0

Short explain what I want to do.. when I click my button "calc1" my inputs number(quantity1) should be reduced by the inputs number I type in (amount1) Like " Result = quantity1 - amount1 ". In the input "quantity1" is already a value because I loaded it from my database into the input but the calculation doesn't work. I hope you understand me a bit..I better show my code now..

Calculation code: 

<?php
 include_once('connect.php');

 if($_POST['calc1']){
 $_POST['quantity1'] = $_POST['quantity1'] - $_POST['amount1'];

 $sql = "UPDATE
        tbl_auction
      SET
        quantity1      = $_POST['quantity1']
      WHERE
        id = :user_id";

 $query = $conn->prepare($sql);
 $query ->execute(array('quantity1' => $_POST['quantity1'] ));
 } else{
 echo 'ups, error!';
 }
?>

HTML Code:

<div id="move_amount">
  <input type="text" class="amount" name="amount1">
</div>

<div id="move_quantity">
<input type="text" class="tend_quantity" name="quantity1" value=" <?=$value_quantity1 ?>"  > 
</div>

<div id="move_btn">
  <input class="btn_sel" name="calc1" type="submit" name="submitted" value="Bidding">
</div>

Here is the part from my database that I want to update

id  AUTO_INCREMENT
quantity1   int(11)

I appreciate every help!

EDIT: My user_id declaration:

if ($result[0]["password"] !==    md5($_POST['password'].'D6tp'.$_POST['email'])) {
 header('Location: /PHP/index.php?page=login');
} else {
   $_SESSION['loged_in'] = true;
   $_SESSION['user_id']  = $result[0]["id"]; 
   header('Location: /PHP');

};

EDIT: The Problem is solved! For those who want to know what the issue was: So first @arkascha had some good corrections you can see her post... and the secound issue was because in my inputs value was a string written and that's why the calculation did not work too. Thanks to @arkascha!

Improve this question
6
  • have you tried putting: $_POST['quantity1' and $_POST['amount1'] in a variable? Commented Nov 12, 2015 at 7:58
  • @BRoebie Putting them in variables or using them as they are, has no difference. Commented Nov 12, 2015 at 8:04
  • @VermaJr. really how would you do it then. Because I am quiet new to PHP. So I what to learn as much as I can. Commented Nov 12, 2015 at 8:09
  • @BRoebie Try doing this: Create a new PHP page with this code: <?php $_GET['q'] = $_GET['q'] - $_GET['a']; echo $_GET['q']; ?> Suppose, the name of the file is: test.php. Then, open localhost/test.php?q=3&a=1. You'll see '2' on that page. Check this: wtf.usa.cc/sof2.php?q=3&a=1 Commented Nov 12, 2015 at 8:20
  • A side note: the old md5() hashing algorithm is very insecure to store passwords. It can be easily cracked once the hashes got stolen. You should port to a better implementation. This is the best php based implementation I found so far, though it needs some polishing: defuse.ca/php-pbkdf2.htm and this is a readworthy introduction: crackstation.net/hashing-security.htm Commented Nov 12, 2015 at 8:22

1 Answer 1

Reset to default
3

There are some small issues here:

  1. you should not specify $_POST['quantity1'] directly in the query, since you want to hand it over as a parameter. So instead put in a placeholder: :quantity1.
  2. you already have a placeholder for the id column, great! But you forgot to supply a value for that in your call to execute()!
  3. you should not overwrite $_POST['quantity1'], though that certainly is possible from a technical point of view. The superglobal $_POST should be considered as a read-only source of data, use a local variable instead. That makes the code easier to follow.

So try this instead: 

<?php 
include_once('connect.php');

if($_POST['calc1']) {
    $quantity1 = $_POST['quantity1'] - $_POST['amount1'];

    $sql = 'UPDATE tbl_auction SET quantity1 = :quantity1 WHERE id = :user_id';

    $query = $conn->prepare($sql);
    $query ->execute(array(
        'user_id' => $some_user_id, // this has to be some user id
        'quantity1' => $quantity1
    ));
} else{
    echo 'ups, error!';
}

You obviously still have to adapt a little here, but the general issues should be addressed, I hope.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

Hey. Thanks for your fast answer! You're absolute right. I tried it and the problem is solved. But he doesn't update now. When I click my button now, he does execute it, but the number in quantity1 is exact the same
@Taylor OK, then two details have to be checked: 1. what is the value of $some_user_id? Have you really chose a correct one? Where does it come from? If that is wrong, then obviously no update will occur. 2. are you really sure the computation works? You should check if $_POST['amount1'] really contains when you expect.
Thanks again. I'll check that and reply in a few minutes back
@Taylor Actually when looking at that I get the impression that the name user_id is suspicious. Looks a bit like copy&paste without giving it any though. What is that id column? Probably not some user_id I would guess, but an id of a record in some product table or similar. So where does that id come from which identifies your row you want to update?
So I will edit after that comment my post. The user_id is a Session which will be set when the user login. So the user_id is the current logged in user......@you can see the user_id declaration now in my first post
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.