Why my Condition in PHP doesn't work?

Question

Hello guys this is my PHP code that I written for decrease the "Credit" table on MySQL when people use from their Credit for buying facilities. But I want when their "Credit" is 0 they get Error that "Your Credit is not Enough , Please Buy a Credit" . But I see "echo" doesn't give this error ! What is the problem in my code ?

<?php
if (session_id() == "")
{
   session_start();
}
if (!isset($_SESSION['username']))
{
   $accessdenied_page = '';
   header('Location: '.$accessdenied_page);
   exit;
}
$mysql_server = 'localhost';
$mysql_username = '*******';
$mysql_password = '******';
$mysql_database = '******';
$mysql_table = 'details2';
$success_page = 'League.php';
$username = 'username';
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
      if (!$db)
      {
         die('Failed to connect to database server!<br>'.mysql_error());
      }
      mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());

$sql = "UPDATE `".$mysql_table."` SET `Credit` = `Credit` - 20  WHERE `username` = `".$username."` AND `Credit` >= 20";

mysql_query($sql, $db);


header('Location: '.$success_page);
exit;
?> 

Answer 1

First i will address your initial problem

The problem you encounter is, that you UPDATE query is built in a way, that it always update the table. If we take a closer look to the individual parts you can see the difference.

SET `Credit` = IF(Credit > 0, Credit - 20, 0) 

In the SET part you overwrite the value in the Credit column based in the if condition. The if condition always returns a value. If Credit has a value of 0 or less, it will be overwritten to 0, while it will be decreased by 20 in all other cases. This means there is an update in any case.

WHERE `username` = $username

The where clause limits the rows that are overwritten, but just compares the username column to the given username.

So to limit your UPDATE to only those rows, that have the given username and the fitting amount of credits, you would need to pack both conditions into the WHERE block of your UPDATE query:

UPDATE table 
SET `Credit` = `Credit` - 20 
WHERE `username` = $username AND `Credit` >= 20;

With this condition only those rows will be updated, that contain the given username and also have enough credits.

Further problems

You are using deprecated database functions. This means, that those functions do not fulfill todays standards. You should learn about mysqli prepared statements or PDO prepared statements to use modern tools.

Answer 2

<?php
if (session_id() == "")
{
   session_start();
} 
if (!isset($_SESSION['username']))
{
   $accessdenied_page = '';
   header('Location: '.$accessdenied_page);
   exit;
}

// NOTE: your $username should be reflected in the actual username from the User...
$username = 'username';    
$success_page = './League.php';
$dbservername = 'localhost';
$dbusername = 'bceus_user';
$dbpassword = 'password';
$dbname = 'bceus_data';
$dbtable = 'details2';
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
$sql = "Select Credit from `".$dbtable."` WHERE `username` = `".$username."`";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) {
        if ($row['Credit'] < 20) {
            echo "Your Credit is not Enough , Please Buy a Credit";
        }    
        else {
           $sql2 = "update `".$dbtable."` set Credit = Credit - 20 WHERE `username` = `".$username."`";
           $conn->query($sql2);
        }
    }
} else {
    echo "0 results";
}
$conn->close();
header('Location: '.$success_page);
exit;
?>