Codeigniter, increase database value by value contained in variable

Question

I am using codeigniter, and I have the following function in my model to give points to the user. It is however not working, rather setting the points column to 0.

This is how it is written in the codeigniter manual. Therefore I have no clue why it is not working...

Thanks

function give_points($username,$points)
{
    $this->db->set('points', 'points + $points');
    $this->db->where('username', $username);
    $this->db->update('users'); 
    echo"done";
}

Answer 1

I believe you have to tell CI specifically to not escape the text. I don't have a CI installation handy to test this in, but I think it was something like:

$this->db->set('points', 'points + ' . (int) $points, FALSE);

Answer 2

Not sure this is the cause of your problem, but you are using single quotes, on the following lines :

$this->db->set('points', 'points + $points');

With this, the $points string will be injected as-is, literally, into your SQL query -- it's not its value that's going to be used.

If you want $points to be interpolated (so its value is put in its place, in that string) , you must use double quotes :

$this->db->set('points', "points + $points");

For more informations about variable interpolation, see the Variables parsing section of the PHP Manual.

Answer 3

If there is a chance, always check the created SQL query - I do not know how to do it with CI.

However, your set() looks flawed.

$this->db->set('points', "points + $points");

Previously, $points was part of the string , and not expanded by the contents of $points , due to you using a single quote instead of a double quote - see the manual regarding strings in PHP.

$this->db->set('points', 'points + ' . (int) $points);

A slighty better code is the one above, as it defeats possible SQL injection , depending on where $points originally comes from.