PHP Form

Exmor · May 25, 2013, 12:13pm

[size=12pt]HTML:[/size]

[code]

Give Money

		<form action='givemoney.php' method='POST'>
		Username: <input type='text' name='username'><br>
		Money to donate: <br><input type='text' name='money'><br>
		<input type='submit' />

[/code]

[size=12pt]PHP[/size]

[php]include “header.php”;

$username = $_GET[“username”];
$moneyamount = $_GET[“money”];
$jbux = mysql_query (“SELECT jbux FROM Members WHERE Username=’$username’”);

mysql_query(“UPDATE Members SET jbux=’$jbux+$moneyamount’ WHERE Username=’$username’”) or die (mysql_error());[/php]

[hr]

[size=14pt]Basically I want PHP to get information from the username and money fields and add the money to the username.[/size]

fastsol · May 25, 2013, 12:54pm

Well your form method is using POST but you are trying to grab the info using GET, so pick one or the other. Also this script is highly unsecure and not very efficient either. There is no need to run 2 queries for what you are doing.

Exmor · May 25, 2013, 1:16pm

Any suggestions on how to fix it?

fastsol · May 25, 2013, 10:28pm

[php]
include “header.php”;

$username = mysql_real_escape_string($_POST[“username”]); // sanitizing the username for security.
$moneyamount = (float)$_POST[“money”]; // assuming you are allowing a number like 5.25 so because of the decimal places you can cast it to a float for security.

mysql_query(“UPDATE Members SET jbux= jbux + ‘$moneyamount’ WHERE Username=’$username’”) or die (mysql_error());
[/php]