I want to subtract field (A) - coin_charge value from field (B) coin value and store the result in field (B) coin

Question

FIRST, I GOT TWO FIELD IN MySQL DATABASE field, COIN and field COIN_CHARGE here is the screen shot POPUP Screnshot, i want the system to check if a user click YES, that is attempting to summit and proceed, let the system check through his database Database screen shot and start this Argument, (if field -coin- is less than field -coin_charge-) is should popup a window saying, Insufficient Fund to proceed Top Up your account else, if the coin field is greater than the coin_charge field let the system subtract coin_charge from coin, which is, if (coin = 100) and (coin_charge =50) coin will become 50

----------------- POP UP MESSAGE ------------------------------

<!-- Trigger the modal with a button -->
<button type="button" class="btn btn-info btn-lg" data-toggle="modal" data-target="#myModal">Report Assignment</button>

<!-- Modal -->
<div id="myModal" class="modal fade" role="dialog">
  <div class="modal-dialog">

    <!-- Modal content-->
    <div class="modal-content">
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal">&times;</button>
        <h4 class="modal-title">Report Assignment Now!</h4>
      </div>
      <div class="modal-body">
        <p>You Will Be Charge From Your Portal Account, Do You Wish To Continuo?</p>
      </div>
      <div class="modal-footer">
      <a class="btn btn-primary" data-toggle="modal" onClick="$('#createFormId').modal('show')" >YES</a>

        <button type="button" class="btn btn-default" data-dismiss="modal">NO</button>
      </div>
    </div>

  </div>
</div>

---------------------------COMPUTING CODE---------------------------

<?php
    $message_query = mysql_query("select * from student ")or die(mysql_error());
?>

<?php
    while ($row = mysql_fetch_assoc($results)) {
        echo $row['coin'] = $row['coin'] - $row['coin_charge'];
    }
?>

Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 05 '16 at 18:05

Poorvi Gandhi · Accepted Answer · 2016-07-05T19:02:27.757

0

$mysqli = new mysqli("localhost", "username", "password", "dbname");
$userid = $_POST["userid"];

$stmt = $mysqli->prepare('SELECT * FROM student WHERE id = ?');
$stmt->bind_param('i', $userid);
$stmt->execute();

$result = $stmt->get_result();
$row = $result->fetch_assoc();
$stmt->close();

$total = $row['coin'] - $row['coin_charge'];
if($total > 0){
    $stmt = $mysqli->prepare("update student set coin = ? where id = ?");
    $stmt->bind_param("ii", $total, $userid);
    $stmt->execute();
    $stmt->close();
    echo $total;
}else{
    echo 'Insufficient Fund to proceed Top Up your account';exit;
}

edited Jul 05 '16 at 19:02

answered Jul 05 '16 at 18:37

Poorvi Gandhi

179
6

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 05 '16 at 18:40
mr P-gandhi, i used mysql can i still apply PDO code and mix them? thanks once again. – Jimmy Jerry Jatt Jul 06 '16 at 08:03
i used mysqli not pdo. you can use this way or you can simply take my logic and used it with your way. logic is same only way of coding is different. i hope you find your way. :) – Poorvi Gandhi Jul 06 '16 at 13:22
prepare('SELECT * FROM student WHERE id = ?'); $stmt->bind_param('i', $total); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_assoc(); $stmt->close(); $total = $row['coin'] - $row['coin_charge']; if($total > 0){ $stmt = $mysqli->prepare("update student set coin = ? where id = ?"); $stmt->bind_param("ii", $total); $stmt->execute(); $stmt->close(); echo $total; }else{ echo 'Insufficient Fund to proceed Top Up your account';exit; } ?> – Jimmy Jerry Jatt Jul 06 '16 at 19:37
( ! ) Fatal error: Call to a member function bind_param() on a non-object in C:\wamp\www\lms\moneycalculator.php on line 6 – Jimmy Jerry Jatt Jul 06 '16 at 19:39
please i need help – Jimmy Jerry Jatt Jul 06 '16 at 19:40
hey mr pi-gandhi what is the use of this code in line 2 please $userid = $_POST["userid"]; – Jimmy Jerry Jatt Jul 06 '16 at 19:47
you got fatal error bcos you didnt pass one parameter. please check my code. $stmt->bind_param("ii", $total, $userid); – Poorvi Gandhi Jul 07 '16 at 10:49
Yes. i added $userid = $_POST["userid"]; . because as per your above description, i understood that you need to check this for one particular user. who are doing this process. this id is refer to that user himself. i hope you got my point – Poorvi Gandhi Jul 07 '16 at 10:53

I want to subtract field (A) - coin_charge value from field (B) coin value and store the result in field (B) coin

1 Answers1