update in 2 tables with calculation and field update keeping the previous one

1

I am trying to do an update by taking the value of another table, but the data in the second table is not sent.

By passing the ID of the card:

<a href=index.php?pag=shopcomprar&id={$row['ID']} '>[COMPRAR]</a>

And trying to insert into another table comparing results, where m_duelos = dinheiro that the user has:

//selecionando dados da tabela carta
$result = mysql_query("SELECT * FROM cartas WHERE ID='$id'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
$preço = $row['preço'];
$nome = $row['nome'];

} 

//selecionando dados da tabela usuarios
$result2 = mysql_query("SELECT * FROM novo_usuarios WHERE ID='$id_user'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
$marcas = $row['m_duelo'];
} 


// CONDICOE //
if($preço>$marcas){ 


//nesta parte os dados da segunda parece não estar pegando so os da 1 //
$result3 = mysql_query("UPDATE novo_usuarios SET m_duelo='$marcas - $preço' , deck1=(deck1' + <br>$nome<br>) WHERE ID='$id_user' ");
echo " A compra da carta <b>$nome</b> $marcas foi efetuado com sucesso. <br>Você já pode usa-la em duelos RPG.<br> Voce ainda possui $row2[m_duelo] Marcas de Duelo";
//SE DER TUDO OK //



// FECHAMENTO //
}else{echo "<center>Você não tem marcas suficiente para comprar esta carta.";}

To try to illustrate what I'm wanting with this, I want it when I click on buy it:

  • the comparison between the value of the card and the money that the user has;
  • update the money that the user has - the value of the card;
  • Take the name of the card and enter it in the field 1 (however this field will be added, it will not erase the value it has there, it will only insert something after it already has).
  • I tried to use the above codes but it does not work, does anyone give me a light?

        
    asked by anonymous 18.03.2014 / 18:23

    2 answers

    1

    Your code is vulnerable to SQL INJECTION. Home You'd better learn the PDO . Less headache in the future:)

    About your code. Your select2 was about writing the first one. for having the same name.

    Testa ae:

        <?php
    $result = mysql_query("SELECT * FROM cartas WHERE ID='$id'");
      while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
       $preco = $row['preço'];
       $nome = $row['nome'];
    } 
    $result2 = mysql_query("SELECT * FROM novo_usuarios WHERE ID='$id_user'"); 
     while ($row2 = mysql_fetch_array($result2, MYSQL_BOTH)) {
       $marcas = $row2['m_duelo'];
    } 
    
    if($preco >= $marcas){ 
       $calculo = ($marcas - $preco);
       $deck1   = "deck1 adicionou <br>".$nome."<br>";
      //nesta parte os dados da segunda parece não estar pegando so os da 1 //
      $result3 = mysql_query("UPDATE novo_usuarios SET m_duelo='$calculo', deck1=concat('(', coalesce('$nome', '')') WHERE ID='$id_user' ");
      echo " A compra da carta <b>".$nome."</b> ".$marcas." foi efetuado com sucesso. <br>Você já pode usa-la em duelos RPG.<br> Voce ainda possui ".$marcas." Marcas de Duelo";
    }else{
      echo "<center>Você não tem marcas suficiente para comprar esta carta.";
    }
    ?>
    
        
    18.03.2014 / 20:36
    1

    You have changed a place and a + and the quotation marks in m_duelo are not necessary (This considering that the m_muelo field is numeric ... If it is varchar use the quotation marks, this would be the correct query:

    UPDATE novo_usuarios SET m_duelo=$marcas - $preço , deck1=concat('(', coalesce(deck1, ''), '<br>$nome<br>)') WHERE ID='$id_user';
    

    Going beyond the question:

    • To check if the user has been informed you can do an if isset ($ _GET ["id"]).
    • If this code is just a study, that's ok, but I suggest you study about Prepared Statements. I do not recommend programming in this way.
    18.03.2014 / 21:31