i got some errors in entering updating and fetching from mssql using php

Question

i got some errors in entering updating and fetching from mssql using php.the php code is below.

Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near the keyword 'group'. (severity 15) in C:\Program Files (x86)\Apache2.2\htdocs\hr\includes\connecto.php on line 15

Warning: mssql_query() [function.mssql-query]: Query failed in C:\Program Files (x86)\Apache2.2\htdocs\hr\includes\connecto.php on line 15

Warning: mssql_num_rows(): supplied argument is not a valid MS SQL-result resource in C:\Program Files (x86)\Apache2.2\htdocs\hr\includes\connecto.php on line 74

Warning: mssql_fetch_array(): supplied argument is not a valid MS SQL-result resource in C:\Program Files (x86)\Apache2.2\htdocs\hr\includes\connecto.php on line 61

These are the errors

<?php
session_start();
?>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">

<?php 
header("Content-Type: text/html;charset=windows-1256");
include_once('../includes/header_config.php');

//delette
if(isset($_POST['action']) && ($_POST['action']==3) ) {
$sql="DELETE FROM manage_group WHERE code= '" .$_POST['delid'] . "'";
$rr=DB_query($sql,$db);
}




if(isset($_POST['action']) && ($_POST['action']==2) ) {
if ($_POST['invoicebreakdown']=='' || $_POST['invoicebreakdown']==0) $invoice_breakdown = 1; else $invoice_breakdown = $_POST['invoicebreakdown'];
for ($i = 1; $i <= $invoice_breakdown; $i++) {
if (isset($_POST['groupe_'.$i]) ) {
if(isset($_POST['cur_id_'.$i]) && $_POST['cur_id_'.$i]!='') $cur_id = $_POST['cur_id_'.$i]; else $cur_id ='';
// Insert the value if the cur_id is null
        if($cur_id=='') {
        $sql="select max(code) as mx from manage_group";
        $qry = DB_query($sql,$db);
        if ($res = DB_fetch_array($qry))
        {
            if ($res['mx']==NULL)
            {
                $code= 1;
            }
            else
                {
                $i =(int) $res['mx'];
                $i=++$i;
                $code= $i;
                }
        }       
        $sql = "INSERT INTO manage_group (group,groupe,adminprivilege,almaj)VALUES (".$code.",'" . DB_escape_string($_POST['group_'.$i]) . "',
                '" . $_POST['groupe_'.$i] . "','" . $_POST['adminprivilege_'.$i]. "','" . $_POST['almaj_'.$i] . "','". $_SESSION['lang']."')";
        $qry = DB_query($sql,$db);
        }   
// Update the value if the cur_id is not null
        else 
        {
        $sql = "UPDATE manage_group SET group='" . DB_escape_string($_POST['group_'.$i]) . "',groupe=".$_POST['groupe_'.$i].",adminprivilege='" . DB_escape_string($_POST['adminprivilege_'.$i]) . "',almaj=" .$_POST['almaj_'.$i];
        $qry = DB_query($sql,$db);
        }   
        
    }   
        }


}
if(!isset($_POST['breakdown'])) $_POST['breakdown']=0;
$sql_in = "SELECT group, groupe, listsvalues.descr as adminprivilege, almaj, listsvalues.id, code FROM manage_group left join listsvalues on manage_group.adminprivilege=listsvalues.id and listsvalues.listid=3";
$result= DB_query($sql_in,$db);
$num_rows = DB_num_rows($result);
$tot = $_POST['breakdown']+$num_rows;
$sql_adminprivilege = "SELECT id, descr from listsvalues where listid=3 ";

?>
<input type="hidden" name="amttype" value="" id="amttype">
<input type="hidden" name="invoicebreakdown" value="<?php echo $tot;?>" id="invoicebreakdown">
<input type="hidden" name="subbreakdown" value="" id="subbreakdown">

<table width="95%" border="0"  cellpadding="5" cellspacing="0" class="table_fullwidth">
<tr><th width="6%">Group</th><th width="6%">Groupe</th><th width="6%">Grant Admin Privileges</th>
<th width="4%">ÇáãÌãæÚÉ</th><th width="2%" class="text_align_center"></th>

</tr>
<?php $i=1;
while ($myrow1 = DB_fetch_array($result)) { 
 if ($i % 2==0) $bkg='td1'; else $bkg='td2';
?>
<tr id="trow_<?php echo $i;?>" class="<?php echo $bkg;?> "><td align="center"><input type="hidden" name="cur_id_<?php echo $i;?>" id="cur_id_<?php echo $i;?>" value="<?php echo $myrow1['code'];?>"> <input  type="text" name="groupe_<?php echo $i;?>" id="groupe_<?php echo $i;?>" class="sel_long1 required" value="<?php echo $myrow1['groupe'];?>" tabindex="<?php echo $i;?>_1" > </td>

<td align="center"><input tabindex="<?php echo $i;?>_2" class="sel_long1 required" type="text" name="group_<?php echo $i;?>" id="group_<?php echo $i;?>" value="<?php echo $myrow1['group'] ;?>">  </td>

<td align="center"><Select tabindex="<?php echo $i;?>_3" name="adminprivilege<?php echo $i;?>" id="adminprivilege<?php echo $i;?>" class="sel_long1 required"><option value="" >N/A</option>
<?php $result_adminprivilege = DB_query($sql_adminprivilege,$db); while ($myrow_adminprivilege = DB_fetch_array($result_adminprivilege)) { ?><option value="<?php echo $myrow_adminprivilege['id'] ?>" <?php if($myrow1['id']==$myrow_adminprivilege['id']) { ?> selected="selected" <?php } ?>><?php echo $myrow_adminprivilege['descr'] ?></option>   <?php } ?> </Select> </td>
<td align="center"><input tabindex="<?php echo $i;?>_4" class="sel_long1" type="text" name="almaj_<?php echo $i;?>" id="almaj_<?php echo $i;?>" value="<?php echo $myrow1['almaj'] ;?>"> </td>

<td align="center"> <img src="<?php echo $site_path;?>images/del.png" width="20" class="cur" title="Delete" onclick="deleteitem('<?php echo $myrow1['code'];?>');"></td> 
</tr>
<?php
$i++;

}



$breakdown = $_POST['breakdown']+$num_rows;
$j=$num_rows+1;
while($j<=$breakdown) {
if ($j % 2==0) $bkg='td1'; else $bkg='td2';
 ?>
<tr id="trow_<?php echo $j;?>" class="<?php echo $bkg;?> "><td align="center"><input type="hidden" name="cur_id_<?php echo $j;?>" id="cur_id_<?php echo $j;?>" value="">
<input  type="text" name="groupe_<?php echo $j;?>" id="groupe_<?php echo $j;?>" class="sel_long1 required" value="" tabindex="<?php echo $j;?>_1" > </td>

<td align="center" ><input  class="sel_long1 required" type="text" name="group_<?php echo $j;?>" id="group_<?php echo $j;?>" value="" tabindex="<?php echo $j;?>_2"></td>


<td align="center" ><Select tabindex="<?php echo $j;?>_3" name="adminprivilege_<?php echo $j;?>" id="adminprivilege_<?php echo $j;?>" class="sel_long1 required"><option value="" >N/A</option>
<?php $result_adminprivilege = DB_query($sql_adminprivilege,$db); while ($myrow_adminprivilege = DB_fetch_array($result_country)) { ?><option value="<?php echo $myrow_adminprivilege['id'] ?>" ><?php echo $myrow_adminprivilege['descr'] ?></option>  <?php } ?> </Select> </td>
<td align="center"><input  class="sel_long1" type="text" name="almaj_<?php echo $j;?>" id="almaj_<?php echo $j;?>" value="" tabindex="<?php echo $j;?>_4"> </td>
<td align="center">
<td align="center"><img src="<?php echo $site_path;?>images/del.png" title="Delete"  onclick="delete_row_details(<?php echo $j;?>)" width="20" class="cur"></td>
</tr>
<?php $j++; }?>
</table>
<div class="save_bt"><input  name="save" id="savebt" class="no_marright submit-green save_right" value="Save"  type="button" onclick="validate_save()" tabindex="<?php echo $j;?>"> </div>

<div id="did1"></div>
 
<script>
 var $targets = $('#erp_from_sub').find('input, button , select'),
    steps = $targets.map(function() {
        return $(this).attr('tabindex');
    }).get();

$('#erp_from_sub').on('keypress', 'input, button, select', function(e) {
    if (e.keyCode == 13) {
        var current = $.inArray($(this).attr('tabindex'), steps),
            next = steps[++current % steps.length];
        $targets.filter('[tabindex="' + next + '"]').focus();
    }
});

function deleteitem(a) {
  if(confirm('Are you sure you want delete?')) { document.erp_from_sub.delid.value=a;  document.getElementById('action').value='3';load_subpage('erp_from_sub');}
  
  }
  function delete_row_details(id)
{
var el = document.getElementById('trow_'+id);
if(confirm("Are you sure you want to delete this row")==true)
el.parentNode.removeChild(el);
/*calculateSum_credit();*/
}
</script>

Can you please format your error by adding `> ` in the beginning of the lines? — , Aug 22 '17 at 07:55
This is a textbook example of how not to build SQL queries. Please look into using prepared statements and how to avoid risks of SQL injection. — miken32, Aug 22 '17 at 17:36

score 2 · Answer 1 · answered Aug 22 '17 at 08:40

2

Incorrect syntax near the keyword 'group'

This error tells you that group is the keyword in T-SQL, so every code that uses this column must quote it like this:

SELECT [group], groupe, listsvalues.descr

UPDATE manage_group SET [group]=''

If it's not quoted you'll get this error:

answered Aug 22 '17 at 08:40

sepupic

8,409
1
9
20

its not tsql. its mssql.it didnt help – RiyAs MuhaMmed Aug 22 '17 at 09:22

score -1 · Accepted Answer · answered Aug 23 '17 at 06:44

i found the errors and code is working perfectly. i'm placing the code below

<?php
session_start();
?>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">

<?php 
header("Content-Type: text/html;charset=windows-1256");
include_once('../includes/header_config.php');

//delette
if(isset($_POST['action']) && ($_POST['action']==3) ) {
$sql="DELETE FROM manage_group WHERE code= '" .$_POST['delid'] . "'";
$rr=DB_query($sql,$db);
}




if(isset($_POST['action']) && ($_POST['action']==2) ) {
if ($_POST['invoicebreakdown']=='' || $_POST['invoicebreakdown']==0) $invoice_breakdown = 1; else $invoice_breakdown = $_POST['invoicebreakdown'];
for ($i = 1; $i <= $invoice_breakdown; $i++) {
if (isset($_POST['groupe_'.$i]) ) {
if(isset($_POST['cur_id_'.$i]) && $_POST['cur_id_'.$i]!='') $cur_id = $_POST['cur_id_'.$i]; else $cur_id ='';
// Insert the value if the cur_id is null
        if($cur_id=='') {
        $sql="select max(code) as mx from manage_group";
        $qry = DB_query($sql,$db);
        if ($res = DB_fetch_array($qry))
        {
            if ($res['mx']==NULL)
            {
                $code= 1;
            }
            else
                {
                $i =(int) $res['mx'];
                $i=++$i;
                $code= $i;
                }
        }       
        $sql = "INSERT INTO manage_group (code, groupp,groupe,adminprivilege,almaj,lang)VALUES (".$code.",'" . DB_escape_string($_POST['groupp_'.$i]) . "',
                '" . $_POST['groupe_'.$i] . "','" . $_POST['adminprivilege_'.$i]. "','" . DB_escape_string($_POST['almaj_'.$i]) .  "',
                '". $_SESSION['lang']."')";
        $qry = DB_query($sql,$db);
        }   
// Update the value if the cur_id is not null
    else 
        {
        $sql = "UPDATE manage_group SET groupp='" . DB_escape_string($_POST['groupp_'.$i]) . "',adminprivilege=".$_POST['adminprivilege_'.$i].",almaj='" . DB_escape_string($_POST['almaj_'.$i]) . "',groupe='" . $_POST['groupe_'.$i] . "' WHERE code = " .$cur_id . " and lang=".$_SESSION['lang'];
        $qry = DB_query($sql,$db);
        }   

    }   
        }


}
if(!isset($_POST['breakdown'])) $_POST['breakdown']=0;
$sql_in = "SELECT groupp, groupe, listsvalues.descr as adminprivilege, almaj, listsvalues.id, code FROM manage_group left join listsvalues on manage_group.adminprivilege=listsvalues.id and listsvalues.listid=25 and listsvalues.lang=".$_SESSION['lang']."  where manage_group.lang=".$_SESSION['lang']." order by adminprivilege ";
$result= DB_query($sql_in,$db);
$num_rows = DB_num_rows($result);
$tot = $_POST['breakdown']+$num_rows;
$sql_adminprivilege = "SELECT id, descr from listsvalues where listid=25 and lang= ".$_SESSION['lang']." ORDER BY descr";

?>
<input type="hidden" name="amttype" value="" id="amttype">
<input type="hidden" name="invoicebreakdown" value="<?php echo $tot;?>" id="invoicebreakdown">
<input type="hidden" name="subbreakdown" value="" id="subbreakdown">


<table width="95%" border="0"  cellpadding="5" cellspacing="0" class="table_fullwidth">
<tr><th width="25%">Group</th><th width="25%">Groupe</th><th width="20%">Grant Admin Privileges</th>
<th width="25%">ÇáãÌãæÚÉ</th>

</tr>
<?php $i=1;
while ($myrow1 = DB_fetch_array($result)) { 
 if ($i % 2==0) $bkg='td1'; else $bkg='td2';
?>
<tr id="trow_<?php echo $i;?>" class="<?php echo $bkg;?> "><td align="center"><input type="hidden" name="cur_id_<?php echo $i;?>" id="cur_id_<?php echo $i;?>" value="<?php echo $myrow1['code'];?>"> <input  type="text" name="groupe_<?php echo $i;?>" id="groupe_<?php echo $i;?>" class="sel_long1 required" value="<?php echo $myrow1['groupe'];?>" tabindex="<?php echo $i;?>_1" > </td>

<td align="center"><input tabindex="<?php echo $i;?>_2" class="sel_long1 required" type="text" name="groupp_<?php echo $i;?>" id="groupp_<?php echo $i;?>" value="<?php echo $myrow1['groupp'] ;?>">  </td>

<td align="center"><Select tabindex="<?php echo $i;?>_3" name="adminprivilege_<?php echo $i;?>" id="adminprivilege_<?php echo $i;?>" class="sel_long1 required"><option value="" >N/A</option>
<?php $result_adminprivilege = DB_query($sql_adminprivilege,$db); while ($myrow_adminprivilege = DB_fetch_array($result_adminprivilege)) { ?><option value="<?php echo $myrow_adminprivilege['id'] ?>" <?php if($myrow1['id']==$myrow_adminprivilege['id']) { ?> selected="selected" <?php } ?>><?php echo $myrow_adminprivilege['descr'] ?></option>   <?php } ?> </Select> </td>
<td align="center"><input tabindex="<?php echo $i;?>_4" class="sel_long1" type="text" name="almaj_<?php echo $i;?>" id="almaj_<?php echo $i;?>" value="<?php echo $myrow1['almaj'] ;?>"> </td>
<td align="center"> <img src="<?php echo $site_path;?>images/del.png" width="20" class="cur" title="Delete" onclick="deleteitem('<?php echo $myrow1['code'];?>');"></td> 
</tr>
<?php
$i++;

}



$breakdown = $_POST['breakdown']+$num_rows;
$j=$num_rows+1;
while($j<=$breakdown) {
if ($j % 2==0) $bkg='td1'; else $bkg='td2';
 ?>
<tr id="trow_<?php echo $j;?>" class="<?php echo $bkg;?> "><td align="center"><input type="hidden" name="cur_id_<?php echo $j;?>" id="cur_id_<?php echo $j;?>" value="">
<input  type="text" name="groupe_<?php echo $j;?>" id="groupe_<?php echo $j;?>" class="sel_long1 required" value="" tabindex="<?php echo $j;?>_1" > </td>

<td align="center" ><input  class="sel_long1 required" type="text" name="groupp_<?php echo $j;?>" id="groupp_<?php echo $j;?>" value="" tabindex="<?php echo $j;?>_2"></td>


<td align="center" ><Select tabindex="<?php echo $j;?>_3" name="adminprivilege_<?php echo $j;?>" id="adminprivilege_<?php echo $j;?>" class="sel_long1 required"><option value="" >N/A</option>
<?php $result_adminprivilege = DB_query($sql_adminprivilege,$db); while ($myrow_adminprivilege = DB_fetch_array($result_adminprivilege)) { ?><option value="<?php echo $myrow_adminprivilege['id'] ?>" ><?php echo $myrow_adminprivilege['descr'] ?></option>   <?php } ?> </Select> </td>
<td align="center"><input  class="sel_long1" type="text" name="almaj_<?php echo $j;?>" id="almaj_<?php echo $j;?>" value="" tabindex="<?php echo $j;?>_4"> </td>
<td align="center"><img src="<?php echo $site_path;?>images/del.png" title="Delete"  onclick="delete_row_details(<?php echo $j;?>)" width="20" class="cur"></td>
</tr>
<?php $j++; }?>
</table>
<div class="save_bt"><input  name="save" id="savebt" class="no_marright submit-green save_right" value="Save"  type="button" onclick="validate_save()" tabindex="<?php echo $j;?>"> </div>

<div id="did1"></div>

<script>
 var $targets = $('#erp_from_sub').find('input, button , select'),
    steps = $targets.map(function() {
        return $(this).attr('tabindex');
    }).get();

$('#erp_from_sub').on('keypress', 'input, button, select', function(e) {
    if (e.keyCode == 13) {
        var current = $.inArray($(this).attr('tabindex'), steps),
            next = steps[++current % steps.length];
        $targets.filter('[tabindex="' + next + '"]').focus();
    }
});

function deleteitem(a) {
  if(confirm('Are you sure you want delete?')) { document.erp_from_sub.delid.value=a;  document.getElementById('action').value='3';load_subpage('erp_from_sub');}

  }
  function delete_row_details(id)
{
var el = document.getElementById('trow_'+id);
if(confirm("Are you sure you want to delete this row")==true)
el.parentNode.removeChild(el);
/*calculateSum_credit();*/
}
</script>

i got some errors in entering updating and fetching from mssql using php

2 Answers2