I am posting this data:
<form method="post" action="admin_task_daily.php" name="f1">
<input type="hidden" name="ticket_id" value="<? echo $_REQUEST['ticket_id']; ?>" />
<input type="hidden" name="req_id" value="<? echo $_REQUEST['req_id']; ?>" />
<input type="hidden" name="action" value="log_hours" />
<input type="hidden" name="req_name" value="<? echo $_REQUEST['req_name']; ?>" />
<input type="hidden" name="admin" value="<? echo $_REQUEST['admin']; ?>" />
<input type="hidden" name="user" value="<? echo $_SESSION['username']; ?>" />
<input type="hidden" name="added_user" value="<? echo $_REQUEST['added_user']; ?>" />
<input type="hidden" name="dow" value="<? echo $_REQUEST['dow']; ?>" />
<input type="hidden" name="daytotal" value="<? echo $_REQUEST['daytotal']; ?>" />
Then, I am running this query from admin_task_daily.php:
$sql_update="UPDATE TICKETS_DAILY
SET ".$_REQUEST['dow']."=".$_REQUEST['hours_spent'].
" WHERE ticket_id=".$ticket_id.
" AND accepted_by='".trim(strtoupper($_SESSION['username']))."'
AND req_id=".$req_id;
mssql_query($sql_update);
I am getting this error: Warning: mssql_query() [function.mssql-query]: message: Line 2: Incorrect syntax near '<'. (severity 15) in E:\Inetpub\wwwroot\securty_tracking\admin_task_daily.php on line 40
Line 40 is the line where mssql_query() is called. I am almost positive that it is a problem with the posting of "dow", because if i replace the value of "dow" with the name of a column that it could be, there is no error.
This is the declaration of the variable dow:
$dow="$today[weekday]";
Does anyone have any ideas that I could try? Thank you.
