-1

I got a PHP code like this

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}

$ID=$_POST["ID"];

$Deposit=$_POST["Deposit"];

$sum=0;

$sql="SELECT Current_Balance FROM users WHERE id='".$ID."'";
$result = mysqli_query($conn, $sql);


$y=$Deposit;

 $sum +=  (int)$sql + (int)$y;

echo "New Balance is: ",$sum;

I want to take a specific number from my cell and sum it up with a user's input number and then replace the cell's specific number with the new one. Any idea why this is not working?

Dharman
  • 30,962
  • 25
  • 85
  • 135
John Taramas
  • 3
  • 3
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Jan 25 '22 at 16:16
  • What have you tried to resolve the problem? Where are you stuck? Is this a PHP problem, a MySQL problem, or are you facing any performance problems? Please edit your question, share more details, and remove the tags that are irrelevant – Nico Haase Jan 25 '22 at 16:37

1 Answers1

0

Your trying to convert your text query into an int.

$sum +=  (int)$sql + (int)$y;

Your

$result = mysqli_query($conn, $sql);

Should be

$query = mysqli_query($conn, $sql); //asks the question
$result= mysqli_fetch_assoc($conn,$query);//gets the answer 
$sum +=  $result['Current_Balance'] + (int)$y;
echo "New Balance is: ".$sum;
Anthony Dewstow
  • 44
  • 5