update in 2 tables with calculation and field update keeping the previous

Question

update in 2 tables with calculation and field update keeping the previous

Asked 10 years, 8 months ago

Viewed 468 times

1

People I am trying to do an update taking the value of another table, but the data of the second table is not sent.

I’m passing the card ID:

<a href=index.php?pag=shopcomprar&id={$row['ID']} '>[COMPRAR]</a>

And trying to insert into another table comparing results, where m_duelos = dinheiro that the user has:

//selecionando dados da tabela carta
$result = mysql_query("SELECT * FROM cartas WHERE ID='$id'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
$preço = $row['preço'];
$nome = $row['nome'];

} 

//selecionando dados da tabela usuarios
$result2 = mysql_query("SELECT * FROM novo_usuarios WHERE ID='$id_user'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
$marcas = $row['m_duelo'];
} 


// CONDICOE //
if($preço>$marcas){ 


//nesta parte os dados da segunda parece não estar pegando so os da 1 //
$result3 = mysql_query("UPDATE novo_usuarios SET m_duelo='$marcas - $preço' , deck1=(deck1' + <br>$nome<br>) WHERE ID='$id_user' ");
echo " A compra da carta <b>$nome</b> $marcas foi efetuado com sucesso. <br>Você já pode usa-la em duelos RPG.<br> Voce ainda possui $row2[m_duelo] Marcas de Duelo";
//SE DER TUDO OK //



// FECHAMENTO //
}else{echo "<center>Você não tem marcas suficiente para comprar esta carta.";}

To try to illustrate what I’m looking for with this, I want when you click to buy to be done:

the comparison between the value of the letter and the money the user has;
update of the money the user has - the value of the letter;
take the name of the card and insert it in the field deck 1 ( but this field will be added, it will not erase the value you have there, it will only insert something after what you already have).

I tried to do using the above codes but it doesn’t work, someone gives me a light?

Any error message?

– rray

2014/03/18 at 17:28
Be very careful with this code of yours, it is a party for an SQL Injection. You should manipulate and check the $id value better before going out by assigning it in the query

– Paulo Roberto Rosa

2014/03/18 at 17:34
Where do these variables you are using in the queries come from? Your code seems very susceptible to SQL injection.

– NullUserException

2014/03/18 at 17:35
I could only notice a simple quotation after unopened deck1 and those ( ) strangers in the update,deck1=(deck1' + <br>$nome<br>)

– rray

2014/03/18 at 17:36
Paul, how to get the $id ? NULL USER the $id variable comes from the top link to catch it with $id = $_GET["id"]; she and the card table id, as for attacks I’m still beginner in php but I’ll look for more security accepted tips:) LOST, but the shape is really what I’m doing ? does not need to ( ) because I want to take the existing value and add more data to those that exist there

– Arsom Nolasco

2014/03/18 at 17:45

2 answers

1

Your code is vulnerable to SQL INJECTION.
And you better already learn the PDO. Less headache in the future :)

About your code. Your Select2 was about writing the first. by having the same name.

Testa ae:

    <?php
$result = mysql_query("SELECT * FROM cartas WHERE ID='$id'");
  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
   $preco = $row['preço'];
   $nome = $row['nome'];
} 
$result2 = mysql_query("SELECT * FROM novo_usuarios WHERE ID='$id_user'"); 
 while ($row2 = mysql_fetch_array($result2, MYSQL_BOTH)) {
   $marcas = $row2['m_duelo'];
} 

if($preco >= $marcas){ 
   $calculo = ($marcas - $preco);
   $deck1   = "deck1 adicionou <br>".$nome."<br>";
  //nesta parte os dados da segunda parece não estar pegando so os da 1 //
  $result3 = mysql_query("UPDATE novo_usuarios SET m_duelo='$calculo', deck1=concat('(', coalesce('$nome', '')') WHERE ID='$id_user' ");
  echo " A compra da carta <b>".$nome."</b> ".$marcas." foi efetuado com sucesso. <br>Você já pode usa-la em duelos RPG.<br> Voce ainda possui ".$marcas." Marcas de Duelo";
}else{
  echo "<center>Você não tem marcas suficiente para comprar esta carta.";
}
?>

2

Dude, your Concat is wrong. You forgot to close it.

– Edgar Muniz Berlinck

2014/03/19 at 13:13

Browser other questions tagged php sql

You are not signed in. Login or sign up in order to post.

by Edgar Muniz Berlinck • **4,569** points · Answer 1 · 2014-03-18T20:31:14+00:00

You have switched a ' and a + of place and the quotes in m_duel are not necessary (This considering that the m_muelo field is Numeric... If varchar use quotation marks. This would be the correct query:

UPDATE novo_usuarios SET m_duelo=$marcas - $preço , deck1=concat('(', coalesce(deck1, ''), '<br>$nome<br>)') WHERE ID='$id_user';

Going beyond the question:

To check if the user has been informed you can make an if isset($_GET["id"]).
If this code is just study is ok, but I suggest you study about Prepared Statements. I do not recommend programming like this in real.