0

I am trying to build a click button that increments value of the item in the database. I am using UPDATE method for this.

The problem is that whenever the update query is run, the value it takes from the databse to increment (or decrement) is zero. (0+1 = 1, 0-1 = -1)

require_once("C:/xampp/htdocs/Selfie/database/dbcontroller.php");
$db_handle = new DBController();

$image_id = $_POST["image_id"];
$active_user_id = $_POST["active_user_id"];
$query = "SELECT user_image_id from users where user_id='" . $active_user_id . "'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
if ($row['user_image_id'] == $image_id) {
    echo "own image";
}
else
{
    $query = "SELECT image_id from hearts where user_id='" . $active_user_id . "'";
    $result = mysql_query($query);
    if ($row = mysql_fetch_assoc($result)) {
        if ($row['image_id'] == $image_id) {

            $query = "UPDATE images SET image_hearts='image_hearts'-1 where image_id=" . $image_id;
            $result = mysql_query($query);

            $query = "DELETE FROM hearts WHERE user_id=" . $active_user_id;
            $result = mysql_query($query);


            $query = "UPDATE users SET user_like ='' where user_id=" . $active_user_id;
            $result = mysql_query($query);
            echo "just unlike";
        }
        else
        {

            $query = "DELETE FROM hearts WHERE user_id=" . $active_user_id;
            $result = mysql_query($query);

            $query = "UPDATE images SET image_hearts='image_hearts'-1 where image_id=" . $row['user_image_id'];
            $result = mysql_query($query);

            $query = "Select image_path from images where image_id=" . $image_id;
            $result = mysql_query($query);
            $row = mysql_fetch_assoc($result);

            $query = "UPDATE users SET user_like ='" . $row["image_path"] . " where user_id=" . $active_user_id;
            $result = mysql_query($query);

            $query = "UPDATE images SET image_hearts='image_hearts'+1 where image_id=" . $image_id;
            $result = mysql_query($query);

            $query = "INSERT INTO hearts (image_id , user_id) VALUES ('$image_id','$active_user_id')";
            $result = mysql_query($query);
            echo "unlike then like";
        }
    }
    else
    {

        $query = "INSERT INTO hearts (image_id , user_id) VALUES ('$image_id','$active_user_id')";
        $result = mysql_query($query);

        $query = "UPDATE images SET image_hearts='image_hearts'+1 where image_id=" . $image_id;
        $result = mysql_query($query);

        $query = "Select image_path from images where image_id=" . $image_id;
        $result = mysql_query($query);
        $row = mysql_fetch_assoc($result);

        $query = "UPDATE users SET user_like ='" . $row["image_path"] . "' where user_id=" . $active_user_id;
        $result = mysql_query($query);

        echo "image liked successfully.";
    }
}

This is my jQuery code:

function test_click(i_image_id, i_heart_id, i_active_user_id) {
    var active_user_id = i_active_user_id;
    var image_id = i_image_id;
    var heart_id = i_heart_id;
    jQuery.ajax({
        url: "../Selfie/validations/add_like.php",
        data: {
            active_user_id: active_user_id,
            image_id: image_id
        },
        type: "POST",
        success: function(data) {
            if (data == "own image")
            {
                alert('You are trying to like your own image You NARCISSIST');
            }
            else if (data == "just unlike")
            {
                $("*").removeClass("btn-heart-red animated bounce fa-heart-red");
                alert('just unlike');
            }
            else
            {
                $("*").removeClass("btn-heart-red animated bounce fa-heart-red");

                $("#" + heart_id).removeClass("animated rubberBand");
                $("#" + heart_id).toggleClass("btn-heart-red animated bounce fa-heart-red");

            }
            alert(data);
        }
    });
}
Dan Lowe
  • 51,713
  • 20
  • 123
  • 112
Syd Abd Rehman Kazmi
  • 11
  • 1
  • 3
  • 2
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Dec 08 '15 at 19:49
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Dec 08 '15 at 19:50
  • i ll fix that afterwards. i am testing this for another project – Syd Abd Rehman Kazmi Dec 08 '15 at 19:51
  • 1
    Check for errors on your queries. This `image_hearts='image_hearts'+1` remove the quotes; that's a column you're wanting to update and not the string literal. same for `'image_hearts'-1` - http://php.net/manual/en/function.mysql-error.php – Funk Forty Niner Dec 08 '15 at 19:54
  • You are the man.. Fred -ii Thanks a lot – Syd Abd Rehman Kazmi Dec 08 '15 at 19:57
  • I'll post an answer and add some stuff to it then. You're welcome. – Funk Forty Niner Dec 08 '15 at 19:58
  • 1
    in other words. `'image_hearts' + 1` is `string literal plus integer`, and unless that string literal contains digits at the start of it, will simply become `0 + 1` – Marc B Dec 08 '15 at 19:58
  • hope that field is an unsigned integer –  Dec 08 '15 at 19:59

1 Answers1

0

This image_hearts='image_hearts'+1 remove the quotes; that's a column you're wanting to update and not the string literal. The same thing goes for 'image_hearts'-1

Check for errors on your queries, which would have helped you here.

Plus, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements.

mysql_* functions deprecation notice:

http://www.php.net/manual/en/intro.mysql.php

This extension is deprecated as of PHP 5.5.0 and removed as of PHP 7.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

Footnotes:

If I may quote Marc's comment:

"in other words. 'image_hearts' + 1 is string literal plus integer, and unless that string literal contains digits at the start of it, will simply become 0 + 1 – Marc B"

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141