0

I am pretty new to PHP and I am trying to make an inventory database. I have been trying to make it so that a user can enter a card ID and then amount the want to add to the inventory and have it update the inventory. For example someone could type in test and 2342 and it would update test. Here is what I have been trying with no success:

add.html

<body>
  <form action="add.php" method="post">
    Card ID: <input type="text" name="CardID" />
    Amount to Add: <input type="text" name="Add" />
    <input type="submit" />
  </form>
</body>
</html>

add.php

<?php
$link = mysql_connect('host', 'username', 'password');
 if (!$link){
    die('Could not connect: ' . mysql_error());
   }
 mysql_select_db("tdm_inventory", $link);
 $add = $_POST[Add]
 mysql_query("UPDATE cardLists SET AmountLeft = '$add' WHERE cardID = 'Test'");
 echo "test successful";
 mysql_close($link);
?>
Improve this question
2
  • You probably want to change your username and password now.. Commented Mar 22, 2010 at 20:36
  • I did now. Crap that was dumb Commented Mar 22, 2010 at 20:40

1 Answer 1

Reset to default
1

I think you are missing quotes around your POST value for one. You are also committing one of the cardinal sins of PHP development putting the variables right in your SQL string like that. Try this instead:

<?php
 $link = mysql_connect('host', 'username', 'password');
 if (!$link)
 {
   die('Could not connect: ' . mysql_error());
 }
 mysql_select_db("tdm_inventory", $link);
 if (mysql_errno()) 
 { 
   echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
 }
 $add = $_POST["Add"]
 $query = sprintf("UPDATE cardLists SET AmountLeft = AmountLeft + %s WHERE cardID = 'Test'", mysql_real_escape_string($add));
 mysql_query($query);
 if (mysql_errno()) 
 { 
   echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
 }
 echo "test successful";
 mysql_close($link);
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Sorry, I did not actually leave the variable there originally. I was just trying something out and forgot to change it back. And thanks to whoever changed my database information out. I cant believe I forgot to remove that myself
@shinjuo: It's still available in the revision log. Please change your db user / pass.
I changed the login info now from that screwup
carson, you also commit the cardinal sin of assuming the query will be successful, even if it is syntactically valid. Slap in a mysql_error() check in there as well.
Where would I put that at to test?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.