hi can anyone see why this is not working please ?
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");
all i am trying to do is add one to the sessions id col brick,
thanks.
hi can anyone see why this is not working please ?
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");
all i am trying to do is add one to the sessions id col brick,
thanks.
You're using an array, so you have to surround it with parentheses, otherwise you have to escape the single quotes:
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id = {$_COOKIE['id']}");
In addition, use prepared statements, otherwise a user can push in arbitrary code:
Thanks cereal ,
mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id ={$_SESSION['id']} ");
this works, need to use SESSIONS though, thanks for the pointers on prepared statements, can see a need for them . if i was to use one in this UPDATE scenario this is the main line i would change ?
/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE Name={$_SESSION['id']} ")) {
and then i do not use the
printf("%s is in district %s\n", $city, $district);
?
thanks.
You're welcome!
Yes, because the update query would return only the affected rows. So, the complete version would be:
$stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE name = ?");
$stmt->bind_param('s', $_SESSION['id']);
$stmt->execute();
if($stmt->affected_rows() > 0)
{
# continue
}
Where the s
in the bind_param method stands for string, if the id is a digit, then change it to: i
for integer, d
for double.
Bye!
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.