update statement not working, also how to wrap two statements in one mysql query

Question

first of mysql statement is seems fine but will not run:

Statement:

$sql = "UPDATE ('bands') SET ('Stock' = 'Stock' - 1) WHERE ('Band_id' = '$Band_id')";

also I wish to run this statement and this one together:

$sql = "INSERT INTO orders (band_id,user_id,user_name,band_name,band_venue) VALUES('$band_id', '$user_id', '$user_name', '$name', '$venue')";

I know I need to do it in a transaction but ive google it and do not understand how to do this.

FULL CODE

    <?php
require 'core/init.php';
$user = new User();

$Band_id = mysql_real_escape_string($_GET['id']);
$band_id = mysql_real_escape_string($_POST['band']);
$name = mysql_real_escape_string($_POST['bandname']);
$venue = mysql_real_escape_string($_POST['bandvenue']);
$user_id = escape($user->data()->id);
$user_name = escape($user->data()->username);



 $sql = "INSERT INTO orders (band_id,user_id,user_name,band_name,band_venue) VALUES('$band_id', '$user_id', '$user_name', '$name', '$venue')";
//$sql = "UPDATE ('bands') SET ('Stock' = 'Stock' - 1) WHERE ('Band_id' = '$Band_id')";

mysql_query ($sql, $linkme)
    or die ("could not add to database");
?>

Answer 1

Change to

'UPDATE `bands` SET `Stock` = (`Stock` - 1) WHERE `Band_id` = ' . $Band_id . ')';

If you're using PDO (and you probably should be), this is what you need:

$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

$dbh = new PDO($dsn, $user, $password);

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$dbh->beginTransaction();
$dbh->exec('UPDATE `bands` SET `Stock` = (`Stock` - 1) WHERE `Band_id` = ' . $Band_id . ')');
$dbh->exec('INSERT INTO `orders` (`band_id`, `user_id`, `user_name`, `band_name`, `band_venue`) VALUES("'.$band_id.'", "'.$user_id.'", "'.$user_name.'", "'.$name.'", "'.$venue.'")');
$dbh->commit();

You could improve further by using prepared statements