hi can anyone see why this is not working please ?

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");

all i am trying to do is add one to the sessions id col brick,

Recommended Answers

All 3 Replies

You're using an array, so you have to surround it with parentheses, otherwise you have to escape the single quotes:

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id = {$_COOKIE['id']}");

In addition, use prepared statements, otherwise a user can push in arbitrary code:

Thanks cereal ,

    mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id ={$_SESSION['id']} ");

this works, need to use SESSIONS though, thanks for the pointers on prepared statements, can see a need for them . if i was to use one in this UPDATE scenario this is the main line i would change ?

/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE Name={$_SESSION['id']} ")) {

and then i do not use the

printf("%s is in district %s\n", $city, $district);



You're welcome!

Yes, because the update query would return only the affected rows. So, the complete version would be:

$stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE name = ?");
$stmt->bind_param('s', $_SESSION['id']);

if($stmt->affected_rows() > 0)
    # continue

Where the s in the bind_param method stands for string, if the id is a digit, then change it to: i for integer, d for double.


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.