9

I am using codeigniter, and I have the following function in my model to give points to the user. It is however not working, rather setting the points column to 0.

This is how it is written in the codeigniter manual. Therefore I have no clue why it is not working...

Thanks

function give_points($username,$points)
{
    $this->db->set('points', 'points + $points');
    $this->db->where('username', $username);
    $this->db->update('users'); 
    echo"done";
}
Improve this question
0

3 Answers 3

Reset to default
15

You have to tell CI specifically to not escape the text. Something like:

$this->db->set('points', 'points + ' . (int) $points, FALSE);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Not sure this is the cause of your problem, but you are using single quotes, on the following lines :

$this->db->set('points', 'points + $points');

With this, the $points string will be injected as-is, literally, into your SQL query -- it's not its value that's going to be used.


If you want $points to be interpolated (so its value is put in its place, in that string), you must use double quotes :

$this->db->set('points', "points + $points");


For more informations about variable interpolation, see the Variables parsing section of the PHP Manual.

Improve this answer

2 Comments

That producse the query: UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' which does not work.. any further ideas?
Looks like your points field in the database is an integer, and you are trying to access it like a string : your query should look like UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' ;;; Maybe you have some way of indicating that to CI ? I don't know CI well enough to help more, sorry.
-1

If there is a chance, always check the created SQL query - I do not know how to do it with CI.

However, your set() looks flawed.

$this->db->set('points', "points + $points");

Previously, $points was part of the string, and not expanded by the contents of $points, due to you using a single quote instead of a double quote - see the manual regarding strings in PHP.

$this->db->set('points', 'points + ' . (int) $points);

A slighty better code is the one above, as it defeats possible SQL injection, depending on where $points originally comes from.

Improve this answer

2 Comments

Both suggestions produce the query: UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' This query is not working... Thanks
You have to check the CI manual then. It seems as if CI always puts the given string in set() into quotes, so this cannot work that way.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.