im having some issues with my php code

Question

for some reason with my code if user_cardname already exists in the mysql it doesn't update it but places a new one.

 <?php
require_once("config.php");
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$user_name = stripslashes($_POST['username']);
$user_donateamount = intval($_POST['DonateAmount']);
$user_cardname = stripslashes($_POST['CardName']);
$result = "fail";
$db = mysql_connect($auth_host, $auth_user, $auth_pass) or die (mysql_error());
if (mysql_select_db($auth_dbase,$db)) {
    if ($sql = mysql_query("SELECT * FROM user WHERE name = '" . mysql_real_escape_string($user_name) . "'")) {
        if ($row = mysql_fetch_array($sql)) {
            if ($user_donateamount <= $row['credits']) {
                if ($sql1 = mysql_query("SELECT * FROM scores WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                    if($row = mysql_fetch_array($sql)) {
                        if (mysql_query("UPDATE scores SET score = score + $user_donateamount WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    } else {
                        if (mysql_query("INSERT INTO scores (name,score) VALUES ('". mysql_real_escape_string($user_cardname) ."', $user_donateamount)")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
$result = "success";
                        }
                    }
                }
            }
        }
    }
}
mysql_close($db);
echo $result;

this is what is suppose to happen:

and here is the html version of the code that runs this php file

https://www.dropbox.com/s/lhxwgzzgsl79h0r/testform.html?dl=0 thank you

Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Dec 15 '14 at 13:57
You might mean if($row = mysql_fetch_array($sql1)) ... your logic is atrocious. But on your last if conditional you are using the previous sql and not sql1. But read what @JayBlanchard said. — Joe Swindell, Dec 15 '14 at 14:06

score 0 · Accepted Answer · answered Dec 15 '14 at 14:06

That's because you use the wrong $sql source in the sixth if-statement. Change it to:

if($row = mysql_fetch_array($sql1)) {

So you would get this:

if (mysql_select_db($auth_dbase,$db)) {
    if ($sql = mysql_query("SELECT * FROM user WHERE name = '" . mysql_real_escape_string($user_name) . "'")) {
        if ($row = mysql_fetch_array($sql)) {
            if ($user_donateamount <= $row['credits']) {
                if ($sql1 = mysql_query("SELECT * FROM scores WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                    if($row = mysql_fetch_array($sql1)) {
                        if (mysql_query("UPDATE scores SET score = score + $user_donateamount WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    } else {
                        if (mysql_query("INSERT INTO scores (name,score) VALUES ('". mysql_real_escape_string($user_cardname) ."', $user_donateamount)")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    }
                }
            }
        }
    }
}

And yes, Jay Blanchard is right. You should not use mysql_* anymore. Just read the comment.

Thank you so much. and I did recently notice that and i plan to upgrade the code but going to finish this first to use until then. — Troy Beard Jr., Dec 16 '14 at 14:34
ok my html page works but my c# page within unity won't pull the CardName. mind helping me figure out why? i tried everything i can think of but everything looks correct @s.pols [link](https://www.dropbox.com/s/01dwkicm4g8jy56/RequestManager.cs?dl=0) — Troy Beard Jr., Dec 17 '14 at 17:39

im having some issues with my php code

1 Answers1