"City Colleges Of Chicago - Mannheim" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > if there is a booktitle and a quantity chosen, then go to that booktitle and > adjust the quantity in the database.
<?php $link = mysql_pconnect($local, $user, $pass) or die("Error connecting: ".mysql_error()); mysql_select_db($db, $link) or die("Error opening database $db: ".mysql_error()); if ($submit) { if ($bookID != "" and $quantity > 0) { $query = "UPDATE Book2" ." SET stock=(stock-".(int)$quantity.")" ." WHERE bookID=".(int)$bookID ." AND stock >=".(int)$quantity; $result = mysql_query($query, $link); if (mysql_affected_rows($link) == 1) echo "<p>Your order has been placed.</p>"; else echo "<p>There was an error in placing the order.</p>"; } } else { echo "<p>Your order has not been placed.</p>"; } ?> NOTE: 1. We work with a unique book-id, not a book title; this is (a) faster for the database and (b) eliminates problems dealing with several books of the same name (ie multiple editions, hard-cover/soft-cover/trade, etc). 2. We add quantity-checking to the query - before an order is placed, we ensure there are sufficient books on hand. Because this is done as a single operation, we don't have to worry about transaction-safety. 3. When composing the query, all values are cast to int, foiling would-be hack attempts. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php