Checking database values before allowing updates

Actually I have four questions but first just a bit of background…

I’m using Dreamweaver and I am a novice/beginner with php, although I’ve read a few thick books on php, so I can handle tweaks to what Dreamweaver lays out fairly competently(I hope!). I have created an online utility for use in my online baseball league that will allow league members to place bids on free agents baseball players(you will see a screenshot below). It works perfectly as far as updating the database with the latest bid and a time stamp. However, I would like to add the following:

  1. A feature which will not allow another bid if 24 hours has passed
  2. A feature that automatically enters the logged in user in the ‘team’ field behind the scenes so I can remove the ‘team’ field from the form.
  3. A feature that limits the number of times a logged in user can bid on a specific player(all have player id’s as primary keys).
  4. Finally, I want this utility to disallow any bid that is not greater than or equal to 1.1 * current bid in the database. This is the part where I want to compare with what’s in the database fields before it gets updated.

My website is

Here is screenshot of what I have so far:

Here is the code I have so far. Any advice would be greatly appreciated. :)


<?php require_once('../Connections/fautil.php'); ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $curBid = $Recordset1['years'] * $Recordset1['amount']; if ( $curBid <= ($_POST['years'] * $_POST['amount']) AND (isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE players SET team=%s, amount=%s, years=%s WHERE player_id=%s", GetSQLValueString($_POST['team'], "text"), GetSQLValueString($_POST['amount'], "int"), GetSQLValueString($_POST['years'], "int"), GetSQLValueString($_POST['player_id'], "int")); mysql_select_db($database_fautil, $fautil); $Result1 = mysql_query($updateSQL, $fautil) or die(mysql_error()); } $maxRows_Recordset1 = 20; $pageNum_Recordset1 = 0; if (isset($_GET['pageNum_Recordset1'])) { $pageNum_Recordset1 = $_GET['pageNum_Recordset1']; } $startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1; mysql_select_db($database_fautil, $fautil); $query_Recordset1 = "SELECT players.player_id, players.first_name, players.last_name, players.free_agent,, players.amount, players.years, players.`time` FROM players WHERE players.free_agent = 1 ORDER BY players.last_name"; $query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1); $Recordset1 = mysql_query($query_limit_Recordset1, $fautil) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); if (isset($_GET['totalRows_Recordset1'])) { $totalRows_Recordset1 = $_GET['totalRows_Recordset1']; } else { $all_Recordset1 = mysql_query($query_Recordset1); $totalRows_Recordset1 = mysql_num_rows($all_Recordset1); } $totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1; ?> Free Agent Utility html {font-family:tahoma,verdana,arial,sans serif; font-size:62.5%;} body {font-size:1.2em;} table { font-size:1em; } table tr th{ background-color:#ddb; padding:0.2em 0.6em 0.2em 0.6em; } table tr td{ background-color:#eec; margin:0.3em; padding:0.3em; } <?php do { ?> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
Place Bid Last Name First Name Bidder Amount Years Time



<?php echo $row_Recordset1['last_name']; ?> <?php echo $row_Recordset1['first_name']; ?> <?php echo $row_Recordset1['team']; ?> <?php echo $row_Recordset1['amount']; ?> <?php echo $row_Recordset1['years']; ?> <?php echo $row_Recordset1['time']; ?>
<?php mysql_free_result($Recordset1); ?>[/code]

Since you have the timestamp of the last bid, you can simply disable bidding when ($timestamp + (3600 * 24)) > time() is true.

If the user is logged in, then you can extract his team’s name from the database and fill it in after the form is submitted.

I’m afraid it’s not very easy to implement something like this, nor would it be very fair to the person that really wants to bid on someone. What I see nowadays though, is a mechanism where you can’t overbid yourself. This can be easily implemented by disabling the bidding form when the last bidder equals the logged in user.

Since you know the latest bid, you can simply tell PHP to not accept any biddings lower than 1.1 * $latestbid.

Sponsor our Newsletter | Privacy Policy | Terms of Service