Error updating database PHP

After submitting a payment form (credit cards, etc) to our payment gateway, we receive the "response_code" 1 when the payment is approved. We then use the following code to update a user's info in the database to reflect the approved transaction.

However, about every 1 out of 10 times, a u开发者_StackOverflow中文版ser's info simply will not update even though the transaction returned an approved response. Is anything clearly wrong with this code? Or perhaps the response_code does not equal 1 for some reason?

<?php
session_start();
if ($_GET['response_code'] == 1)
{ 
require('scripts/global.php'); //connect to database
$email = $_SESSION['email'];
$level = 3;
$transaction_id = "" . htmlentities($_GET['transaction_id']);
mysql_query ("UPDATE `users` SET level = '$level', trans_id = '$transaction_id' WHERE `email` = '$email'"); //update user info
$error = "false";
}
else
{
$noerror = "true";
$message = "Sorry, an error occurred: " . htmlentities($_GET['response_reason_text']);
}
?>

Probably because there has been a session timeout? The WHERE uses the e-mail address, if this is not valid (not there) then you probably won't get an update.

Maybe you should check for transaction ID (or similar). I guess you've got something like that before the transaction starts?

edit: Also store if an error occurs, and try to store variables you need too. This makes it a lot easier to pinpoint the problem. Use a logfile for this for example.

Beyond the obvious security holes, you're not checking the results of your query. Try using mysql_error() and mysql_affected_rows() to see whether anything was updated. When either indicates something unusual, you'll also want to see the exact text of the query that ran. Things to check:

• Was $email empty?
• Did $transaction_id or $email have any apostrophes?
• Do you have duplicate email addresses in the database?
• Had the user already been set to level 3?
• Did you lose connection to the database?
• Did your script get called at all?