0

this is my php code:

viewPayments.php

Select release date the loan transaction: 

                while($row = mysql_fetch_array($select)){
                    echo "<option>".$row['rel_date']."</option>";
                    }
                    ?>
                </select>

        <input class="button_search" type="submit" name="search_btn" value="Submit">

When the submit button is clicked, the selected date is shown together with the payments of that released date:

                 <?php
           if(isset($_POST['search_btn'])){
           $date = $_POST['date'];
          $query = mysql_query("SELECT m.MID,lt.advanced_interrest,  
            lt.due_date, lt.rel_date,lt.loan_amount, 
            p.pay_date,p.OR_no,p.pay_amount,
            (lt.loan_amount - p.pay_amount) as balance, 
            DATE_ADD(lt.rel_date, lt.due_date) AS days 
           FROM members m ,loan_transaction lt , payment p WHERE m.MID = lt.MID AND lt.MID = p.MID AND m.MID = p.MID AND lt.rel_date = $date");

                    echo '
                    <tr>
                    <td>
                    <td> <input type="text" class="textbox" value ="Date Selected "> </td>
                    <td>
                    <input type="text" class="textbox" value ="'.$date.'">
                    </td>
                    </tr>';
                ?>
                <tr id="tr">
                    <th id="sth">Payment Date</th>
                    <th id="sth">OR No</th>
                    <th id="sth">Amount </th>
                    <th id="sth">Current Balance</th>
                    <th id="sth">Penalty</th>
                 </tr>
                 <?php

                    while ($data =mysql_fetch_array($query)) {

                        echo '
                        <tr>
                        <td id="row">'.$data['pay_date'].'</td>
                        <td id="row">'.$data['OR_no'].'</td>
                        <td id="row">'.$data['pay_amount'].'</td>
                        <td id="row">'.$data['balance'].'</td>

                        </tr>';
                    }

This part is to sum up the total payments.

                    $q = mysql_query("SELECT SUM(payment.pay_amount) as sum  
                    FROM payment,loan_transaction where loan_transaction.rel_date = $date");
                    $result = mysql_fetch_array($q);
                    if($result){
                        $sum = $result['sum'];

                    echo '
                        <tr>
                        <td id = "row"> Total Paid Amount </td>
                        <td> </td>
                        <td id ="row">'.$sum.'</td>
                        </tr>
                    ';

This SQL code for the sum works in the console but it wont display on my browser. what's wrong with my code?

How can I also update my current balance?

dllhell
  • 1,987
  • 3
  • 34
  • 51
sw8mom
  • 27
  • 5
  • 1
    No offense, but if you do not encapsulate the $date or the $_POST['date'] you made yourself a nice sql injection :) – Ello Feb 26 '15 at 13:08
  • 1
    **WARNING:** You're using a deprecated database API. Consider using [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) and binding your parameters. – ʰᵈˑ Feb 26 '15 at 13:12
  • what is sql injection? i've read that one but i really don't understand what that means. – sw8mom Feb 26 '15 at 13:16
  • Its a security risk which allows users to execute SQL queries.. thus exposing your database.. Its a serious issue you should certainly read up more on – Pogrindis Feb 26 '15 at 13:52
  • @sw8mom : see http://stackoverflow.com/a/601524/20043 for a clear explanation. – SolarBear Feb 26 '15 at 13:52

0 Answers0