0

i try to display a 'double' value from the MySQL column, i am converting it using number_format() but the whole time i get is 0.00 as answer. My code;

PHP:

<?php

$user = $_SESSION['username'];
$a = $_GET['a'];

// ...

if ($a == "balance") {
    $querys= "SELECT balance FROM users WHERE Username='$user'";
    $results=  mysql_query($querys);
    $rows = mysql_fetch_row($results);
    $bfloat = number_format($rows['balance'], 2);
    echo $bfloat;
}

?>

The convertion is working, the only problem is that the answer is 0.00 and not the balance that the user has. Example; 1.37

Morgan.
  • 3
  • 2
  • done basic debugging, like `var_dump($rows['balance'])` to see what's in there before you start formatting? And you are vulnerable to [SQL injection attacks](http://bobby-tables.com) – Marc B Jun 30 '14 at 17:01
  • 1
    *sidenote:* You might want to close that SQL injection hole (username with `'` in it) [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Lawrence Cherone Jun 30 '14 at 17:01
  • @MarcB I am not vulnerable to SQL injections since all spaces get converted to _ an underscore upon registering/logging in. – Morgan. Jun 30 '14 at 19:25

1 Answers1

0

You should use:

$bfloat = number_format($rows[0], 2);

instead of

$bfloat = number_format($rows['balance'], 2);

because you use mysql_fetch_row function. If you want to use $rows['balance'] you should use mysql_fetch_assoc function to get data and not mysql_fetch_row

Of course you shouldn't use mysql functions any more (there are deprecated) and your code is vulnerable to SQL injection attack.

Marcin Nabiałek
  • 109,655
  • 42
  • 258
  • 291
  • Thank you very much for explaining now i understand the logical, since i only request one column and probably the counting starts at 0 its the balance column. :D – Morgan. Jun 30 '14 at 19:28