PHP: MySQL query duplicating update for no reason
- by ThinkingInBits
The code below is first the client code, then the class file.
For some reason the 'deductTokens()' method is calling twice, thus charging an account double.
I've been programming all night, so I may just need a second pair of eyes:
    if ($action == 'place_order') {
    if ($_REQUEST['unlimited'] == 200) {
        $license = 'extended';
    } else {
        $license = 'standard';
    }
    if ($photograph->isValidPhotographSize($photograph_id, $_REQUEST['size_radio'])) {
        $token_cost = $photograph->getTokenCost($_REQUEST['size_radio'], $_REQUEST['unlimited']);
        $order = new ImageOrder($_SESSION['user']['id'], $_REQUEST['size_radio'], $license, $token_cost);
        $order->saveOrder();
        $order->deductTokens();
        header('location: account.php');
    } else {
        die("Please go back and select a valid photograph size");
    }
}
######CLASS CODE#######
<?php
include_once('database_classes.php');
class Order {
    protected $account_id;
    protected $cost;
    protected $license;
    public function __construct($account_id, $license, $cost) {
        $this->account_id = $account_id;
        $this->cost = $cost;
        $this->license = $license;
    }
}
class ImageOrder extends Order {
    protected $size;
    public function __construct($account_id, $size, $license, $cost) {
        $this->size = $size;
        parent::__construct($account_id, $license, $cost);
    }
    public function saveOrder() {
        //$db = Connect::connect();
        //$account_id = $db->real_escape_string($this->account_id);
        //$size = $db->real_escape_string($this->size);
        //$license = $db->real_escape_string($this->license);
        //$cost = $db->real_escape_string($this->cost);
    }
    public function deductTokens() {
        $db = Connect::connect();
        $account_id = $db->real_escape_string($this->account_id);
        $cost = $db->real_escape_string($this->cost);
        $query = "UPDATE accounts set tokens=tokens-$cost WHERE id=$account_id";
        $result = $db->query($query);
    }
}
?>
When I die("$query"); directly after the query, it's printing the proper statement, and when I run that query within MySQL it works perfectly.