PHP/SQL script to increment value of a record field is not updating the record

HTML:

<form>
    <input type="radio" name="grade" value=95 /> A<br />
    <input type="radio" name="grade" value=85 /> B<br />
    <input type="radio" name="grade" 开发者_开发百科value=75 /> C<br />
    <input type="radio" name="grade" value=65 /> D<br />
    <input type="radio" name="grade" value=50 /> F
</form>

PHP:

if (isset($_POST['grade'])) {
                    $name = $_POST['name'];
                    $grade = $_POST['grade'];
                    $sql = "UPDATE grade SET 
                    total=total+'$grade',
                    numvotes=numvotes+1 WHERE
                    name='$name'";

Hi everyone... I'm working on a project to add grades associated with names on a menu. My HTML code for the radial menu for the grade is above and my relevant SQL is shown as well. I want to add a NUMBER VALUE from the grade onto the "total" in my SQL database and increase the number of votes by 1. I'm not sure if my syntax is correct because the database neither gets an addition to its votes or grade total. Thanks!

EDIT: Part of the reason why I'm confused that this doesn't work is b/c when I go into the mySQL console, I can do an almost identical command (where instead '$grade' is a number) and it works. In the least I should get an error or maybe the numvotes should increase, but nothing.

EDIT2: Credit to Radu for catching this. My name menu doesn't function properly. After using $die after my SQL statement, I found that the names being selected from the dropdown menu were being interpreted as integers, not names. It is to be populated by the SQL names in the database. Here is my code.

<?php
    $query = mysql_query("SELECT name, id FROM grade");
    echo "<select name='name'>";
        while ($temp = mysql_fetch_assoc($query)) {
            echo "<option value='".$temp['name']."'>".$temp['name']."    </option>";
        }
    echo "</select>";
?>

EDIT3: After changing $temp['id'] to $temp['name'], I found that my die($sql) now reads:

UPDATE grade SET total=total+'95', numvotes=numvotes+1 WHERE name='charlie'

So the name is going in, but it's STILL not getting updated. Ideas?

---

You're using names as strings in the SQL query. So change the following:

echo "<option value='".$temp['id']."'>".$temp['name']."</option>";

to:

echo "<option>".htmlspecialchars($temp['name'])."</option>";

For live projects, always use htmlspecialchars() when echo()ing something to the browser, and always use mysql_real_escape_string() when composing SQL queries from user input.

For example, in a live project, you should always use $name = mysql_real_escape_string($_POST['name']) instead of simply $name = $_POST['name'].

---

remove , after

numvotes=numvotes+1

in your query

---

USERS
-----
id AUTO_INCREMENT
name

VOTES
-----
id AUTO_INCREMENT
user_id
grade

INSERT INTO votes (user_id, grade) VALUES (1, 95);
INSERT INTO votes (user_id, grade) VALUES (1, 85);
INSERT INTO votes (user_id, grade) VALUES (2, 75);

Then to get vote count for first user:

SELECT count(*) total_votes FROM votes WHERE user_id = 1;

And to get score:

SELECT sum(grade) total_score FROM votes WHERE user_id = 1;

This is untested, but should get you on the right track.

---

it might just be an oversight in your example, but the tag should be

<form method="post">

otherwise this condition will never trigger, as forms default to using GET method

if (isset($_POST['grade'])) {