-2

I've got a points system in a social media script, and I'm trying to get it so that when a user makes a post, it's adds a point to their account. The points is basically a column in my "profiles" table called "totalpoints".

I've got a basic code which doesn't exactly work, but the code does call the action. So I know that my update code is not right, but I cannot work out what. So here is what it is:

$totalpoints = "UPDATE profiles SET totalpoints = totalpoints + 5 WHERE name = '$name'";

Any help from anyone would be appreciated.

Thanks

Richard Evans
  • 1
  • This should work. Add error reporting to the top of your file(s) right after your opening ` – Funk Forty Niner Aug 28 '14 at 17:09
  • 1
    Whatever mySQL library you're using to run that query will also have a function to tell you the error info when a query doesn't work. You should use that. – Sammitch Aug 28 '14 at 17:13
  • Make sure that your column is `int` also. It won't work for VARCHAR if that's what you have it set to, or other type. – Funk Forty Niner Aug 28 '14 at 17:14
  • Okay, so I changed the type of column from VARCHAR to INT. And i did the error check, and this is what has come up: [28-Aug-2014 17:41:46 UTC] PHP Warning: Missing argument 5 for Application_Model_Posts::addPost(), called in /app/core/controllers/helpers/AddPostFormLoader.php on line 111 and defined in app/core/models/Posts.php on line 337 [28-Aug-2014 17:41:46 UTC] PHP Notice: Undefined variable: name in app/core/models/Posts.php on line 353 – Richard Evans Aug 28 '14 at 17:42
  • 1
    well that's it then, in addPost function the $name variable is not defined – vertazzar Aug 28 '14 at 17:57

2 Answers2

0

nothing wrong with sql syntax, however it is possible that either your $name is not escaped properly and its causing query to fail, or totalpoints cannot be incremented because its not right datatype

vertazzar
  • 1,053
  • 7
  • 10
  • How should I escape the $name properly? I can't see any problems with it :/ – Richard Evans Aug 28 '14 at 17:53
  • http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php however if your $name is like `Mike` (does not contain ' for example) than $name should not cause query to fail. You would have to continue to debug if your column is right data type. – vertazzar Aug 28 '14 at 17:55
0

Check your database, you should Make sure 'totalpoints' is stored as numeric type, like 'INT', 'BIG INT', 'DECIMAL' etc...

Miguel
  • 1,579
  • 5
  • 18
  • 31