I have tried to change my old script from msql to mysqli or PDO. The script works when I send an Ajax call to the PHP file.
but when stored the letters are transformed in number and I need to insert letters and numbers on that table.
My code is:
//Lightly sanitize the GET's to prevent SQL injections and possible XSS attacks
$points = htmlentities($_REQUEST['points']);
// $statement = $dbh->prepare("UPDATE `users` SET user_points = user_points +'$points' WHERE user_id = " . $_SESSION['user']);
$statement = $dbh->prepare("UPDATE `users` SET user_id = user_id +'$points' WHERE id = 4 ");
$state = $statement->execute();
//$sql = mysql_query("INSERT INTO `publiadd_registervillageop`.`users` (`user_points`) VALUES ('points');");
//The query returned true - now do whatever you like here.
echo 'Your Points was saved. Congrats!';
//The query returned false - you might want to put some sort of error reporting here. Even logging the error to a text file is fine.
echo 'There was a problem saving your points. Please try again later.';
echo 'Your points wasnt passed in the request. Make sure you add ?name=NAME_HERE&score=1337 to the tags.';
Try using the MySQL CONCAT function.
"UPDATE `users` SET user_id = CONCAT('$points', user_id) WHERE id = 4"