_email=$_POST['user_email'];
$LocationShipped=$_POST['LocationShipped'];
$ShipmentDate=$_POST['ShipmentDate'];
$ShipmentMode=$_POST['ShipmentMode'];
$CurrentStatus=$_POST['CurrentStatus'];
}
$sql = "
UPDATE
ordertracking
SET
trackingnumber =$trackingnumber,
`trackingURL` = '" . $trackingURL . "',
`CustomerName` = '" . $CustomerName . "',
`LocationShipped` = '" . $LocationShipped . "',
`user_email` = '" . $user_email . "',
`ShipmentDate` = '" . $ShipmentDate . "',
`ShipmentMode` = '" . $ShipmentMode . "',
`CurrentStatus` = '" . $CurrentStatus . "',
WHERE
OrderNo = $OrderID,
$result1 = mysql_query($query1);
mysql_select_db('XXXXXXX');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
Parse error: syntax error, unexpected T_STRING in /home/buyerhel/public_html/ordertracking/backend/processeditship.php on line 46
Any help please ?
Not sure what the problem is but it is really frustrating since I am on my last step for the Edit Section of the my project and it is allowing me to update the table.
I purposely left out the quotes here - trackingnumber =$trackingnumber,
So that is not the problem..
The
There is no ending symbol " in your $sql. Should be:
$sql = "
UPDATE
ordertracking
SET
trackingnumber =$trackingnumber,
`trackingURL` = '" . $trackingURL . "',
`CustomerName` = '" . $CustomerName . "',
`LocationShipped` = '" . $LocationShipped . "',
`user_email` = '" . $user_email . "',
`ShipmentDate` = '" . $ShipmentDate . "',
`ShipmentMode` = '" . $ShipmentMode . "',
`CurrentStatus` = '" . $CurrentStatus . "'
WHERE
OrderNo = $OrderID"; // < missing ";
You've used , instead of ; and forgot some ".
$sql = "
UPDATE
`ordertracking`
SET
`trackingnumber` = " . $trackingnumber . ",
`trackingURL` = '" . $trackingURL . "',
`CustomerName` = '" . $CustomerName . "',
`LocationShipped` = '" . $LocationShipped . "',
`user_email` = '" . $user_email . "',
`ShipmentDate` = '" . $ShipmentDate . "',
`ShipmentMode` = '" . $ShipmentMode . "',
`CurrentStatus` = '" . $CurrentStatus . "',
WHERE
`OrderNo` = " . $OrderID; // ; instead of ,
$result1 = mysql_query($query1);
Just replace Line no 50
OrderNo = $OrderID";
by this code
Two problems
Close the double qoutes
Remove the trailing comma after $OrderID
So change
$sql = "
UPDATE
ordertracking
SET
trackingnumber =$trackingnumber,
`trackingURL` = '" . $trackingURL . "',
`CustomerName` = '" . $CustomerName . "',
`LocationShipped` = '" . $LocationShipped . "',
`user_email` = '" . $user_email . "',
`ShipmentDate` = '" . $ShipmentDate . "',
`ShipmentMode` = '" . $ShipmentMode . "',
`CurrentStatus` = '" . $CurrentStatus . "',
WHERE
OrderNo = $OrderID,
to
$sql = "
UPDATE
ordertracking
SET
trackingnumber =$trackingnumber,
`trackingURL` = '" . $trackingURL . "',
`CustomerName` = '" . $CustomerName . "',
`LocationShipped` = '" . $LocationShipped . "',
`user_email` = '" . $user_email . "',
`ShipmentDate` = '" . $ShipmentDate . "',
`ShipmentMode` = '" . $ShipmentMode . "',
`CurrentStatus` = '" . $CurrentStatus . "',
WHERE
OrderNo = $OrderID";