error in the process

I got error when running this code. The code is to process the renewal application.
process.php
Lyka mdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ares KurkluSoftware EngineerCommented:
what is the error message? seems like you retrieve the variable validation_period but you don't set in in mysql statement
whatever the name is in the database if "validation_period " then you need to do validation_period  = $validation_period first one being be the db column name the 2nd one is the variable

validation_period =".$validation_period ."
kenfcampCommented:
$query="UPDATE applications SET status='3', validation_period WHERE application_no='$app_no'";

validation_period is undefined / incomplete. Try changing the line to:

$query="UPDATE applications SET status='3', validation_period = '$validation_period' WHERE application_no='$app_no'";

Open in new window

- This assumes "validation_period" is a valid field in your table
or
$query="UPDATE applications SET status='3' WHERE application_no='$app_no'";

Open in new window

- removed validation_period

            
$sql = mysqli_query($con,$query);

Try changing this to:

$sql=mysqsli_query($query,$con);

Open in new window


Ken
Chris StanyonWebDevCommented:
It's already been pointed out that your SQL statemet is wrong with regard to the validation_period. What is also wrong is the WHERE clause is using a variable called $app_no which doesn't exist. What does exist is a variable called $applicant_no which is probably what you meant.

Aside from those errors, your approach to the process is not considered safe or best-practice. You're inserting data straight from a user ($_POST) into your database with no validation or sanitization, so you are opening yourself up to SQL Injection.

Whenever you use data from a user, you should be using a prepared query. This will santize the data and prevent SQL Injection. There's also no need to assign the POST variables to other variables. It serves no purpose.

Have a look at this:

<?php
if ( isset($_POST['submit']) && !empty($_POST['importer_id']) && !empty($_POST['product_id']) ):

    require_once('connectDB.php');

    $stmt = mysqli_prepare($con, "UPDATE applications SET status='3', validation_period  = ? WHERE application_no= ?");

    mysqli_stmt_bind_param($stmt, "ss", $_POST['validation_period'], $_POST['applicant_no']);
    mysqli_stmt_execute($stmt);

endif;

Open in new window

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.