0

I want to +1 a value because when I return the book, this query will run and return the book but it doesn't return the value just keep subtracting the value of book thanks for helping me

$id=$_GET['id'];
$book_id = $_GET['book_id'];

if(isset($id)){
   $b=mysqli_query($dbcon, "SELECT * FROM book WHERE book_id='$book_id'");

   $row=mysqli_fetch_array($b);

   $copies=$row['book_copies'];

   $new = $copies++;

   mysqli_query($dbcon,"UPDATE book ON book_copies = $new");    
}
Muhammed Imran Hussain
  • 2,057
  • 16
  • 24
Liza
  • 19
  • 5

2 Answers2

3

You can simply do

UPDATE book SET book_copies = book_copies + 1
WHERE book_id='$book_id'

Although this leaves your script at risk of SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements

You should be preparing and parameterising the query like this

$sql = "UPDATE book SET book_copies = book_copies + 1
        WHERE book_id=?";
$stmt = $dbcon->prepare($sql);
$stmt->bind_param('i', $_GET['id']);    // assuming integer here
$res = $stmt->execute();

if (! $res ) {
    echo $dbcon->error;
    exit;
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
  • ok thanks I will implement that to my codes , is it ok to put that code just like that? even i don't have framework or anything else? – Liza Aug 10 '17 at 13:24
  • How to implement that to me because this is my all my codes https://imgur.com/a/226ya – Liza Aug 10 '17 at 13:41
0

You are using the update statement wrong it would something like this:

UPDATE table_name
SET column1 = value1, column2 = value2, ...
WHERE condition;

In your case you should try something like:

"UPDATE book SET book_copies=$new WHERE book_id='$book_id'"
perodriguezl
  • 430
  • 3
  • 13
  • you should mark a response as the best, so others can know how you solved the issue. – perodriguezl Aug 10 '17 at 13:40
  • ohhh ok because I want to combine the all comments and implement it to my codes, btw thank you for helping me thumbs up for you! – Liza Aug 10 '17 at 13:45