PHP Update Value

Beginners - Learning PHP
#1

Hi people,

I created a script that makes a table and got the update, but if the wrong user inserise it should show the error:

echo “
O seu pedido foi recusado, o utilizador não existe na DataBase.”;

But only just shows that the request was successful even when wrong.
I think it is but I’m not sure:

if(verificarUser($user) == True)

This is my code:

[php]<?php

require("common.php"); 
	
global $host, $dbname, $username, $password, $options; 

$user = $_POST['username'];
$credits = $_POST['credit_amount'];

	if(verificarUser($user) == True)
	{

		$dbh = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password);
		$sql = "UPDATE users SET credits = '{$credits}' WHERE username = '{$user}'";
		$count = $dbh->exec($sql);

			echo "<br /><font color='green'>O pedido foi realizado com sucesso na conta <b>$user</b> com <b>$credits creditos</b>.</font>";
				
		$dbh = null;
	}
	else
		{
			echo "<br /><font color='red'>O seu pedido foi recusado, o utilizador não existe na DataBase.</font>";
		}

	function verificarUser($username)
	{
		
		global $host, $dbname, $username, $password, $options; 
		//connect database
		$dbh = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password);
		$procurarUser = $dbh->prepare("SELECT * FROM users");
		$procurarUser->execute(array('username' => $username));
		
		//save results
		$procurarUser->execute();
		
		//search
		$checkUser = $procurarUser->fetchAll();
		
		$dbh = null; //close db
		
		if(count($checkUser) > 0)
		{
			return True;
		}
		else
		{
			return False;
		}
	}

?>[/php]

#2

I think your verificarUser is always returning true

[php] $dbh = new PDO(“mysql:host={$host};dbname={$dbname};charset=utf8”, $username, $password);
$procurarUser = $dbh->prepare(“SELECT * FROM users”);
$procurarUser->execute(array(‘username’ => $username));[/php]

You have a query, here that just selects all users from your database table…

[php]$procurarUser = $dbh->prepare(“SELECT * FROM users”);[/php]

Then you are trying to narrow it down with this…

[php] $procurarUser->execute(array(‘username’ => $username));[/php]

Which doesn’t do anything because you don’t have a username variable in your query…

If you did something like this, it might work

[php] $dbh = new PDO(“mysql:host={$host};dbname={$dbname};charset=utf8”, $username, $password);
$procurarUser = $dbh->prepare("SELECT * FROM users WHERE username = ? ");
$procurarUser->execute(array($username));[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service