PHP Form

[size=12pt]HTML:[/size]

[code]

Give Money

		<form action='givemoney.php' method='POST'>
		Username: <input type='text' name='username'><br>
		Money to donate: <br><input type='text' name='money'><br>
		<input type='submit' />
[/code]

[size=12pt]PHP[/size]

[php]include “header.php”;

$username = $_GET[“username”];
$moneyamount = $_GET[“money”];
$jbux = mysql_query (“SELECT jbux FROM Members WHERE Username=’$username’”);

mysql_query(“UPDATE Members SET jbux=’$jbux+$moneyamount’ WHERE Username=’$username’”) or die (mysql_error());[/php]

[hr]

[size=14pt]Basically I want PHP to get information from the username and money fields and add the money to the username.[/size]

Well your form method is using POST but you are trying to grab the info using GET, so pick one or the other. Also this script is highly unsecure and not very efficient either. There is no need to run 2 queries for what you are doing.

Any suggestions on how to fix it?

[php]
include “header.php”;

$username = mysql_real_escape_string($_POST[“username”]); // sanitizing the username for security.
$moneyamount = (float)$_POST[“money”]; // assuming you are allowing a number like 5.25 so because of the decimal places you can cast it to a float for security.

mysql_query(“UPDATE Members SET jbux= jbux + ‘$moneyamount’ WHERE Username=’$username’”) or die (mysql_error());
[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service