You have an error in your SQL syntax; check the manual that corresponds to your .....

Gmans

Hi
When i call this page I get this failure. What cann be wrong?:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where user=''' at line 1

<?php
include("functions.php");
include("loadcfg.php");
$cfg = load_cfg ("secure/configure.cfg");

//////////////////////////////////////////
  // Create transaction entry in DB
  //////////////////////////////////////////


  $now =  time();

  //create insert query
  $sql= "insert into transactions (user, txn_id, item_name, ammount1,ammount3, tax, period1, period3, payment_type, ";
  $sql.="payer_email, payment_status, receiver_email,pending_reason,txn_type,created  ) ";
  $sql.="Values ('";
  $sql.= trim($_POST["x_description"]) . "','";
  $sql.= $_POST["x_trans_id"] . "','";
  $sql.= $cfg["pp_prodname"] . "','";
  $sql.= "1','";
  $sql.= 1 . "','";
  $sql.= 0 . "','";
  $sql.= 0 . "','";
  $sql.= 0 . "','";
  $sql.= $_POST["x_method"] . "','";
  $sql.= $_POST["x_email"] . "','";
  $sql.= "New" . "','";
  $sql.= $_POST["x_email"] . "','";
  $sql.= 0 . "','";
  $sql.= $_POST["x_method"] . "','";
  $sql.= "$now')";  

  //insert into DB
  db_connect ($cfg["db_server"], $cfg["db_user"], $cfg["db_pass"], $cfg["db_database"]);
  $result = db_query ($sql);

  //update the user's information
  if($t["pay_interval"] == "Monthly") {
  	$expire = $now + (60 * 60 * 24 * 30); }
  else if($t["pay_interval"] == "Yearly") {
  	$expire = $now + (60 * 60 * 24 * 365); }

  $user = trim($_POST["x_description"]);
  $sql = "update users set billing='1',expire=$expire where user='$user'";
  db_query($sql);
  mysql_close();

dagon

echo $sql and post that here, its to hard to read as is

Gmans

This is what I get on the anresponse.php page:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where user=''' at line 1

dagon

well user looks blank to me, but i did ask you to echo $sql.

rsmith

$sql = "update users set billing='1',expire=$expire where user='$user'";

I'm thinking you need to put single quotes around $expire since you do it around every other value but that one or you could try

$sql = "update `users` set billing='1', expire='".$expire."' where user='".$user."'";

Gmans

I have made that changes you mentioned. An d know I only get a blank page. Mayby the problem is in how i call the anresponse.php page. The anresponse.php page only set some values in the database so that the user cann se his payment history via a user menu. Below there is the script for the usermenu. when the anresponse.php page not have been run the paymenthistorypage is blank. How do I activate the anresponse.php page correctly. What I have tryed ontil now dosent work.
thanks.

//////////////////////////////////////////////////////
// Transactions Page
//////////////////////////////////////////////////////
if ($page=="history") {
redirect ("anresponse.php");
echo "<h2>Betalingshistorik</h2>";
//query db
db_connect ($cfg["db_server"], $cfg["db_user"], $cfg["db_pass"], $cfg["db_database"]);
$sql = "select * from transactions where user=$cur_user order by created desc";
$result = db_query ($sql);
echo "<table border=1 width=100% bordercolor=cdcdcd cellpadding=4><tr bgcolor=cdcdcd>";
echo "<td>#<Td>Type<td>Betaler<Td>Beløb<Td>Status<td>Dato";
while ($row=mysql_fetch_object($result)) {
$id = $row->user;
$ammount=$row->ammount1;
$status = $row->payment_status;

switch ($row->txn_type) {
case "web_accept": $type="One Time Payment";
break;
case "subscr_signup": $type="Free Trial Signup";$ammount="Free";$status="Completed";
break;
case "subscr_payment": $type="Recurring Payment";
break;
default: $type=$row->txn_type;
break;
}
echo "<tr><td>" . $row->transaction . "<Td>$type";
echo "<td>".$row->payer_email. "<Td>$ammount";
echo "<td>$status";
echo "<td nowrap>" . date("d/m/Y H:i:s",$row->created);
}
mysql_close();
echo "</table><br />";
}