I want to update price on invoice with this PHP code (the config file is included, more SQL statements are executed above this):
<?php
$finalprice = getInvoicePrice($code);
$codeErr = "";
$discount = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["discount"])) {
$codeErr = "Code can not be blank.";
}else {
$discount = test_input($_POST["discount"]);
if ($discount == "FIVE" ) {
$codeErr = "OK";
$price = getInvoicePrice($code);
$percentage = 100;
$percentage = 100 - 5;
$finalprice = $percentage / 100 * $price;
$SQLChangePrice = $odb->prepare("UPDATE `invoices2` SET `price` = :price WHERE `code` = `:code`");
$SQLChangePrice->execute(array(
":price" => $finalprice,
":code" => $code
));
}else {
$codeErr = "wrong code";
$price = getInvoicePrice($code);
$finalprice = $price;
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
full code (html form):
<form method = "post" onsubmit="return submitDiscount();">
<table>
<tr>
<td>code:</td>
<td><input type = "text" name = "discount">
<span class = "error"><?php echo $codeErr;?></span>
</td>
</tr>
<td>
<input type = "submit" name = "submit" value = "Submit">
</td>
</table>
</form>
Whole script and things around are working, but the MYSQL exec. isnt working for some reasons (no errors at all)
Advertisement
Answer
This:
UPDATE `invoices2` SET `price` = :price WHERE `code` = `:code`
should be:
UPDATE `invoices2` SET `price` = :price WHERE `code` = :code
Don’t put parameter placeholders inside any kind of SQL quote (that is, not single-quotes, double-quotes, or back-quotes).
I also notice you did not set any value for the PHP variable $code.