0

i tried to run these codes manually at url but it returns null values

1.when admin accept the request status will be updated as in first query

2.second query will fetched remain_leave

3.third query will update the found difference from remain_leave and
ldays

<?php
 $con=mysql_connect("","","");
$db=mysql_select_db('',$con);

$status=$_REQUEST['status'];
$eid=$_REQUEST['eid'];
$ldays=$_REQUEST['ldays'];
$leave=0;

 $result=mysql_query("update user_request set status='$status' where eid  
 ='$eid'") or die("error");

$result1=mysql_query("select remain_leave  from user where id='$id'");

while($row= mysql_fetch_assoc($result1))
{
$leave=$row['remain_leave'];

}

$diff=$leave-$ldays;

$result=mysql_query("update user set remain_leave=$diff where id    
='$eid'") or die("error");


echo json_encode($respon);
?>

1 Answers1

0
select remain_leave  from user where id='$id'

$id isn't defined, so it will always be running this query

select remain_leave  from user where id=''

Also note that

mysql_query and related functions are deprecated and slated for removal in a later release. mysqli or PDO are recommended in its place

And that if $id is meant to come from the user like $eid then directly inserting it into the query like that is vulnerable to SQL injection. See: What is SQL injection?

As mentioned by Fred -ii in the comments, $respon is also undefined in your final echo

Community
  • 1
  • 1
Elle H
  • 11,837
  • 7
  • 39
  • 42