danmiddo

1 minute ago, justsomeguy said:

I appreciate your reply,
i can get that part working no issues
my issue is that i need to have 2 queries running
  $sql1 = "UPDATE teams SET Victories = 'Victories' + 1, Points = 'Points' + 3, Played = 'Played' + 1, Made = 'Made' + $Goal, Let = 'Let' + $GoalIn WHERE team = $Home";
  $sql2 = "UPDATE teams SET Defeats = 'Defeats' + 1, Played = 'Played' + 1, Made = 'Made' + $GoalIn, Let = 'Let' + $Goal WHERE team = $Away";

I pull in data for example
Man Utd (home)
3 (goals)

Chelsea (away)

1(goals)

so i need to do 2 updates one for the home team that gets the win and one for the away team that gets the loss.
your example only provides the winning teams Victories, Points, Played, Made, Let
 

1 minute ago, justsomeguy said:

 

$stmt = $conn->prepare('UPDATE teams SET Victories = Victories + 1, Points = Points + 3, Played = Played + 1, Made = Made + :goal, Let = Let + :goalin WHERE team = :home');
	$stmt->execute([
	  ':goal' => $Goal, 
	  ':goalin' => $Goalin, 
	  ':home' => $Home
	]);

 

Obviously I am more of a novice than i thought..
Any chance you could demonstrate how you would solve this?

Any idea where i am going wrong now? -.-

<?php

if ($_GET["home"] == $_GET["away"]) {
  header("Location: same.php");
}

// Connection data (server_address, database, name, poassword)
$servername = "localhost";
$username = "username";
$password = "password!";
$db = "database";

if ($_GET["homegoal"] > $_GET["awaygoal"]) {
  $Home=$_GET["home"];
  $Away=$_GET["away"];
  $Goal=$_GET["homegoal"];
  $GoalIn=$_GET["awaygoal"];

  // Connect and create the PDO object
  $conn = new PDO("mysql:host=$servername; dbname=$db", $username, $password);
 
  $sql1 = "UPDATE teams SET Victories = 'Victories' + 1, Points = 'Points' + 3, Played = 'Played' + 1, Made = 'Made' + $Goal, Let = 'Let' + $GoalIn WHERE team = $Home";
  $sql2 = "UPDATE teams SET Defeats = 'Defeats' + 1, Played = 'Played' + 1, Made = 'Made' + $GoalIn, Let = 'Let' + $Goal WHERE team = $Away";
  $count = $conn->exec($sql1, $sql2);

  $conn = null;        // Disconnect
}
catch(PDOException $e) {
  echo $e->getMessage();
}

?>

1 minute ago, justsomeguy said:

That's not an excuse, there's no rule that says I need to use your form to send $_GET data to that page.  I can type whatever I want in the URL and your code will use it.  You can validate the values or convert to integers if you want to on the server, but any time you use a variable in your query you should use a prepared statement.  That's the rule.

Everything will be changed to post once its working, GET is purely for testing right now.
and everything on the previous page has the security.

Thanks for your help

I shall try and sort this out again, and will update

Yeah i know that the AND statement doesn't/wouldn't work i was just struggling for how to run 2 queries.

I don't need to worry about SQL injection for this as all variables are sent from a previous page which has all values as pre defined values via drop down lists.

have you any idea how i could work this into 2 executable queries?

Yes I am aware the ASP code is poorly presented which is why im probably struggling so much

what im working with at the moment is

<?php

if ($_GET["home"] == $_GET["away"]) {
  header("Location: same.php");

$servername = "localhost";
$username = "username";
$password = "password!";

try {
    $conn = new PDO("mysql:host=$servername;dbname=database", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo "Connected successfully";
    }
catch(PDOException $e)
    {
    echo "Connection failed: " . $e->getMessage();
    }

if ($_GET["homegoal"] > $_GET["awaygoal"]) {
  $Home=$_GET["home"];
  $Away=$_GET["away"];
  $Goal=$_GET["homegoal"];
  $GoalIn=$_GET["awaygoal"];

$sql = "UPDATE `teams` SET `Victories` = 'Victories + 1', `Points` = 'Points + 3', `Played` = 'Played + 1', `Made` = 'Made + $Goal', `Let` = 'Let + $GoalIn' WHERE team = $Home AND SET 'Defeats' = 'Defeats + 1', 'Played' = 'Played + 1', 'Made' = 'Made + $GoalIn', 'Let' = 'Let + $Goal' WHERE team = $Away";

?>

I am aware that there is flaws with my SQL statement as this is where i am struggling

i'm not sure if its because the .asp code looks a mess which is why its giving me the headache trying to make this work in php

not to an advanced level like this appears to require

I'm using MySQL with PHP version 5.5.38 and I'm coding it all from scratch

It's the Update queries. 

As there are so many of them they don't work when I set it out in php 

I have been given a .asp file that needs converting into PHP,

the only issue i am having is with the mass update fields.

<%@ Language=VBScript %>

<% if Request.QueryString("Home") = Request.QueryString("Away") Then %>
<% Response.Redirect("same.asp") %>
<%End If%>
<% if Request.QueryString("HomeGoal") > Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  away = Request.QuerySTring("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")

Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=databse;UID=username;PWD=password!;"
objconn.Open(ConnStr)

        objConn.Execute "UPDATE teams SET Victories = Victories + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 3 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Defeats = Defeats + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% if Request.QueryString("HomeGoal") < Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  Away = Request.QuerySTring("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")
Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=databse;UID=username;PWD=password!;"
objconn.Open(ConnStr)

    
        objConn.Execute "UPDATE teams SET Defeats = Defeats + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Victories = Victories + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 3 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% if Request.QueryString("HomeGoal") = Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  Away = Request.QueryString("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")
Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;databse=fifa2;UID=username;PWD=password!;"
objconn.Open(ConnStr)

    
        objConn.Execute "UPDATE teams SET Draws = Draws + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Draws = Draws + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% Home = Request.QueryString("Home") %>
<% Away = Request.QueryString("Away") %>
<% HomeGoal = Request.QueryString("HomeGoal") %>
<% AwayGoal = Request.QueryString("AwayGoal") %>

<head>
<title>Game: <%=Home%> against <%=Away%> - Result updated...</title>    

<H3>Result submitted</H3><HR>
<CENTER><B><%=Home%> - <%=HomeGoal%> - <%=AwayGoal%> - <%=Away%></CENTER><BR>
<HR>
<% if HomeGoal = AwayGoal Then %>
<CENTER>The game ended as a draw!</CENTER>
<%End If%>
<% if HomeGoal > AwayGoal Then %>
<CENTER><%=Home%> won against <%=Away%> !</CENTER>
<%End If%>
<% if HomeGoal < AwayGoal Then %>
<CENTER><%=Away%> won against <%=Home%> !</CENTER>
<%End If%>
</b>
<input type="button" value="Back" OnClick="top.location='results.asp'">

result_process.asp