Update after a input mysql php

Question

I got a point system where i want people to get 1 more point after a input/form. until now i use this code:

<?php
session_start();
//=============Configuring Server and Database=======
$host        =    'localhost';
$user        =    'root';
$password    =    '';
//=============Data Base Information=================
$database    =    'login';

$conn        =    mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');

//===============End Server Configuration============

//=============Starting Registration Script==========


$username    =    mysql_real_escape_string($_POST['txtusername']);

//=============To Encrypt Password===================

//============New Variable of Password is Now with an Encrypted Value========

if(isset($_POST['btnRegister'])) //===When I will Set the Button to 1 or Press Button to register
{
$query = mysql_query("SELECT * FROM quiz WHERE username='$username'");
if(mysql_num_rows($query) > 5 ){
echo "Sorry but you can only take a quize once:S";

}else{

$insert = "UPDATE `users` SET `points` = '".$points."' +1 WHERE `username` = '".$username."'";

 mysql_query($insert); 



mysql_query ("insert into quiz(username)values('$username')");
header('location: succes.php');
}
}
?>

but this code doesnt seem to update/add 1 but insted it replace the number there with 1. so if i have 5 and i run this code it replace with 1 so then it says 1. How can i fix so it add/update? so if one have 3 points and run the code he get 4 points insted off getting repacec:

$insert = "UPDATE `users` SET `points` = '".$points."' +1 WHERE `username` = '".$username."'";

Humm, $insert = "UPDATE `users` SET `points` = `points` +1 WHERE `username` = '".$username."'"; ? — Gilles Hemmerlé, Dec 12 '12 at 14:14

score 1 · Accepted Answer · edited May 23 '17 at 11:48

1

you don't need to use a variable $points. use the following UPDATE query,

$insert = "UPDATE `users` SET `points` = (`points` + 1) WHERE `username` = '".$username."'";

be warned that the query above is vulnerable with SQL Injection, please read the article below to protect from it,

How can I prevent SQL injection in PHP?

edited May 23 '17 at 11:48

Community

1
1

answered Dec 12 '12 at 14:12

John Woo

258,903
69
498
492

1

I need to wait 10 min to accept answare but thanks! worked perfectly!:) – carl Dec 12 '12 at 14:14

score 0 · Answer 2 · answered Dec 12 '12 at 14:13

0

My only guess is that $points isn't set. Can you do a echo $points; just before the query?

answered Dec 12 '12 at 14:13

AgeDeO

3,137
2
25
57

This should be just a comment. and not an answer :/ Read FAQ! – Praveen Puglia Dec 12 '12 at 14:15

score 0 · Answer 3 · answered Dec 12 '12 at 14:14

0

I don't see where you define $points but if it's only to increment by 1

How about

$insert = "UPDATE `users` SET `points` = `points`+1 WHERE `username` = '".$username."'";

That way, you don't need to get the initial points in a variable

answered Dec 12 '12 at 14:14

Marc

16,170
20
76
119

Update after a input mysql php

3 Answers3