1 
mysql_connect('localhost', 'root', '')
        or die(mysql_error());
mysql_select_db('shuttle_service_system') 
or die(mysql_error());

$ID_No=$_POST['ID_No'];
$CurrentBalance = $_POST['CurrentBalance'];
$AddedAmount = $_POST['AddedAmount'];
$NewBalance = $CurrentBalance + $AddedAmount;

$sql = ("UPDATE balance
        SET Balance= '$NewBalance' 
        WHERE ID_No= '$ID_No' ");
$result=mysql_query($sql);

if($result){
        echo"Transaction successful!";
} else {
        echo "&nbsp Error";
}

Hi guys I'm trying to update my certain values in my database with the use of variables. It updates when I use brute force and not variables. I know my variables are working because I printed them before queuing the update.

Improve this question
1
  • Your code is vulnerable to SQL injections. You should read on how to prevent them in PHP. Commented Mar 23, 2014 at 7:22

2 Answers 2

Reset to default
1

Remove the paranthesis outside this UPDATE Statement

$sql = ("UPDATE balance
        SET Balance= '$NewBalance' 
        WHERE ID_No= '$ID_No' ");

It should be

$sql = "UPDATE balance
        SET Balance= '$NewBalance' 
        WHERE ID_No= '$ID_No' ";

Also, add this mysql_error() to read the exact error when your query fails.

$result=mysql_query($sql) or die(mysql_error());

This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Did you add the mysql_error() to your $result variable as shown ?
Yup "$result=mysql_query($sql) or die(mysql_error());"
and did you get any error messages ? If not have you enabled error_reporting ?
How should removing the parenthesis make any difference?
1

You forgot to add (dot) symbol.

$result = mysql_query("UPDATE balance SET Balance='".$NewBalance."' WHERE ID_No='".$ID_No."';");

This approach is bad and you might want to read this post to prevent SQL injection.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.