Hi guys!
I have a database which holds a table called users. in there i have a balance column which contains a numeric value.
I have the following code and for some reason it doesnt work:

<?php
session_start();
include_once("config.php");


?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Search</title>
<link href="style/style.css" rel="stylesheet" type="text/css">
</head>
<body>

<br>
<div id="books-wrapper">

<!-- #content to center the menu -->
<div id="content">
    <!-- This is the actual menu --> 
        <ul id="darkmenu">
      <li><a href="adminHome.php">Home</a></li>
      <li><a href="addBook.php">New Books</a></li>
      <li><a href="adminSearch.php">Search</a></li>
      <li><a href="updateBalance.php">Update Balance</a></li>
</ul>


</div>
    <div id = "welcome" >
        Welcome, <?=$_SESSION['Username'];?>! <br> <a href="logout.php">Logout</a>
    </div>

<br><br>
    <h1 id = "mainHeader" >Update a Students Balance</h1>
<br>   
<div id = "balanceupdate">
<form id = "adsearch" action="updateBalance.php"  method="post">
    <input type="text" name ="search" placeholder="Search For a Student">
<button name="submit" value="search">Search</button>
</form>
<br>
</div>
<?php

if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
    $result = $mysqli->query( "SELECT * FROM Users WHERE Username ='$searchq'");
    if ($result){ 

    //fetch result set as object and output HTML
    if($obj = $result->fetch_object())
    {
        echo '<div class="booksearched">'; 
        echo '<form method="POST" id = "books" action="">';
        echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
        echo '<input type="hidden" name="username" value = "'.$obj->Username.'""  />';
        echo '<br>';
        echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
        echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
        echo '<br>';
        echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
        echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
        echo '<br><br>';
        echo '<button name="submit_btn" class="save_order">Top Up</button>';
        echo '</div>';
        echo '</form>';
        echo '</div>';
    }
}

if(isset($_POST['submit_btn']) && !empty($_POST['newBalance']) ){

    $newBalance = $_POST['newBalance'];
    $username = $_POST['username'];

    $upsql = "UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='".$username ."'";
    $stmt = $mysqli->prepare($upsql);
    $stmt->execute();
}
}
?>
</body>
</html>

I have a textbox called newBalance and want the update statement to add the newBalance to the original balance that is in the database based on the user that has been searched for between lines 39-40.

Currently im able to search for a user and click search, this shows the users first name, last name, Userid and their current balance. The textbox which i enter the new balance is directly below. I dont have any errors showing up when i run the code and nothing is update.

I really need to get this fixed

any help will be appreciated.

Recommended Answers

All 29 Replies

1) Are you sure that you dont have error notification turned off in PHP?
2) Perhaps you need to free your current mysqli resource, as you may be getting an unfreed cursor state.
3) Users in line 50 is not users in line 79 :-/

As a note of concern, though... sanitize your data. It's very rare that you should allow direct POST values to be inserted into your database without cleaning it all up, even though "prepare" does protect against a lot of vectors of attack, doing some additional type checking and sanitizing before hand will save you headaches down the road.

1) error reporting is turned on
2) Not sure how to check that
3) the username that is searched for in the select statement needs to be the username that is looked at in the update statement. But yes it is the same user.

I beleive by seeing there is a mistake done in your query

$upsql = "UPDATE users SET Balance = {$newBalance} WHERE Username={$username}";

Try this Query and check if it's updating or not

I mean the table name.
"SELECT * FROM Users WHERE Username ='$searchq'"
"UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='".$username ."'"

@UK=1991 that didnt work either
@ryantroop im sorry im a little confused as to what youre asking

look closely at your lines of code. One "Users" is capitalized. The other "users" is not. The cases must match.

Ah yes i changed both to lower cased "users" as that is what its called in my database but that still doesnt seem to work :/

that makes such little sense to me... if you were pulling data off "Users" but it's called "users" in the database, where were you pulling data from?

You may also want to put a var_dump($_POST); at line 73 and see if your if checks are truly being met. Personally, I don't often leave action="" even though it, in theory (and, yes, by spec), posts to itself.

isset($_POST['submit_btn']) can be your problem, or on the flip side - if your database expects an INT and you are passing in a VARCHAR, the query will fail. mysqli should throw an exception there, but you say no errors so... *shrug*

doing var_dump($_POST) gave:
array (size=2)
search' => string '123' (length=3) 123 is the username that is being passed in
'submit' => string 'search' (length=6)

which means 'submit_btn' doesn't exist. Hence, why your if check fails, and no update. Change your button to an input type="submit" with a value="1" and you will likely fix your issue.

Same thing as above
array (size=2)
'search' => string '123' (length=3)
'submit' => string 'search' (length=6)

Yeah, you don't even have a new balance in there...

Leads me to believe that you need to fix the action on your form and target the page directly.

just call the same page in the action tag?
so action="updateBalance.php" ?

yes

Ah :/ still nothing works. New code below:

<?php

    session_start();
include_once("config.php");


?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Search</title>
    <link href="style/style.css" rel="stylesheet" type="text/css">
</head>
<body>

<br>
<div id="books-wrapper">

<!-- #content to center the menu -->
<div id="content">
    <!-- This is the actual menu --> 
        <ul id="darkmenu">
          <li><a href="adminHome.php">Home</a></li>
          <li><a href="addBook.php">New Books</a></li>
          <li><a href="adminSearch.php">Search</a></li>
          <li><a href="updateBalance.php">Update Balance</a></li>
    </ul>


</div>
    <div id = "welcome" >
            Welcome, <?=$_SESSION['Username'];?>! <br> <a href="logout.php">Logout</a>
    </div>

<br><br>
    <h1 id = "mainHeader" >Update a Students Balance</h1>
<br>   
<div id = "balanceupdate">
<form id = "adsearch" action="updateBalance.php"  method="post">
    <input type="text" name ="search" placeholder="Search For a Student">
    <button name="submit" value="search">Search</button>
</form>
<br>
</div>
<?php

if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
    $result = $mysqli->query( "SELECT * FROM users WHERE Username ='$searchq'");
    if ($result){ 

    //fetch result set as object and output HTML
    if($obj = $result->fetch_object())
    {
        echo '<div class="booksearched">'; 
        echo '<form method="POST" id = "books" action="updateBalance.php">';
        echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
        echo '<input type="hidden" name="username" value = "'.$obj->Username.'""  />';
        echo '<br>';
        echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
        echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
        echo '<br>';
        echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
        echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
        echo '<br><br>';
        echo '<input type = "submit" value = "Top Up">';
        echo '</div>';
        echo '</form>';
        echo '</div>';
    }
}
var_dump($_POST);
if(isset($_POST['submit']) && !empty($_POST['newBalance']) ){

    $newBalance = $_POST['newBalance'];
    $username = $_POST['username'];

    $upsql = "UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='".$username ."'";
    $stmt = $mysqli->prepare($upsql);
    $stmt->execute();
}
}
?>
</body>
</html>

echo '<input type = "submit" value = "Top Up">';
should be
echo '<input type = "submit" name="submit" value = "1">';

What are you getting now with the var_dump?

same as before:
array (size=2)
'search' => string '123' (length=3)
'submit' => string 'search' (length=6)

I dunno... hit F12 and do a network trace, and see what you are posting and where. I don't see anything else wrong with what you have... especially seeing that your original input type="button" works as is, and happily passes along a value.

Not sure how to do a network trace. :/
I guess ill have to try a different method
Thanks for the help anyway!

If you press the F12 key, and go to the "network" tab (in pretty much any browser", you will be able to do a network trace. IE may require you to press a "play" button, but you will at least be able to see what traffic is going through the browser.

Well it says that the parameters that have been passed through are:
Username - 123 (the username of the user that i searched for)
newBalance - 20 (i typed that in)
submit - 1 (not too sure what that means)

Probably is because you left out the name="submit" in your second form. Try this

<?php
    session_start();
    include_once("config.php");
?>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Search</title>
        <link href="style/style.css" rel="stylesheet" type="text/css">
    </head>
<body>
    <br>
    <div id="books-wrapper">
    <!-- #content to center the menu -->
    <div id="content">
        <!-- This is the actual menu --> 
        <ul id="darkmenu">
            <li><a href="adminHome.php">Home</a></li>
            <li><a href="addBook.php">New Books</a></li>
            <li><a href="adminSearch.php">Search</a></li>
            <li><a href="updateBalance.php">Update Balance</a></li>
        </ul>
    </div>
    <div id = "welcome" >
        Welcome, <?=$_SESSION['Username'];?>! <br> <a href="logout.php">Logout</a>
    </div>
    <br><br>
    <h1 id = "mainHeader" >Update a Students Balance</h1>
    <br>   
    <div id = "balanceupdate">
        <form id = "adsearch" action="updateBalance.php"  method="post">
            <input type="text" name ="search" placeholder="Search For a Student">
            <button name="submit" value="search">Search</button>
        </form>
        <br>
    </div>
<?php
if(isset($_POST['search'])){
    $searchq = $_POST['search'];
    $searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
    $result = $mysqli->query( "SELECT * FROM users WHERE Username ='$searchq'");
    if ($result){ 
    //fetch result set as object and output HTML
        if($obj = $result->fetch_object())
        {
            echo '<div class="booksearched">'; 
            echo '<form method="POST" id = "books">';
            echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
            echo '<input type="hidden" name="username" value = "'.$obj->Username.'""  />';
            echo '<br>';
            echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
            echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
            echo '<br>';
            echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
            echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
            echo '<br><br>';
            echo '<input type = "submit" name="submit" value = "Top Up">';
            echo '</div>';
            echo '</form>';
            echo '</div>';
        }
    }
    var_dump($_POST);
    if(isset($_POST['submit']) && !empty($_POST['newBalance']) ){
        $newBalance = $_POST['newBalance'];
        $username = $_POST['username'];
        $upsql = "UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='$username'";
        $stmt = $mysqli->prepare($upsql);
        $stmt->execute();
    }
}
?>
</body>
</html>

Lets hope for the best
Try this one please?

<?php
session_start();
require('connect.php');
if(isset($_SESSION['username']))
{
$dir="image/";
$file_name=$dir.basename($_FILES['uploads']['name']);
$fileUpload=1;
$imageType=pathinfo($file_name,PATHINFO_EXTENSION);
 $image= addslashes(file_get_contents($_FILES['uploads']['tmp_name']));
   $image_name = addslashes($_FILES['uploads']['name']);
     $image_size = getimagesize($_FILES['uploads']['tmp_name']);
if(move_uploaded_file($_FILES['uploads']['tmp_name'], $file_name))
{
echo "uploaded succesfully" ;
echo "<img src='$file_name' width='50px' height='50px'>";
$querry="SELECT image FROM users WHERE username='$username'" or die(mysql_error());
$result=mysql_query($querry) or die(mysql_error());
$row=mysql_fetch_assoc($result) or die(mysql_error());
$oldimage=$row['image'];
unlink('directory/image/'.$oldimage);
/* $deleter = "DELETE FROM users WHERE image = '$oldimage'";
 if(mysql_query($deleter)) {
echo "Successful!";
 } */
if(!get_magic_quotes_gpc())
{

    $fileName = addslashes($file_name);
}
$sql="UPDATE users SET image='$fileName' WHERE image='$oldimage'";
$result=mysql_query($sql) or die(mysql_error());
if($result)
{
echo "created successfully";
echo "<br>";
echo "<a href='homeprofile.php'>Go back to home page</a>";
}
else
{
echo "cant create";
}
}
}
?>



<?php
    session_start();
    include_once("config.php");
?>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Search</title>
        <link href="style/style.css" rel="stylesheet" type="text/css">
    </head>
<body>
    <br>
    <div id="books-wrapper">
    <!-- #content to center the menu -->
    <div id="content">
        <!-- This is the actual menu --> 
        <ul id="darkmenu">
            <li><a href="adminHome.php">Home</a></li>
            <li><a href="addBook.php">New Books</a></li>
            <li><a href="adminSearch.php">Search</a></li>
            <li><a href="updateBalance.php">Update Balance</a></li>
        </ul>
    </div>
    <div id = "welcome" >
        Welcome, <?= $_SESSION['Username']; ?>! <br> <a href="logout.php">Logout</a>
    </div>
    <br><br>
    <h1 id = "mainHeader" >Update a Students Balance</h1>
    <br>   
    <div id = "balanceupdate">
        <form id = "adsearch" action="updateBalance.php"  method="post">
            <input type="text" name ="search" placeholder="Search For a Student">
            <button name="submit" value="search">Search</button>
        </form>
        <br>
    </div>
<?php
if(isset($_POST['search'])){
    $searchq = $_POST['search'];
    $searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
    $result = $mysqli->query( "SELECT * FROM users WHERE Username ='$searchq'");
    if ($result){ 
    //fetch result set as object and output HTML
        if($obj = $result->fetch_object())
        {
            echo '<div class="booksearched">'; 
            echo '<form method="POST" id = "books">';
            echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
            echo '<input type="hidden" name="username" value = "'.$obj->Username.'""  />';
            echo '<br>';
            echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
            echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
            echo '<br>';
            echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
            echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
            echo '<br><br>';
            echo '<input type = "submit" name="submit" value = "Top Up">';
            echo '</div>';
            echo '</form>';
            echo '</div>';
        }
    }
    var_dump($_POST);
    if(isset($_POST['submit'])){
        $newBalance = $_POST['newBalance'];
        $username = $_POST['username'];
        $balance = $_POST['balance'];
        $total_balance =  $balance + $newBalance;

        if(!empty($_POST['newBalance']){
        $upsql = "UPDATE users SET Balance = '$total_balance' WHERE Username='$username'";
        $stmt = $mysqli->prepare($upsql);
        $stmt->execute();
        }else{
        echo "New Balance is empty";
        }
    }
}
?>
</body>
</html>

@lps: that doesnt work
@Joshuajames.delacruz: i hav 3 errors:
undefined index: newBalance
undefined index: username
undefined index: balance

@spud91
those errors are from what line numbers for example

Notice: Use of undefined constant loggedin - assumed 'loggedin' in D:\xampp\htdocs\attendance_project\admin\admin_area.php on line 5

what line is that so i can easily adjust the codes

can you give the full description of that code like the example i have given you?

The errors are here:
$newBalance = $_POST['newBalance'];
$username = $_POST['username'];
$balance = $_POST['balance'];

After the if(isset($_POST['submit'])){

Remove this or comment that code

var_dump($_POST);

Still doesnt solve anything.

Using ur code i have the following:

<?php
require('config.php');
if(isset($_SESSION['username']))
{
$dir="image/";
$file_name=$dir.basename($_FILES['uploads']['name']);
$fileUpload=1;
$imageType=pathinfo($file_name,PATHINFO_EXTENSION);
 $image= addslashes(file_get_contents($_FILES['uploads']['tmp_name']));
   $image_name = addslashes($_FILES['uploads']['name']);
     $image_size = getimagesize($_FILES['uploads']['tmp_name']);
if(move_uploaded_file($_FILES['uploads']['tmp_name'], $file_name))
{
echo "uploaded succesfully" ;
echo "<img src='$file_name' width='50px' height='50px'>";
$querry="SELECT image FROM users WHERE username='$username'" or die(mysql_error());
$result=mysql_query($querry) or die(mysql_error());
$row=mysql_fetch_assoc($result) or die(mysql_error());
$oldimage=$row['image'];
unlink('directory/image/'.$oldimage);
/* $deleter = "DELETE FROM users WHERE image = '$oldimage'";
 if(mysql_query($deleter)) {
echo "Successful!";
 } */
if(!get_magic_quotes_gpc())
{

$fileName = addslashes($file_name);
}
$sql="UPDATE users SET image='$fileName' WHERE image='$oldimage'";
$result=mysql_query($sql) or die(mysql_error());
if($result)
{
echo "created successfully";
echo "<br>";
echo "<a href='homeprofile.php'>Go back to home page</a>";
    }
    else
    {
        echo "cant create";
}
}
}
?>



<?php
    session_start();
    include_once("config.php");
?>
<!DOCTYPE html>
<html>
    <head>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Search</title>
        <link href="style/style.css" rel="stylesheet" type="text/css">
    </head>
<body>
        <br>
        <div id="books-wrapper">
        <!-- #content to center the menu -->
    <div id="content">
        <!-- This is the actual menu --> 
        <ul id="darkmenu">
            <li><a href="adminHome.php">Home</a></li>
            <li><a href="addBook.php">New Books</a></li>
            <li><a href="adminSearch.php">Search</a></li>
        <li><a href="updateBalance.php">Update Balance</a></li>
        </ul>
    </div>
<div id = "welcome" >
    Welcome, <?= $_SESSION['Username']; ?>! <br> <a href="logout.php">Logout</a>
</div>
<br><br>
<h1 id = "mainHeader" >Update a Students Balance</h1>
<br>   
<div id = "balanceupdate">
    <form id = "adsearch" action="updateBalance.php"  method="post">
        <input type="text" name ="search" placeholder="Search For a Student">
        <button name="submit" value="search">Search</button>
    </form>
    <br>
</div>
<?php
if(isset($_POST['search'])){
    $searchq = $_POST['search'];
    $searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
        $result = $mysqli->query( "SELECT * FROM users WHERE Username ='$searchq'");
    if ($result){ 
    //fetch result set as object and output HTML
        if($obj = $result->fetch_object())
        {
            echo '<div class="booksearched">'; 
        echo '<form method="POST" id = "books">';
        echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
        echo '<input type="hidden" name="username" value = "'.$obj->Username.'""  />';
        echo '<br>';
        echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
        echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
        echo '<br>';
        echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
        echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
        echo '<br><br>';
        echo '<input type = "submit" name="submit" value = "Top Up">';
        echo '</div>';
        echo '</form>';
        echo '</div>';
    }
}
if(isset($_POST['submit'])){
    $newBalance = $_POST['newBalance'];
    $username = $_POST['username'];
    $balance = $_POST['balance'];
    $total_balance =  $balance + $newBalance;

    if(!empty($_POST['newBalance'])){
    $upsql = "UPDATE users SET Balance = '$total_balance' WHERE Username='$username'";
    $stmt = $mysqli->prepare($upsql);
    $stmt->execute();
    }else{
    echo "New Balance is empty";
    }
}
}
?>
</body>
</html>

Not sure why it isnt working :/

any errors this time?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.