0

hi can anyone see why this is not working please ?

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");

all i am trying to do is add one to the sessions id col brick,
thanks.

2
Contributors
3
Replies
20
Views
3 Years
Discussion Span
Last Post by cereal
2

You're using an array, so you have to surround it with parentheses, otherwise you have to escape the single quotes:

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id = {$_COOKIE['id']}");

In addition, use prepared statements, otherwise a user can push in arbitrary code:

0

Thanks cereal ,

    mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id ={$_SESSION['id']} ");

this works, need to use SESSIONS though, thanks for the pointers on prepared statements, can see a need for them . if i was to use one in this UPDATE scenario this is the main line i would change ?

/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE Name={$_SESSION['id']} ")) {

and then i do not use the

printf("%s is in district %s\n", $city, $district);

?

thanks.

1

You're welcome!

Yes, because the update query would return only the affected rows. So, the complete version would be:

$stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE name = ?");
$stmt->bind_param('s', $_SESSION['id']);
$stmt->execute();

if($stmt->affected_rows() > 0)
{
    # continue
}

Where the s in the bind_param method stands for string, if the id is a digit, then change it to: i for integer, d for double.

Bye!

Edited by cereal

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.