-2

Okay, so... I'm trying to make a simple little scoreboard. And, I must say- I'm doing pretty well, since I'm a newb at MYSQL. My current issue is I'm having trouble increasing the win count. The way I am attempting to do this is "SELECT win FROM high_scores WHERE username='$usr' ", however, I likely have a few syntax errors. Alongside that, I have absolutely no idea how to turn this into a PHP variable.

I have attempted various things, and the one that I think should work (but doesn't) is :

$usr='userGuy';

$sql = "SELECT win FROM scoreboard WHERE usr = '$usr' ";
$win= mysql_query( $sql, $conn );
echo "$usr has a score of $win wins";

and if userGuy had, say, 57 wins, the outcome would be : userGuy has a score of 57 wins

This is not the case though. Long story short, I need to be able to update win... My endgoal is to make a variable called $newWin and make it $win + 1 then update the MYSQL database so that userGuy now has 58 wins.

Thanks in advance for your help guys! :D (if anything was unclear(likely) please tell me... This is my first time trying to explain a coding problem I have rofl)

EDIT: On the matter of SQL Injection, this scoreboard is simply for me an a group of friends to use, it's nothing serious. For the matter of not making things more complicated, I'm perfectly fine with 'unsafe methods' (I fully realize the dangers of using whatever code for legitimate purposes)

AlPr2k
  • 1
  • 2
  • 5
    It is not an answer, but, please don't use `mysql_` function family. Use `PDO` or `mysqli_` instead. And also use parameterized query to avoid SQL injection. – Niyoko Oct 31 '16 at 00:46
  • 2
    Also: [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Tieson T. Oct 31 '16 at 00:46
  • to increase a count in a specific row, you apply the following example syntax: `UPDATE table SET col_x = col_x +1 WHERE col_y='z'`. – Funk Forty Niner Oct 31 '16 at 00:49
  • You should never use "unsafe methods" on purpose. They make it harder to get your code right, you'll have all sorts of senseless escaping problems you'll need to deal with eventually and they're often really time-consuming to track down and fix, plus **doing it the right way is less work**. Use PDO, please, at the very least. Even better, use an ORM like [Doctrine](http://www.doctrine-project.org/), [Propel](http://propelorm.org/), or [Eloquent](https://laravel.com/docs/5.3/eloquent). These can enormously minimize how much code you need to write. – tadman Oct 31 '16 at 00:54
  • answerered but most likely not understood. – Funk Forty Niner Oct 31 '16 at 00:57
  • ...or not. Ok well I stuck around this long enough; someone gave you answer below, ask them. I left the question. – Funk Forty Niner Oct 31 '16 at 01:06
  • 1
    @Fred-ii- Apologies, I was in a trance messing around with some stuff. Your comment helped quite a bit. I did understand it, by the way ;') – AlPr2k Oct 31 '16 at 01:22
  • If I had a nickel... – Strawberry Oct 31 '16 at 06:23

2 Answers2

0

Well, I need to go, however. Fred -ii-'s comment helped out quite a bit. his comment set me off on the right path, so thanks! :)

" to increase a count in a specific row, you apply the following example syntax: UPDATE table SET col_x = col_x +1 WHERE col_y='z'."

AlPr2k
  • 1
  • 2
-1

you should not write the '' in the variable. that will be string if you write the ''

try it

$usr='userGuy';

 $sql = "SELECT win FROM scoreboard WHERE usr = $usr";
 $win= mysql_query( $sql, $conn );
 echo "$usr has a score of $win wins";

the variable can be execute with "" or without that. but not executed if you write with ''.

M. Fahmi Ulul Azmi
  • 90
  • 1
  • 3
  • 15
  • Stripping the quotes off of `$usr` and not using `mysql_real_escape_string` is a mistake here. – tadman Oct 31 '16 at 04:35