Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
The coding below works like when a user clicks submit, he get one ticket (lodd) and loses five points because he bought one ticket for five points. But I miss when a user don't get five points he can't buy. I want that if the user doesn't get enough points then an echo says (example):
Sorry, but you need at least five points to buy a ticket.
How can I do that? Now people only go in minus if they buy more than they have.
<?php
session_start();
//=============Configuring Server and Database=======
$host = 'localhost';
$user = 'root';
$password = '';
//=============Data Base Information=================
$database = 'login';
$conn = mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish connection with the server
mysql_select_db($database,$conn) or die('Database Information is not correct');
//===============End Server Configuration============
//=============Starting Registration Script==========
$username = mysql_real_escape_string($_POST['txtusername']);
//=============To Encrypt Password===================
//============New Variable of Password is Now with an Encrypted Value========
$insert = "UPDATE `users` SET `points` = (`points`-5) WHERE `username` = '".$username."'";
mysql_query($insert);
// Other code
$insert = "UPDATE `users` SET `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
mysql_query($insert);
header('location: succes.php');
?>
This is the code that give people one ticket for five points:
$insert = "UPDATE `users` SET `points` = (`points`-5) WHERE `username` = '".$username."'";
mysql_query($insert);
// Other code
$insert = "UPDATE `users` SET `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
mysql_query($insert);
First, mysql_* are deprecated so you should look at changing them at some point. One option is to use: MySQLi
Back to your question, you could do this:
$insert = "UPDATE `users` SET `points` = (`points`-5) WHERE `username` = '".$username."' and points > 5";
mysql_query($insert);
if (mysql_affected_rows() > 0)
{
// other codes
$insert = "UPDATE `users` SET `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
}else{
echo "You don't have enough points";
}
Related
<?php
session_start();
//get the location name/address.
$address = $_POST['table'];
$_SESSION['myaddress'] = $address;
$username = $_SESSION['username'];
//connection details.
$sev_host = "localhost";
$sev_username = "root";
$sev_password = "";
$sev_db = "mydata";
//Connecting server with db.
$conn = mysqli_connect($sev_host, $sev_username, $sev_password, $sev_db);
if (!$conn) {
die("Error : " . mysqli_connect_error());
}
//Check if the table exist, and if not then create the table
$pre_check = "select location from users where username='$username";
$result_pre_check = mysqli_query($conn, $pre_check);
$pre_remove = "delete from $result_pre_check where username='$username'";
mysqli_query($conn, $pre_remove);
$pre_insert = "update users set location='$address' where username='$username'";
mysqli_query($conn, $pre_insert);
$sql = "CREATE TABLE $address (id int(6) unsigned auto_increment primary key, username varchar(255) not null, src varchar(255) not null)";
$sql2 = "INSERT INTO $address (id, username, src) VALUES ('', '$username', '')";
mysqli_query($conn, $sql);
mysqli_query($conn, $sql2);
?>
This is my php code, and I seem to have a problem in it. This code is attached to a button and runs when it is clicked, but it's not giving me the required result. As you can see that I am deleting a row on $pre_remove statement, but when the code runs everything works except that the required row is not removed from the table.
The code works fine and it doesn't give out any debug errors. Any ideas?
The reason this doesn't work lies within your query on $pre_remove
A good way to debug your code, would be to use functions like var_dump, print_r etc. to see what your variables actually contains.
In this specific case, the problem lies within delete from $result_pre_check
$result_pre_check is not a variable. Again, you can do a var_dump($result_pre_check) to see what this variable is / contains.
Your query to delete a user based on username would however work if it was:
$pre_remove = "delete from users where username='$username'";
You can try something like this,
$pre_remove = "DELETE FROM users WHERE username IN (
SELECT location FROM users WHERE username='$username'
)";
mysqli_query($conn, $pre_remove);
instead of ,
$pre_check = "select location from users where username='$username";
$result_pre_check = mysqli_query($conn, $pre_check);
$pre_remove = "delete from $result_pre_check where username='$username'";
mysqli_query($conn, $pre_remove);
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
Please find my code below:
<?php
//Insert New User to Database
$username = "root";
$password = "root";
$hostname = "localhost";
$db = "ab-cargo";
$conn = mysqli_connect($hostname, $username, $password, $db);
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$user_id = $_SESSION['namechat'];
$user_email = $_SESSION['emailchat'];
$last_login = $datetime_formatted;
mysqli_query($conn,"INSERT INTO users (`user_id`, `user_email`, last_login, isActive) VALUES ('".$user_id."', '".$user_email."', '".$last_login."', 1)");
mysqli_query($conn,"UPDATE users SET last_login = ".$last_login.", isActive = 1 WHERE `user_email` = ".$user_email."");
?>
Please help me to find what's wrong with mysqli_query because it won't update and insert the data in my database, even though the connection is finely working (I know it because user is able to login).
Edit: Query insert is to input new user data into the database and if the user data is already in the database before, the update query will update last_login time/date only.
You need to prevent MySQL injection with mysqli_real_escape_string. Read up more about this function here.
Use or die mysqli_error($conn) to check for errors in query.
Also, check if each query is successful before proceeding to the next one.
$user_id = mysqli_real_escape_string($conn, $_SESSION['namechat']);
$user_email = mysqli_real_escape_string($conn, $_SESSION['emailchat']);
$last_login = mysqli_real_escape_string($conn, $datetime_formatted);
$query1 = mysqli_query($conn,"INSERT INTO users (`user_id`, `user_email`, last_login, isActive) VALUES ('$user_id', '$user_email', '$last_login', 1)") or die mysqli_error($conn);
if ($query1) $success = 1;
if ($success) $query2 = mysqli_query($conn,"UPDATE users SET last_login = '$last_login', isActive = 1 WHERE `user_email` = '$user_email'");
if ($query2) echo 'User added';
$_SESSION['namechat']= "1";
$_SESSION['emailchat']= "example#gmail.com";
//SET DATE TIME ZONE
date_default_timezone_set("Asia/Calcutta");
$datetime_formatted = date("h:i:sa");
$user_id = $_SESSION['namechat'];
$user_email = $_SESSION['emailchat'];
$last_login = $datetime_formatted;
//HERE INSERT THE DATA INTO USER
$sql = "INSERT INTO users (user_id, user_email, last_login, isActive) VALUES ('$user_id', '$user_email', '$last_login', '1')";
if(mysqli_query($conn,$sql)){
echo "sql inserted successfully";
}
else
{
echo "failed to insert".$sql."<br>".mysqli_error($conn);
}
//HERE UPDATE THE DATA INTO USER
$sql_up ="UPDATE users SET last_login ='$last_login', isActive = '1' WHERE user_email = '$user_email'";
if(mysqli_query($conn, $sql_up)){
echo "Data Updated";
}
else
{
echo "Failed to Updated the data".$sql_up."<br>".mysqli_error($conn);
}
I had been trying many methods to update a specific row in my sql data base named juytdb having table users having colum names username and email. First I tried to connect and connection was successfull,
$localhost = "localhost";
$dbuser = "google";
$dbpass = "";
$dbname = "juytdb";
$connect = mysql_connect($localhost ,$dbuser ,$dbpass);
mysql_select_db($dbname, $connect);
Now while I wanted to update a specific row I used
session_start();
$username = $_SESSION['var']; //acutally users are logged so I just need to add their email
$email = $_POST['email']; //value I got from an inputbox
UPDATE users
SET email='google#gmail.com';
WHERE username='billy';
this does not work, I also tried
$sql = "UPDATE 'users' SET 'email' = '$email' WHERE 'username' = '$username'";
mysql_query($sql);
additionally the default values of email is set to "not added"
You have single quotes where you should have backquotes. Try this:
$sql = "UPDATE `users` SET `email` = '$email' WHERE `username` = '$username'";
Try this:
$sql = "UPDATE users SET email = '".$email."' WHERE username = ".$username;
i need to subtract an mysql update. here is the code:
<?php
session_start();
//=============Configuring Server and Database=======
$host = 'localhost';
$user = 'root';
$password = '';
//=============Data Base Information=================
$database = 'login';
$conn = mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');
//===============End Server Configuration============
//=============Starting Registration Script==========
$username = mysql_real_escape_string($_POST['txtusername']);
//=============To Encrypt Password===================
//============New Variable of Password is Now with an Encrypted Value========
$insert = "UPDATE `users` SET `points` = (`points`-5) WHERE `username` = '".$username."'";
$insert = "UPDATE `users` SET `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
header('location: succes.php');
?>
the +1 work perfect but it dont work to -5... how can i do so that they get -5 points?
the +1 work correctly because the query with -5 will never be called as it is overwritten by the query that has +1.
you should have this code, (Although this is not the correct one)
$insert = "UPDATE `users` SET `points` = (`points`-5) WHERE `username` = '".$username."'";
mysql_query($insert);
// other codes
$insert = "UPDATE `users` SET `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
follow-up question: what are the dataypes of the two columns? are they unsigned or signed?
You're overwriting the first statement with the second. Try this:
$insert = "UPDATE `users` SET `points` = (`points`-5), `lodd` = (`lodd` +1) WHERE `username` = '".$username."'";
mysql_query($insert);
This question already has an answer here:
Closed 10 years ago.
Possible Duplicate:
mysql kill process is user dont got enought points PHP
i have a points system with user system where people can upgrade to [PRO] user with 50 points. When they register it automaticly write [user] down to my rights field. but now i want so after a'n action it check if they got 50 points and then replace [user] with [PRO] and then subtrac 50 points.
<?php
session_start();
//=============Configuring Server and Database=======
$host = 'localhost';
$user = 'root';
$password = '';
//=============Data Base Information=================
$database = 'login';
$conn = mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');
//===============End Server Configuration============
//=============Starting Registration Script==========
$username = mysql_real_escape_string($_POST['txtusername']);
//=============To Encrypt Password===================
//============New Variable of Password is Now with an Encrypted Value========
$insert = "UPDATE `users` SET `points` = (`points`-50) WHERE `username` = '".$username."' and points > 50";
mysql_query($insert);
if (mysql_affected_rows() > 1)
{
// other codes
$insert = "UPDATE `users` SET `rights` = (`rights` [PRO]) WHERE `username` = '".$username."'";
mysql_query($insert);
header('location: succesupgrade.php');
}else{
echo "You don't have enough points to buy [PRO]";
}
?>
Again: i want so after people buy [PRO], the [user] get replaced with [PRO]. ANd then they lose 50 points. and if they dont got 50 points. echo says something.
Do it in one:
UPDATE `users`
SET `rights` = '[PRO]', points = points - 50
WHERE
`username` = 'somename'
AND points >= 50
AND rights != '[PRO]'
And just check whether you have an effected row or not. If they don't have enough points, it won't update, and neither will it when they already have the right. This avoids race conditions.