somebody answer me

Is there any wrong with this code?
Pls.answer me back
thankzzzz

$accno=$_GET['accno'];
$penalty=$_GET['penalty'];

if(!isset($_SESSION)) session_start();
include ("myconnector.php");

$news=mysql_query("SELECT * FROM books WHERE AccNo='" . $accno . "'") or die(mysql_error());
if($info=mysql_fetch_array($news)){

$news=mysql_query("INSERT INTO history (accno,borrower,borrowdate,returndate,penalty,status) VALUES('" . $info['AccNo'] . "','" . $info['Release'] . "','" . $info['taym'] . "','" . date('Y-m-d H:i:s',time()) . "','" . $penalty . "','COLLECT')") or die(mysql_error());

$news=mysql_query("UPDATE books SET books.Reserve='', books.Release='' , taym='0000-00-00 00:00:00' WHERE books.AccNo='" . $accno . "'") or die(mysql_error());
header("Location: admin_books.php");

}
?>

 

Let me know where you get the error.

 

I don't think this part is correct,

$news=mysql_query("UPDATE books SET books.Reserve='', books.Release='' , taym='0000-00-00 00:00:00' WHERE books.AccNo='" . $accno . "'") or die(mysql_error());

Code (markup):

 

very unsecure... is all I can say
Nothing else jumps out anyway, let us know what kind of error you are getting (I'd bet on something to do with headers already sent )

aXe

 

If your php.ini display_errors is ON,you should get some notice.
Actually,this code will be break...

By the way,you'd better to tell us what the error is.