The problem with this feature. The code does not execute.

Question

The problem with this feature. The code does not execute.

The function should update the values in the database.

Here is the code:

//Functions //Function to Update users networth function update_net($name) { //Get worth & balance at the time $sql_to_get_worth_balance = "SELECT * FROM user WHERE username = '$name'"; $sql_query = mysql_query($sql_to_get_worth_balance); while ($rows = mysql_fetch_assoc($sql_query)) { $worth = $rows['worth']; $balance_ = $rows['cash_balance']; } //Get net_worth now $new_net_worth = $worth + $balance; //Update net_worth $sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'"; $sql_worth_query = mysql_query($sql_worth); }

It is used here:

 //Get username $username = $_SESSION['username']; if (isset($username)) { //Update networth $update_worth = update_net($username);

+4

php

Tapha Mar 15 '10 at 21:14

source share

4 answers

You forget where name = $ name in the update request (which will update the whole table!)
I hope your $ name will never be able to store user input because your sql is vulgar for injection.

+3

Kris Mar 15 '10 at 21:21

source share

May be:

 //Update net_worth $sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'"; $sql_worth_query = mysql_query($sql_worth);

Must read:

 //Update net_worth $sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'"; $sql_worth_query = mysql_query($sql_for_new_worth);

+1

Neon ninja Mar 15 '10 at 21:41

source share

Maybe you should make a transaction?

0

Dmitry Mar 15 '10 at 21:16

source share

Gavin gilmour · Accepted Answer · 2010-03-15T21:18:03+0000

You probably need a WHERE clause at the end of this query: -

 $sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";

eg.

 $sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth' WHERE username = '$name';

The problem with this feature. The code does not execute.

More articles: