Member Avatar for Kniggles

hi can anyone see why this is not working please ?

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id= $_COOKIE['id']");

all i am trying to do is add one to the sessions id col brick,
thanks.

  • 2 Contributors
  • 3 Replies
  • 173 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by cereal

Recommended Answers

All 3 Replies

Member Avatar for cereal

You're using an array, so you have to surround it with parentheses, otherwise you have to escape the single quotes:

mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id = {$_COOKIE['id']}");

In addition, use prepared statements, otherwise a user can push in arbitrary code:

Member Avatar for Kniggles

Thanks cereal ,

    mysqli_query($con,"UPDATE goodship SET brick=brick+1 WHERE id ={$_SESSION['id']} ");

this works, need to use SESSIONS though, thanks for the pointers on prepared statements, can see a need for them . if i was to use one in this UPDATE scenario this is the main line i would change ?

/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE Name={$_SESSION['id']} ")) {

and then i do not use the

printf("%s is in district %s\n", $city, $district);

?

thanks.

Member Avatar for cereal

You're welcome!

Yes, because the update query would return only the affected rows. So, the complete version would be:

$stmt = $mysqli->prepare("UPDATE brick FROM goodship WHERE name = ?");
$stmt->bind_param('s', $_SESSION['id']);
$stmt->execute();

if($stmt->affected_rows() > 0)
{
    # continue
}

Where the s in the bind_param method stands for string, if the id is a digit, then change it to: i for integer, d for double.

Bye!

Edited by cereal
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.