How to concatenate strings and variables in sql script within php?

So i have a script similar to the one below. I am trying to write a sql script within this php script that will be doing some updating or inserting depending on the condition. However I am running into a problem with how i have concatenated my variables within the script. The while loop does not work, but before this I had the for loop running and that seemed to work properly. What I am doing wrong here?

P.s. I know many of you will complain about sql injection, but this is an in house project within our company so everything is secure within a seperate network and a seperate VM this is being hosted on and tested.

   <?php
include_once 'DbConnectPSI.php';
    global $connect;
    global $record3;
    global $emptyQ;
    global $rightOn;
    global $i;
    global $SqlArr;
    $rightOn="Thank you, your time has been inserted successfully";
    $i = 0;
    $SqlArr = $_POST['SqlArr'];

    while($i <= sizeof($SqlArr)) {
        $emptyQ = "IF Exists (Select * from EmployeeTimesheetstemp where empid= $SqlArr[$i][0]  and Day= '$SqlArr[$i][2]'  and Title='$SqlArr[$i][3]' and Description='$SqlArr[$i][4]')
        Update EmployeeTimesheetstemp Set Value=$SqlArr[$i][5] where empid=$SqlArr[$i][0] and Day='$SqlArr[$i][2]' and Title='$SqlArr[$i][3]' and Description='$SqlArr[$i][4]'
        Else Insert into EmployeeTimeSheetstemp(EmpId,WkEnd,Day,Title,Description,Value,Timestamp,Abbrevjob) Values";
        $emptyQ = $emptyQ . '('. $SqlArr[$i][0]. ', ' . "'". $SqlArr[$i][1] ."'" . ', '. "'". $SqlArr[$i][2] ."'"  .', '. "'". $SqlArr[$i][3] ."'"  .', '. "'". $SqlArr[$i][4] ."'"  .', '.  $SqlArr[$i][5]  .',' . 'getDate()' . ', '.  $SqlArr[$i][6]  .')';
        $i = $i + 1;    
    }
    $record3 = odbc_exec($connect, $emptyQ);
    //echo ($rightOn);
    echo($emptyQ);      
    odbc_close($connect);
    ?>

FOR LOOP:

 $emptyQ="Insert into EmployeeTimesheetsTemp (EmpId, WkEnd,Day,Title,Description,Value,TimeStamp,AbbrevJob) Values";

    for ($i=0;$i<sizeof($SqlArr);$i++) {
        if($i==sizeof($SqlArr)-1){

        $emptyQ=$emptyQ . '('. $SqlArr[$i][0]. ', ' . "'". $SqlArr[$i][1] ."'" . ', '. "'". $SqlArr[$i][2] ."'"  .', '. "'". $SqlArr[$i][3] ."'"  .', '. "'". $SqlArr[$i][4] ."'"  .', '.  $SqlArr[$i][5]  .',' . 'getDate()' . ', '.  $SqlArr[$i][6]  .')';
        }
        else{

        $emptyQ=$emptyQ . '('. $SqlArr[$i][0]. ', ' . "'". $SqlArr[$i][1] ."'"  .', '. "'". $SqlArr[$i][2] ."'"  . ', '. "'". $SqlArr[$i][3] ."'"  .', '. "'". $SqlArr[$i][4] ."'"  .', '.  $SqlArr[$i][5]  .',' . 'getDate()' .', '.  $SqlArr[$i][6]  .'),';
        }

     }
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s