Find Highest bidder

DaemonProjects

Hello, I am trying to find the highest bidder from a mysql table. Basically what happens is I have a product and multi-people can bid on this product. But how do I find out what the highest bidder is?

C_ID | C_OPENOFFERID | C_BIDMAX | C_BIDMIN | C_BIDCURRENT | C_BIDEMAIL | C_BIDDATE | C_BIDPERCENT | C_LISTINGID | C_STREET | C_CITY | C_ZIP | C_STATE
-----------------------------------------------------------------------------------------------------------------------------------------------------
1    | 5             | 251000   |  189020  | 189020       | @gmail.com | 12/19/2007| 3%           | 5546        | null     | null   | null  | CA
2    | 6             | 271000   |  189001  | 189001       | @gmail.com | 12/19/2007| 3%           | 5546        | null     | null   | null  | CA
3    | 7             | 261000   |  189002  | 189002       | @gmail.com | 12/19/2007| 3%           | 5546        | null     | null   | null  | CA

I just want to find out which record has the highest bid from the C_BIDMIN field.

	//Check high bidder
	$sql = "SELECT * FROM `currentoffers` WHERE `C_LISTINGID`='".$_REQUEST["id"]."' ORDER BY C_ID DESC LIMIT 1";
	$result = mysql_query($sql) or die ("<b><center style='color:red;'>".mysql_errno().": ".mysql_error()."</b></center>\n");

any help would be great.

thanks DP

SFDonovan

If you wanted the current high bidder wouldn't you want the C_BIDCURRENT ?

There is a max() function that you could use here.

MySQL's MAX aggregate function will find the largest value in a group.

$query = "SELECT C_ID, MAX(C_BIDCURRENT) FROM currentoffers WHERE `C_LISTINGID`='".$_REQUEST["id"]."' ORDER BY C_ID DESC LIMIT 1";

bradgrafelman

Using SFDonovan's code, you won't get the C_ID that matches the highest bidder. Instead, simply order by the bid amount:

SELECT C_ID, C_BIDCURRENT, ...
FROM currentoffers
WHERE C_LISTINGID=5
ORDER BY C_BIDCURRENT DESC
LIMIT 1

That query, assuming you fill in the ID and the rest of the column list, will get you the data related to the highest bidder.

Also, it looks like your script is vulnerable to SQL injection attacks. User-supplied data should never be placed directly into a SQL query! Instead, sanitize it with a function such as [man]mysql_real_escape_string/man (or, as is applicable in your case, you could cast the data to an integer or use a function such as [man]int_val/man - this is preferred, that way you don't get invalid data types that will break your query).