1

I'm working on a small project: a small number crunching game.

I want to have a php file that can accept inputs and interpret them into specified database updates.

Here is what I have so far. It doesn't seem to be working for me.

$name = $_GET['n'];
$action = $_GET['a'];
$result = mysql_query("SELECT * FROM players WHERE Username ='".$name."'");

while($row = mysql_fetch_array($result)) {
  if ($action = "rankup") mysql_query("UPDATE players SET Level 'Level+1' WHERE Username='".$name."'");
}

mysql_close($con);

I'm not getting any errors, but its not working, and all the database connections are fine.

I dont know what the problem is.

Improve this question
8
  • 1
    At first please use mysql_real_escape_string($_GET['foo']) for every user input you pass to the DB. Second, you should use the more "modern" way of accessing the DB with PHP PDO (see php.net/pdo). Commented Jul 11, 2012 at 21:57
  • First of all the database functions you are using are obsolete. You should use mysqli_query and mysqli_close not mysql. Commented Jul 11, 2012 at 21:57
  • To block sql injection attacks right? Commented Jul 11, 2012 at 21:57
  • Explain how it's not working. Commented Jul 11, 2012 at 21:59
  • 1
    Didn't you mean SET Level=Level+1 ? Commented Jul 11, 2012 at 22:01

2 Answers 2

Reset to default
2

Several mistakes here :

  • You're not sanitizing your inputs, please read about SQL Injections
  • You're not checking the output of your mysql_query. The query with SET Level 'Level+1' is invalid, you forgot a = and remove quotes
  • $action == 'rankup', not =
  • Please consider using PDO for new projects, it's a way better interface than mysql_ functions.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You want to enter your sql query like this

'UPDATE players SET Level= (Level+1)  WHERE Username='.$name.'

Also any database function that begins with mysql should be replaced with mysqli. This is because PHP is phasing out functions beginning with mysql in the next edition.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.