You can only make alterations in the context of one conflicting row in the ON DUPLICATE KEY area. Further, this is, as far as I know, a property of the INSERT statement.
What you need is a simple ledger where you record the additions and subtractions from a balance, then tabulate those either manually or using triggers.
For instance, the simplest approach is:
This might be more easily represented as a pair of entries:
INSERT INTO points_adjustments (boardId, points)
VALUES (?, ?)
You'd add one entry for +n points, and a matching one for -n. At any time you can get a balance using SUM(points). You could wrap this up in a VIEW to make retrieval easier, or if you want, denormalize the sums into a column of another table using a trigger.
A simple trigger would issue the following statement for each affected boardId:
INSERT INTO balances (boardId, points) VALUES (?, ?)
ON DUPLICATE KEY SET points=points+VALUES(points)
This avoids key collisions in the first place and provides an auditable record of the transactions that occurred.
In any case, to do all of this automatically you'd probably have to use a trigger.
I like this solution, but I never used triggers before I guess it's time for me to do so. As about escaping... $from = (int)mysql_real_escape_string($_REQUEST['from']); $to = (int)mysql_real_escape_string($_REQUEST['to']); $delete = $condition[mysql_real_escape_string($_REQUEST['delete'])]; $contest = $condition[mysql_real_escape_string($_REQUEST['contest'])]; is there anything more I could do?
Yes. Triggers would be the logical next step. Automated deletes on constraint violations was an ambitious thought :)
Any use of mysql_real_escape_string in the year 2012 is terrifying. Please, for your own sanity use something sensible like PDO. With SQL placeholders this would literally collapse to two easy, readable lines. If you use ? or, better, named parameters, then you're just a bindParam call or two away from safety. It takes all of thirty minutes to learn how to use PDO effectively.
This is also the "Help, I'm having trouble with my stone arrow, how to spear mastadon" type of answer. There are many good ORM database layer packages for PHP that would make this kind of database work considerably easier. Making low-level SQL calls and hand-writing queries is not fun and not very productive.