Why wont this work?

OniLink

This code wont work. All the variables are defined:

$db = new Database('??','??','??','??);
for ($i=0; $i<$POST['numItems']; $i++) {
$sql='UPDATE shop_product_list SET product_sold = product_sold+1 WHERE product_id = "'.$POST['i'+i].'"';
$db->query($sql);
}

Thanks for any help,
~Oni.

bradgrafelman

Is MySQL giving you any errors? Try checking to see if the query() call returns false, and if it does, print out $db->error so we can see what MySQL has to say.

Also, if product_id is a numeric column, which I suspect it is, you shouldn't be using any type of quotes around its value. Further more, if you DO use quotes for values, I do believe it should be single quotes.

Finally, I would add some sort of security so that people can't just POST anything they want and have it go directly into a SQL query. Since you're expecting a number, most likely an integer, why not use something like [man]intval/man to make sure the POST'ed element is what you expect it to be? Something like this:

$sql='UPDATE shop_product_list SET product_sold = product_sold+1 WHERE product_id = ' . intval($_POST['i'+i]);

(NOTE: Try to use the board's [ PHP ] [ /PHP ] tags when posting PHP code... it adds the nice syntax highlighting as well as making quotes easier to read)