outwarsecrets 0 Report post Posted February 3, 2005 here is the code from the entire page. Everything seems to work except for the update query. Any suggestions on how I would go about fixing this? <?php include ('includes/header.php'); ?><table cellspacing="1" cellpadding="1" border="0" width="100%" bgcolor="000000"> <tr> <td align="center">Car Dealer</td> </tr> <tr> <td bgcolor="444444"><?php$query = mysql_query("SELECT * FROM `cars` ORDER BY `price` desc LIMIT 0 , 30"); while ($rows = mysql_fetch_array($query)){ $carid = $rows['id']; $price = $rows['price'];$year = $rows['year'];$name = $rows['name'];$image = $rows['image'];$description = $rows['description']; echo"$year $name for \$$price <a href=?buycar=$carid>Buy</a><br>"; } //check to see if there has been a call to delete a row if($_GET['buycar']){ //check to make sure that id exists $check = mysql_num_rows(mysql_query("SELECT * FROM `cars` WHERE `id` = '$carid'")); if($check < '1'){ echo"Invalid ID"; }else{ mysql_query("UPDATE `users` SET car='$carid', money=(money - price) WHERE uname='{$uname}'"); echo"Car has been purchased."; } }?></td> </tr></table><?php include ('includes/footer.php'); ?> this is also what the page looks like1992 Saturn S-Series for $600 Buy1987 Toyota Tercel for $500 Buy1991 Chrysler Town and Country for $400 Buy1989 Honda Accord for $350 Buy1993 Ford Ranger for $300 Buy1995 Geo Metro for $200 Buythe words Buy are links like the 1995 Geo Metro for $200 has the link dealer.php?buycar=5If anyone can help me out I would really appreciate it. Share this post Link to post Share on other sites
Raptrex 0 Report post Posted February 4, 2005 check that it is connecting to the database like your username, password, database name, and local host and if you have the tables for what you need Share this post Link to post Share on other sites
outwarsecrets 0 Report post Posted February 4, 2005 I have checked, the db connection works fine. The list of cars at the bottom was taken from the database. Alos the other table is coonected correctly too. the users table has the following fields: uname, car, and money. Those all match up fine with what i have there. Share this post Link to post Share on other sites
LuciferStar 0 Report post Posted February 4, 2005 I'm not quite clearly about your problem,is that something wrong with this:mysql_query("UPDATE `users` SET car='$carid', money=(money - price) WHERE uname='{$uname}'");then try:mysql_query("UPDATE `users` SET car='$carid', money=($money - $price) WHERE uname='$uname'");OR:mysql_query("UPDATE `users` SET car=\"".$carid."\", money=($money - $price) WHERE uname=\"".$uname."\""); Share this post Link to post Share on other sites
outwarsecrets 0 Report post Posted February 4, 2005 i don't think it is something wrong withmysql_query("UPDATE `users` SET car='$carid', money=(money - price) WHERE uname='{$uname}'");because i use it on another page on the site and that works fine. I will give it a try, but i think it is something with the if/else statements somewhere. Because everything works except when u click the link. It says "The car has been purchased" but nothing in the database changes. If anyone knows another way I could write something like that I would try to get that to work. Share this post Link to post Share on other sites
LuciferStar 0 Report post Posted February 4, 2005 i don't think it is something wrong withmysql_query("UPDATE `users` SET car='$carid', money=(money - price) WHERE uname='{$uname}'"); Are you sure?in php,every vary name should be followed by a "$"this:money=(money - price)may cause problem,or the value of the money equals 1,that's because of the operation of '()' Share this post Link to post Share on other sites
bjrn 0 Report post Posted February 4, 2005 I'd go so far as to try: sqlstring="UPDATE `users` SET car=\"".$carid."\", money=".($money - $price)." WHERE uname=\"".$uname."\"";orsqlstring="UPDATE `users` SET car=".$carid.", money=".($money - $price)." WHERE uname=\"".$uname."\"";followed bymysql_query(sqlstring);Depending on if carid is a varchar or int. I assume that the money field is an int type.Anyway, you could always try to echo the sqlstring and commenting out the querying. That way you can see exactly what your code is trying to execute. And you might want to check that uname='{$uname}'" shouldn't be uname='$uname'". Share this post Link to post Share on other sites
FaLgoR 0 Report post Posted February 4, 2005 echo"$year $name for \$$price <a href=?buycar=$carid>Buy</a><br>"; just a little problem, you forgot an " " (space) $check = mysql_num_rows(mysql_query("SELECT * FROM `cars` WHERE `id` = '$carid'")); I belive this ` is not really needed mysql_query("UPDATE `users` SET car='$carid', money=(money - price) WHERE uname='{$uname}'"); first, you must put an $ before "price". And what is this {}?? Erase it. It will be: mysql_query("UPDATE users SET car='$carid', money=(money - $price) WHERE uname='$uname'"); Here is all the errors I've saw here. Btw, what is the problem with this? Had u received an error msg? Post here.. Share this post Link to post Share on other sites
LuciferStar 0 Report post Posted February 5, 2005 Here is all the errors I've saw here. Btw, what is the problem with this? Had u received an error msg? Post here.. 46602[/snapback] THAT'S THE POINT! Share this post Link to post Share on other sites
karlo 0 Report post Posted February 5, 2005 Now, first ZIP or RAR your file. Then let us download your code. Share this post Link to post Share on other sites
Deaths Aprentice 0 Report post Posted February 5, 2005 Do remember though, that GET and POST commands are a potential security risk.Those allow MySQL injects, which isn't a very nice thing. Share this post Link to post Share on other sites
