0

I am writing php to update a user's balance, but my UPDATE query seems to be throwing an error when it is executed.

    $student = $database->quote($_POST ["studentID"]);
    $amount = $database->quote($_POST ["update_balance"]);

    //sets query to update user balance
    $query = "UPDATE `User` SET `balance`= (`.$amount.`) WHERE `userID`= (`.$student.`)";
    //excecutes the query
    $database->exec($query);

The 'studentID' and 'update_balance' are names of input fields being captured in the HTML.

Improve this question
3
  • remove ( and ) before and after variables Commented Jul 10, 2016 at 10:05
  • Possible duplicate of Reference - What does this symbol mean in PHP? Commented Jul 10, 2016 at 10:07
  • @zahraj added your fix , thanks for suggestion! :) Commented Jul 10, 2016 at 10:14

2 Answers 2

Reset to default
1

remove (`. things . and run sql query

$query = "UPDATE `User` SET `balance`= '$amount' WHERE `userID`= '$student'";
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This fixes the issue of it the error being thrown, however it is updating the balance from 'NULL' to 0. The type is an int and the input tag has a type of "number". Could it possibly be passing the $amount through as a string and converting that to 0?
Apologies, i was referencing the wrong field in $amount. Should really check better before i ask silly questions.
your problem solved or no? if no echo your query and paste it here
@GeorgieLyme would you pleae mark this as a correct answer? :)
0

You should use prepared statements as it's considered much safer than any string escaping mechanism:

$statement = $somePdoInstance->prepare("UPDATE user SET balance = :balance WHERE userId = :user_id");
$statement->execute(array(
   "balance" => $amount, // the values from POST
   "user_id" => $student
));

Now your update query should work fine and it's much safer.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.