Adding with PHP to a MySQL database

Question

I am pretty new to PHP and I am trying to make an inventory database. I have been trying to make it so that a user can enter a card ID and then amount the want to add to the inventory and have it update the inventory. For example someone could type in test and 2342 and it would update test. Here is what I have been trying with no success:

add.html

<body>
  <form action="add.php" method="post">
    Card ID: <input type="text" name="CardID" />
    Amount to Add: <input type="text" name="Add" />
    <input type="submit" />
  </form>
</body>
</html>

add.php

<?php
$link = mysql_connect('host', 'username', 'password');
 if (!$link){
    die('Could not connect: ' . mysql_error());
   }
 mysql_select_db("tdm_inventory", $link);
 $add = $_POST[Add]
 mysql_query("UPDATE cardLists SET AmountLeft = '$add' WHERE cardID = 'Test'");
 echo "test successful";
 mysql_close($link);
?>

Answer 1

I think you are missing quotes around your POST value for one. You are also committing one of the cardinal sins of PHP development putting the variables right in your SQL string like that. Try this instead:

<?php
 $link = mysql_connect('host', 'username', 'password');
 if (!$link)
 {
   die('Could not connect: ' . mysql_error());
 }
 mysql_select_db("tdm_inventory", $link);
 if (mysql_errno()) 
 { 
   echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
 }
 $add = $_POST["Add"]
 $query = sprintf("UPDATE cardLists SET AmountLeft = AmountLeft + %s WHERE cardID = 'Test'", mysql_real_escape_string($add));
 mysql_query($query);
 if (mysql_errno()) 
 { 
   echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
 }
 echo "test successful";
 mysql_close($link);
?>