0

Hello I am trying to subtract a users credit's after a transaction but something keeps going wrong when updating.while testing accepted_bidder = 15 and credit row in customer is 100. for some reason when I update it is -15 rather than 75 anyone know why this may be?

output: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, array given in C:\xampp\htdocs\payment2.php on line 20

Notice: Undefined variable: credit in C:\xampp\htdocs\payment2.php on line 26

<?php
session_start();
require 'config.php';


$id = $_SESSION['login_user'];
$jobid    = $_POST['job_id'];
$poster_id    = $_POST['poster_id'];
$accepted_bidder    = $_POST['accepted_bidder'];
$accepted_bid    = (int) $_POST['accepted_bid'];
$poster_id = $_POST['poster_id'];

$query = "SELECT credit FROM `customer` WHERE email_adress = '$id'";

$success = $conn->query($query);


$result = mysqli_fetch_array($success);

while($row = mysqli_fetch_array($result)):
$credit = (int)$row['credit'];
endwhile;

//var_dump($result);
//var_dump($accepted_bid); 
$updated_credit = $credit - $accepted_bid;
//echo $updated_credit;


$query2   = "UPDATE job SET start_escrow = '1' WHERE job_id = '$jobid'";
$success2 = $conn->query($query2);

$query3   = " UPDATE customer SET credit = '$updated_credit' WHERE email_adress = '$id'";
$success3 = $conn->query($query3);



if (!$success) {
    die("Couldn't enter data: ".$conn->error);

}

echo "Thank You For Contacting Us <br>";
 //header("location: myjobs.php");



$conn->close();




?>
Improve this question
8
  • Note: The object-oriented interface to mysqli is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete mysql_query interface. Before you get too invested in the procedural style it’s worth switching over. Example: $db = new mysqli(…) and $db->prepare("…") The procedural interface is an artifact from the PHP 4 era when mysqli API was introduced and should not be used in new code. Commented Apr 19, 2018 at 17:06
  • 1
    WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put $_POST, $_GET or any user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. Commented Apr 19, 2018 at 17:06
  • Note: Try and get out of the habit of declaring SQL statements in throw-away variables that are used only once. It's a lot easier to follow code where the query is supplied directly to the function, and there's no longer a chance of messing up and sending in $sql3 instead of the visually similar $sql8. Commented Apr 19, 2018 at 17:06
  • UPDATE customer SET credit = credit - '$updated_credit' Commented Apr 19, 2018 at 17:07
  • This code also has race conditions. When adjusting columns try and do the operation atomically, like UPDATE customer SET credit=credit-?, instead of as two queries which can run out of sync. Commented Apr 19, 2018 at 17:07

1 Answer 1

Reset to default
3

$result is not the result of the query, it's the first row you read using:

$result = mysqli_fetch_array($success);

So when you then do:

while ($row = mysqli_fetch_array($result))

you're trying to use that row as the query result.

Replace these two lines:

$success = $conn->query($query);
$result = mysqli_fetch_array($success);

with

$result = $conn->query($query);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.