MySql problem

[YoDevil]

Hi, I have this code and it is not working and I don't know why!

<?PHP
include 'conf/conn.php';

$username = $_POST['username'];
(int)$points = $_POST['points'];     //This is 2
$actualpoints_query = "SELECT points FROM users WHERE 'username'='$username'";   //This should be 1
$actualpoints =  mysql_query($actualpoints_query);
(int)$newpoints = $points + $actualpoints;   //This should be 3 but it is 6!

$ins = mysql_query("UPDATE users SET points = '$newpoints' WHERE 'username' = '$username'");
if ($ins)
	die ((string)$newpoints);   //This says me 6
else
	die ("Error: " . mysql_error());   //I'm not getting any errors
?>

The int points is 2, and the points actually in my username field are 1, but the result for newpoints is 6 and it doesn't update the field!

Can someone help me, please?

[Barand]

The first part of your code should be

$username = mysql_real_escape_string($_POST['username']);
$points = (int)$_POST['points'];     //This is 2

$actualpoints_query = "SELECT points FROM users WHERE 'username'='$username'";   
$actualpoints_result =  mysql_query($actualpoints_query);
$row = mysql_fetch_assoc($actualpoints_result);             // fetch the returned row
$actualpoints = $row['points'];         //This should be 1
$newpoints = $points + $actualpoints;   //This should be 3 but it is 6!

However that was unnecessary - all you need is an update query

$username = mysql_real_escape_string($_POST['username']); // protect against SQL injection
$points = (int)$_POST['points']; //This is 2

mysql_query("UPDATE users SET points = points + $points WHERE 'username'='$username' ");

[YoDevil]

I tryed doing like that but it doesn't update my field!

I verified, the username and the points variable are correct so i think the problem is in the update query

[Barand]

remove the single quotes from around the column name 'username'. Without the quotes it will be treated as a column name, with the quotes it is a string value

[YoDevil]

It worked, thank you!