Can someone help me implement a SQL change

I am wanting to make this happen when an invoice is created as I am making a simple stock control if someone can help

> $db_up = mysql_query("SELECT * FROM `ip_products` WHERE `product_name`='$invoice_item->item_name'") or die(mysql_error());
>             $up_db = mysql_fetch_array($db_up);
>             $up_db_quantity = $up_db[product_stock]-$invoice_item->item_quantity;
>             
>             $new_up = mysql_query("UPDATE `ip_product` SET `product_stock`='$up_db_quantity' WHERE `product_name`='$up_db[product_name]'") or die(mysql_error());

It’s better to work with prepared statements to avoid sql injection (and/or other) issues: http://php.net/manual/en/pdo.prepared-statements.php