0
$betadd = $user_data['bets'] + 1;
$username = $user_data['username'];
$userid = $user_data['user_id'];
$value = $_POST['wager'];
$setcoins = $user_data['coins'] -       $value;
mysql_query("INSERT INTO `multiplayer` (value, player1) VALUES ($value, $username)");

I had it inserting into the table at one point, but now it doesn't work, Value is an INT (11) and player1 is a VARCHAR(32). But it doesn't insert into the columns, can anyone help?

user2305310
  • 93
  • 7
  • Please see the manual page for [mysql_query()](http://php.net/mysql_query) for examples about how to read error messages. – Álvaro González Apr 28 '13 at 22:35
  • try to set your VALUES -always- in single/double quotes (depending your outer closures), even if they are numbers or ids. –  Apr 28 '13 at 22:38

2 Answers2

1

I would suggest you to encapsulate your variables and to debug your query by doing

mysql_query("INSERT INTO `multiplayer` (value, player1) VALUES ('$value', '$username')") or die(mysql_error());

Then I would like to remember you that mysql_ functions are deprecated so i would advise you to switch to mysqli or PDO and indeed you are at risk of sql injection, have a look here How can I prevent SQL injection in PHP?. You should use prepared statment to avoid any risk

Community
  • 1
  • 1
Fabio
  • 21,516
  • 12
  • 49
  • 63
  • Using "prepared statements" with place holders for parameters, also has the advantage of proper escaping of single quote, newline, backslash and so on. – Joop Eggen Apr 28 '13 at 22:42
0

change your 

mysql_query("INSERT INTO `multiplayer` (value, player1) VALUES ($value, $username)");

to this

mysql_query("INSERT INTO `multiplayer` (value, player1) VALUES ('{$value}', '{$username)}'");

you need to add quotes to your values when you add it to db.. also I would suggest you look into PDO or mysqli .. mysql_query is deprecated and is not safe..

Dins

Dinesh
  • 2,835
  • 16
  • 19