Problem with sc_exec_sql

I am not sure if this is a bug or not. but i face this problem, and I do not know how to solve it because I’m still a beginner in php and scriptcase. I really appreciate everyone help.

I want to run this in “onValidateSuccess” Event just like the demonstrator did in this tutorial Scriptcase Applications - Control - YouTube at timestamp 4:15

$sql=“UPDATE products SET quantityInStock = quantityInStock - “.{qty}.” WHERE productCode=”.{productCode};

sc_exec_sql($sql);

sc_alert(“Inventory updated successfully!”);

but when i click submit on my application, the screen turn blank.
its weird because the sc_alert work just fine if i run that line alone…

*quantityInStock is the field name in my database
*qty is the field name in my scriptcase application
the logic is i want to update my product stock after selling the product to customer…

quantityInStock holds the number of stock the product has
qty holds the number of product sold to customer

Hello @aliahusna
You can activate debug mode to see how is created de SQL query.
Anyhow I see that

WHERE productCode=”.{productCode};

probably should be WHERE productCode= “.{productCode} .”;";

Better to change statement with:
$sql=“UPDATE products SET quantityInStock = quantityInStock - “.{qty}.” WHERE productCode=”.sc_sql_injection({productCode});
This also helps in case the field is alphanumeric.

also produc_code , is it numeric? u better of always using an exra pair of single quotes around where
productCode=’ " .sc_sql_injection({productCode}) . “’”

it seems that sc_sql_injection does already the job

Please try the below

$sql=“UPDATE products SET quantityInStock = quantityInStock - '”.{qty}."’ WHERE productCode=’".{productCode} . “’”;

Note: There are single quotes inside double quotes. This forum is converting the quotes in a different way and hence dont just copy paste. You will have to change them in order to work.