Why do I get the MySQL Error "Query was empty"?

Question

$id = $_REQUEST['id'];
$Section = $_REQUEST['section'];
$Subject = $_REQUEST['subject'];
$type = $_REQUEST['type'];
$Start_date1 = isset($_REQUEST['startTxt'])?($_REQUEST['startTxt']):"";
$Venue = isset($_REQUEST['venTxt'])?($_REQUEST['venTxt']):"";
$Facilitator = isset($_REQUEST['faciTxt'])?($_REQUEST['faciTxt']):"";
$Level = isset($_REQUEST['lvlLst'])?($_REQUEST['lvlLst']):"";
$Date1 = $_REQUEST['date1'];

if(isset($_REQUEST['EDIT']))
{
    mysql_query("UPDATE service SET Start_date='$Date1', Venue='$Venue', Facilitator='$Faci' WHERE ServiceID ='$id'");
    if (!mysql_query($sql,$con))
    {
     die('Error: ' . mysql_error());
    }

    echo '<script type="text/javascript">';
    echo 'alert("Changes have been save!");';
    echo 'window.location="Admin_RecSchedMapLst.php";';
    echo '</script>';
    mysql_close($con);
}

When I click save it returns "Error: Query was empty" - why is this?

Answer 1

You're calling mysql_query() twice, once with a non-existent $sql parameter:

mysql_query("UPDATE service SET Start_date='$Date1', Venue='$Venue', Facilitator='$Faci' WHERE ServiceID ='$id'");
if (!mysql_query($sql,$con))

should be:

if (!mysql_query("UPDATE service SET Start_date='$Date1', Venue='$Venue', Facilitator='$Faci' WHERE ServiceID ='$id'"))

You're also not escaping your input, leaving you open to SQL injection. You should use bound parameters ideally, or at the very least run your parameters through mysql_real_escape_string().

For example:

$Date1 = mysql_real_escape_string($Date1, $conn);

Answer 2

You are not setting the $sql variable and calling mysql_query() twice.

Answer 3

Please, for the love of the internet, don't built an SQL query yourself. Use PDO.