trackchat - 1:54 pm on Apr 4, 2013 (gmt 0)
Honestly, it's tricky to say without knowing a bit more about how the logic is meant to work, and how the userId column works in the database.
One separate issue that immediately jumps out, however, is that you need to, right now, change this code so that you use prepared statements for your database calls. Example using PDO (which can be used for MySQL) here: [php.net...]
Right now, by using variables directly in your SQL statements like this, you're vulnerable to SQL injection, which could cause all manner of issues for you.