Parse Error: Adding to currently existing data

[EternalWolf]

Hello, my name is Vince.

I'm trying to make a php script to acces my mysql database.
currently, im using an html form to post a input field to the php file.
I need to add 1000 to the currently existing data, which is only numeric by the way.

here is the code below;

PHP Code:

<?php
$username = $_POST['entered_username'];


$dbhost = 'mysql3.freehostia.com';
$dbuser = 'vinmar10_net';
$dbpass = 'Master';

$sql_query = mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to mysql');

$dbname = 'vinmar10_net';
mysql_select_db($dbname);




$sql_query = mysql_query("SELECT `extcredits2` FROM `cdb_members` WHERE `username` = '$username'");
while($rs = mysql_fetch_array($sql_query)) {
$creditamt = $rs[0] + 1;
}

$sql_query = "UPDATE cdb_members SET $creditamt = extcredits2 +1000 WHERE username = $username";
if(mysql_query($sql_query)) {
echo "Credits Purchased Successfully";
}
?>

can someone please help me figure out why this error occurs?

[curtiss]

I see a number of things I would change in your code, but I can't yet say, specifically, where the error is being generated (in fact, from the code you provided, I don't even see where you're printing out the error, so that you would know that an error was occurring).

Please adjust your code to look like:

PHP Code:

<?php
$dbhost = 'mysql3.freehostia.com';
$dbuser = 'vinmar10_net';
$dbpass = 'Master';

$link = mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to mysql');

$username = mysql_real_escape_string($_POST['entered_username'],$link);

$dbname = 'vinmar10_net';
mysql_select_db($dbname);

if($sql_query = mysql_query("SELECT `extcredits2` FROM `cdb_members` WHERE `username` = '$username'")) {
while($rs = mysql_fetch_array($sql_query)) {
$creditamt = $rs[0] + 1;
}
$sql_query = "UPDATE cdb_members SET $creditamt = extcredits2 +1000 WHERE username = $username";
if(mysql_query($sql_query)) {
echo "Credits Purchased Successfully";
}
else {
die("The procedure died while trying to add credits. Following is the error that was generated:\n\r".mysql_error());
}
else {
die("The procedure died while trying to retrieve information from the database. Following is the error that was generated:\n\r".mysql_error());
}

?>

Now, at least, you'll get a specific error generated, and you will know based on the text ahead of it which query caused the error.

Now, onto some other things:
1) I noticed you are not escaping the username. That's very bad practice. Always be sure to escape information you'll be sending to a database (especially information acquired directly from the user). Check out my latest blog entry to see a little bit about why and how: Avoiding SQL Injection with PHP | HTMLCenter - Web Help and Web Development Blog
I've taken the liberty of escaping your data in the code I provided above.
2) Your UPDATE query is very strange. It appears as though you're going to retrieve a numerical value from the database, then you're trying to use that numerical value as the name of a column in your update query. That's not going to work.
Basically, let's say that you retrieve the number "7" from your database, and you store that, plus 1 (which could either be 8 or 71, depending on whether PHP thinks it's a number or a string, and without casting the variable, you really have no reliable way of knowing), into the variable "$creditamt".
Then, with your UPDATE query written the way it is, it's going to look like:

PHP Code:

UPDATE cdb_members SET 8 = extcredits2 +1000 WHERE username = $username 


First of all, obviously "8" (or 71, depending on typing), is most likely not the name of your column.
Secondly, you have not surrounded $username by quotes, so the query's going to fail there, too, assuming that your username is a string and not a numerical value.

Your UPDATE query should probably look more like:

PHP Code:

UPDATE cdb_members SET extcredits2=extcredits+1000 WHERE username='$username' 


Good luck with it, and let us know if there's anything more we can do to help. Thanks.

[EternalWolf]

thank you very much for taking the time to update my code. I noticed where you escaped the username. I didnt even think about that.

I tried the code that you had and made some adjustments.
its as follows:

PHP Code:

<?php
$dbhost = 'mysql3.freehostia.com';
$dbuser = 'vinmar10_net';
$dbpass = 'Master';

$link = mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to mysql');

$username = mysql_real_escape_string($_POST['entered_username'],$link);

$dbname = 'vinmar10_net';
mysql_select_db($dbname);

if($sql_query = mysql_query("SELECT `extcredits2` FROM `cdb_members` WHERE `username` = '$username'")) {
while($rs = mysql_fetch_array($sql_query)) {
$creditamt = $rs[0] + 1;
}
$sql_query = "UPDATE cdb_members SET extcredits2 +1000 WHERE username = '$username'";
if(mysql_query($sql_query)) {
echo "Credits Purchased Successfully";
}
else {
die("The procedure died while trying to add credits. Following is the error that was generated:\n\r".mysql_error());
}
else {
die("The procedure died while trying to retrieve information from the database. Following is the error that was generated:\n\r".mysql_error());
}
?>

I get another parse error as follows;

PHP Code:

Parse error: parse error, unexpected T_ELSE in /home/www/eternalwolf.com/board/purchase_credits/update.php on line 24 


Line 24 is on the second else case that defines the error.
The thing is, when i try to debug and delete them, (both else cases)
i get a parse error for '$' on Line 21. Line 21 would be the closing php tag. "?>" As you can probably tell, im not the greatest in php. but im still learning. I just cant figure this out.

To be more specific, I'll describe what the certain fields and variables are:

extcredits2 is one of 3 different types of credits I have. Currently extcredits2 is my primary. extcredits1 is for a game currency and extcredits3 is for a referral count. (but 1 and 2 are irrelevant in this matter)

entered_username is posted from purchased_credits.html. this includes a form and an input field that requires a user to enter their username. (which is retrieved from the table, 'cdb_members' and the field, 'username' which is a string. I can also use a userid (uid) but i thought it would be more convenient for the user to use their username, instead of looking up their user id number.

you can view the files I have uploaded and view source code.

(FORM)
eternalwolf.com/board/purchase_credits/purchased_credits.html

(PHP FILE TO ACCESS MYSQL)
eternalwolf.com/board/purchase_credits/update.php


Being the novice that I am, I cant seem to find a simple fix for this.
I dont know what im doing wrong.. maybe i should go and purchase a php for dummies lol.

kind regards,
Vince

[curtiss]

The T_ELSE error came about because I left out a closing curly brace at the end of the inner "else" statement

PHP Code:

else {
die("The procedure died while trying to add credits. Following is the error that was generated:\n\r".mysql_error());
}
else {
die("The procedure died while trying to retrieve information from the database. Following is the error that was generated:\n\r".mysql_error());
} 


should be:

PHP Code:

else {
die("The procedure died while trying to add credits. Following is the error that was generated:\n\r".mysql_error());
}
}
else {
die("The procedure died while trying to retrieve information from the database. Following is the error that was generated:\n\r".mysql_error());
} 


[EternalWolf]

ok, I edited the code a little and found a solution!

here is the fully functional finished code:

Code:

<?php
$dbhost = 'mysql3.freehostia.com';
$dbuser = 'vinmar10_net';
$dbpass = 'Master';

$link = mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to mysql');

$add_credits = 1000;
$username = mysql_real_escape_string($_POST['entered_username'],$link);

$dbname = 'vinmar10_net';
mysql_select_db($dbname);

if($sql_query = mysql_query("SELECT `extcredits2` FROM `cdb_members` WHERE `username` = '$username'")) {
while($rs = mysql_fetch_array($sql_query)) {
$creditamt = $rs[0] + 1;
}
$sql_query = "UPDATE cdb_members SET extcredits2 = extcredits2+ '$add_credits' WHERE username = '$username'";
if(mysql_query($sql_query)) {
echo "Credits Purchased Successfully";
}
else {
die("The procedure died while trying to add credits. Following is the error that was generated:\n\r".mysql_error());
}
}
else {
die("The procedure died while trying to retrieve information from the database. Following is the error that was generated:\n\r".mysql_error());
}
?>

Thank you for all your help!
I'll be adding your name and the website in comments.

regards,
vince