update table in mysql cannot success

Question

i have trouble to update the balance table maybe my coding in sql was wrong. The logic in transaction table "Debet" will mines balance saldo and the transcation "Kredit" will plus balance saldo table. So this is code to add data and update the balance to table balance.

if(isset($_POST['submit'])){
        //$id = $_POST['id'];
        $uid = $_POST['uid'];
        $nominal = $_POST['nominal'];
        $jenis = $_POST['jenis'];
        $tanggal = $_POST['tanggal'];

        $sql = "insert into transaksi(id,uid,nominal,jenis,tanggal)values('','$uid','$nominal',' $jenis',' $tanggal')";

        $sql2= "update saldo s INNER JOIN transaksi t ON s.id = t.uid set s.saldo = s.saldo - t.nominal where t.jenis = '$jenis' and s.id = 't.$uid'";   

        $sql3= "update saldo s INNER JOIN transaksi t ON s.id = t.uid set s.saldo = s.saldo + t.nominal where t.jenis = '$jenis and s.id = 't.$uid'";


        if ($nominal=='' || $jenis==''|| $tanggal==''){
            echo '<script language="javascript">';
            echo 'alert("Masukan Inputan !!")';
            echo '</script>';
        }
        else{
                
            if(mysqli_query($conn,$sql) && mysqli_query($conn,$sql2) && mysqli_query($conn,$sql3)){
                //var_dump(mysqli_query($conn,$sql2));
                echo '<div class="alert alert-success" role="alert"> Sukses Add Data !!! </div>';
                header("Refresh: 1; url=index.php");

                //echo '<script> location.replace("index.php")</script>'; 
            }
            else {
                echo "Error !" . $conn->error;
            }
        }

this code to edit data and update the balance to table balance. i dont know the wrong this code

 if(isset($_POST['submit'])){
        
        $edit = $_GET['edit'];
        $uid = $_POST['uid'];
        $nominal = $_POST['nominal'];
        $jenis = $_POST['jenis'];
        $tanggal = $_POST['tanggal'];

        $update = "update transaksi set uid= '$uid', nominal= '$nominal',jenis= '$jenis',tanggal='$tanggal' where id = '$edit'";

        $sql2= "update saldo s INNER JOIN transaksi t ON s.id = t.uid set s.saldo = s.saldo - t.nominal where t.jenis = '$jenis' and uid = '$uid'";   

        $sql3= "update saldo s INNER JOIN transaksi t ON s.id = t.uid set s.saldo = s.saldo + t.nominal where t.jenis = '$jenis and uid = '$uid'";


        if(mysqli_query($conn, $update) && mysqli_query($conn,$sql2) && mysqli_query($conn,$sql3)){

            // echo $edit;
            echo '<div class="alert alert-success" role="alert"> Sukses Edit Data !!! </div>';

            header("Refresh: 1; url=index.php");
            //echo '<script> location.replace("index.php")</script>';  
        }
        else{
           echo "Gagal Edit Data !" . $conn->error;

        }
    }

this picture table database

Unfortunately, "have trouble" and "cannot success" are not useful problem descriptions. We do not know what went wrong when you tried to run your code, so it is difficult to help you to fix it. Was there an error message? Was there some unexpected result? Perhaps one of the queries failed? Or all of them failed? Or the wrong value was updated somewhere? You'll need to be much more specific before we can give you any solutions. Also, please try to do some basic debugging and identify the problem, and tell us the results of your investigations. See also [ask]. Thankyou. — ADyson, Sep 01 '23 at 06:39
P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, Sep 01 '23 at 07:10
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. — ADyson, Sep 01 '23 at 07:10

update table in mysql cannot success

0 Answers0