hi can anyone see why this is not working please ?
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");
all i am trying to do is add one to the sessions id col brick,
thanks.
Kniggles 0 Light Poster
cereal 1,524 Nearly a Senior Poster Featured Poster
You're using an array, so you have to surround it with parentheses, otherwise you have to escape the single quotes:
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id = {$_COOKIE['id']}");
In addition, use prepared statements, otherwise a user can push in arbitrary code:
Kniggles 0 Light Poster
Thanks cereal ,
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id ={$_SESSION['id']} ");
this works, need to use SESSIONS though, thanks for the pointers on prepared statements, can see a need for them . if i was to use one in this UPDATE scenario this is the main line i would change ?
/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE Name={$_SESSION['id']} ")) {
and then i do not use the
printf("%s is in district %s\n", $city, $district);
?
thanks.
cereal 1,524 Nearly a Senior Poster Featured Poster
You're welcome!
Yes, because the update query would return only the affected rows. So, the complete version would be:
$stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE name = ?");
$stmt->bind_param('s', $_SESSION['id']);
$stmt->execute();
if($stmt->affected_rows() > 0)
{
# continue
}
Where the s in the bind_param method stands for string, if the id is a digit, then change it to: i for integer, d for double.
- http://www.php.net/manual/en/mysqli-stmt.bind-param.php
- http://www.php.net/manual/en/mysqli-stmt.affected-rows.php
Bye!
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.