Mysql +1 to variable

Question

how should i update my attempt's using variable ? it wont work

mycode

$db_attempts = 'MAX_ATTEMPTS';

//here
$attemtps_pdo = 'UPDATE `attempts` SET `MAX_ATTEMPTS`= ? +1 WHERE `IP` = ?';
$results = $ALIST->update($attemtps_pdo,$db_attempts,$user_ip);

public function update($sql,$values1,$values2){
        try{
        $results = $this->connection->prepare($sql);
        $results->bindValue(1, $values1);
        $results->bindValue(2, $values2);
        $results->execute();

        return $results;
}

how do i make my MAX_ATTEMPTS +1 to variable , if i do it with my code , the update only update once , once is == 1 it wont update anymore why?

but if i using

$attemtps_pdo = 'UPDATE `attempts` SET `MAX_ATTEMPTS`= `MAX_ATTEMPTS` +1 WHERE `IP` = ?';

it work perfectly.

Answer 1

Just try the incrementation :

UPDATE attempts SET MAX_ATTEMPTS++ WHERE IP = ?

Answer 2

Alternative solutions:

Assuming it will always update by 1 every time the sql gets executed and assuming $value1 is the value currently in the database for MAX_ATTEMPTS. What I would suggest is to it when you bind the parameters:

$results->bindValue(2, (int)$values1 + 1);

Your sql will be:

$attemtps_pdo = 'UPDATE `attempts` SET `MAX_ATTEMPTS`= ? WHERE `IP` = ?';

OR

Add a database query to find the latest value of MAX_ATTEMPTS and pass it as $value1 which realizes the assumption made in the previous solution.

Answer 3

Because you are not referencing the MAX_ATTEMPTS column when you BIND the variable $db_attempts into your SQL query. Binding prevents stuff like this, because it could potentially lead to SQL injection.

In other words, your second example IS the correct way of doing this. If you want this to be dynamic (eg. if $db_attempts can change), then you have to build the query using string concatenation.