Code: Select all
<?php
ini_set ("display_errors", "1");
error_reporting(E_ALL);
require '/home/username/public_html/folder/config.php';
$username = mysql_real_escape_string($_SESSION['username']);
$price = mysql_real_escape_string($_POST["price"]);
$pro = mysql_real_escape_string($_POST["product"]);
$sql = "UPDATE users SET tokens=(tokens-$price) WHERE username='$username'";
mysql_query($sql);
echo "Thank you for buying $pro!";
?>