• 15
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I am using codeigniter, and I have the following function in my model to give points to the user. It is however not working, rather setting the points column to 0.

This is how it is written in the codeigniter manual. Therefore I have no clue why it is not working...

Thanks

function give_points($username,$points)
{
    $this->db->set('points', 'points + $points');
    $this->db->where('username', $username);
    $this->db->update('users'); 
    echo"done";
}

I believe you have to tell CI specifically to not escape the text. I don't have a CI installation handy to test this in, but I think it was something like:

$this->db->set('points', 'points + ' . (int) $points, FALSE);
  • 14
Reply Report

Not sure this is the cause of your problem, but you are using single quotes, on the following lines :

$this->db->set('points', 'points + $points');

With this, the $points string will be injected as-is, literally, into your SQL query -- it's not its value that's going to be used.


If you want $points to be interpolated (so its value is put in its place, in that string), you must use double quotes :

$this->db->set('points', "points + $points");


For more informations about variable interpolation, see the Variables parsing section of the PHP Manual.

  • 2
Reply Report
      • 1
    • That producse the query: UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' which does not work.. any further ideas?
      • 2
    • Looks like your points field in the database is an integer, and you are trying to access it like a string : your query should look like UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' ;;; Maybe you have some way of indicating that to CI ? I don't know CI well enough to help more, sorry.

If there is a chance, always check the created SQL query - I do not know how to do it with CI.

However, your set() looks flawed.

$this->db->set('points', "points + $points");

Previously, $points was part of the string, and not expanded by the contents of $points, due to you using a single quote instead of a double quote - see the manual regarding strings in PHP.

$this->db->set('points', 'points + ' . (int) $points);

A slighty better code is the one above, as it defeats possible SQL injection, depending on where $points originally comes from.

  • 0
Reply Report
      • 2
    • Both suggestions produce the query: UPDATE users SET points = 'points + 1000' WHERE username = 'thomas' This query is not working... Thanks
      • 1
    • You have to check the CI manual then. It seems as if CI always puts the given string in set() into quotes, so this cannot work that way.

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions