Help With DB Check[Solved]

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
User avatar
MikeD
Posts: 294
Joined: Thu Sep 08, 2011 4:28 am

Help With DB Check[Solved]

Post by MikeD »

I'm trying to check the DB to see if the character is in the arena already, if not and the arena hasn't started a join button should appear, however it's not working the way I want it. It will not go to through to elseif ($result != mysql_query($SQL1)) //not joined

even though this character isn't in the arena. Can't figure out why :(

Code: Select all

    $SQL1="SELECT * FROM `ffatb` WHERE `charname`='$warriorinfo3[charname]'";
    if ($result = mysql_query($SQL1))
    {
    echo $cid;
    //if ($status== 'locked')
    //{
    //actions
    //}
    //elseif ($status== 'unlocked')
    //{

    //countdown to start
    //}
    }
    elseif ($result != mysql_query($SQL1)) //not joined
    {
    if ($status== 'locked')
    {
    echo "<p>Sorry You Are To Late, The Arena Has Already Started</p>";
    }
    elseif ($status== 'unlocked')
    {

    echo "<form method='post' action='freeforalltb.php?id=$cid'> <input type='submit' name='join' value='Join Arena' />";
    ?>
</form>
Last edited by MikeD on Wed Nov 02, 2011 2:47 pm, edited 2 times in total.
Top
User avatar
Jackolantern
Posts: 10891
Joined: Wed Jul 01, 2009 11:00 pm

Re: Help With DB Check

Post by Jackolantern »

This can't be the whole script. Where are $cid and $status set?
The indelible lord of tl;dr
Top
User avatar
MikeD
Posts: 294
Joined: Thu Sep 08, 2011 4:28 am

Re: Help With DB Check

Post by MikeD »

That is just the part that isn't working, here's the full script.

Code: Select all

<?php
if (isset($_GET['id']))
{
$cid=$_GET['id'];

$warriorinfo="SELECT * FROM `characters` WHERE `cid`='$cid'";
$warriorinfo2=mysql_query($warriorinfo) or die("could not get character stats!");
$warriorinfo3=mysql_fetch_array($warriorinfo2);

if ($pid != $warriorinfo3['pid'])
{
echo "<p>This Warrior doesn't belong to you!</p>";
exit;
}
elseif ($pid == $warriorinfo3['pid'])
{ 
$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$warriorinfo3[charname]'";
if ($result = mysql_query($SQL1))
{
echo $cid;
//if ($status== 'locked')
//{
//actions
//}
//elseif ($status== 'unlocked')
//{

//countdown to start
//}
}
elseif ($result != mysql_query($SQL1)) //not joined
{
if ($status== 'locked')
{
echo "<p>Sorry You Are To Late, The Arena Has Already Started</p>";
}
elseif ($status== 'unlocked')
{

echo "<form method='post' action='freeforalltb.php?id=$cid'> <input type='submit' name='join' value='Join Arena' />";
?>
</form>
<?php
}

}}}
$sql ="SELECT * FROM `ffatb` WHERE `charname`=`charname`";
if ($result = mysql_query($sql))
{
?>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<td>
<tr>
<th align="center">Free For All - TB</th>
</tr>
<tr>
<td>
<?php
while ($row=mysql_fetch_row($result))
{
echo " ~ $row[1] ~ "; 
}}
?>
</td>
</tr>
</table>
<?php
if (isset($_POST['join']))
{
$updatedb="INSERT into `ffatb` (`username`, `charname`) VALUES ('$player','$warriorinfo3[charname]')";
mysql_query($updatedb) or die("Could insert into Arena");
}
?>
Top
User avatar
Jackolantern
Posts: 10891
Joined: Wed Jul 01, 2009 11:00 pm

Re: Help With DB Check

Post by Jackolantern »

And what exactly is it doing? It just stops at one point in the script? No errors or anything?
The indelible lord of tl;dr
Top
User avatar
MikeD
Posts: 294
Joined: Thu Sep 08, 2011 4:28 am

Re: Help With DB Check

Post by MikeD »

Yes it is stopping in the wrong spot. The character isn't in the arena, so a join button should appear, however it's stopping at the "echo $cid;"
Top
User avatar
Jackolantern
Posts: 10891
Joined: Wed Jul 01, 2009 11:00 pm

Re: Help With DB Check

Post by Jackolantern »

I have actually had an odd problem before with PHP not liking a reference to an associative array in a SQL statement. I believe Chris explained one time why it doesn't like this, but I can't remember. So instead of:

Code: Select all

$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$warriorinfo3[charname]'";
...try this:

Code: Select all

$charname = $warriorinfo3[charname];
$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$charname'";
Try this simple fix and see if that doesn't work any better. If not, I will look into it a bit further, but I know I have had issues with that before.
The indelible lord of tl;dr
Top
User avatar
Chris
Posts: 1581
Joined: Wed Sep 30, 2009 7:22 pm

Re: Help With DB Check

Post by Chris »

The first thing that I didn't understand is where $status is coming from. With that in mind, it might be a good idea to write down op paper what your script has to do in normal writing before making it. This will help you figure out the steps you have to take and will speed up the process rather than continuous trial and error.

A few things I'd like to ask about this script first however.

1. What is the first if statement for?

Code: Select all

if( isset($_GET['id']) ) 
Is this to control if the page name has been set? If so you will also want to check the REQUEST_URI to make sure you're on the template's script page and not the script itself.

Code: Select all

if( isset($_GET['id']) && $_SERVER['REQUEST_URI'] == '/index.php' ) 
. Otherwise I could type in the path to your script and still pass an id to it, making this check useless.

2. You might need to control more on how you insert information in your SQL queries:

Code: Select all

$warriorinfo="SELECT * FROM `characters` WHERE `cid`='$cid'";
$warriorinfo2=mysql_query($warriorinfo) or die("could not get character stats!");
$warriorinfo3=mysql_fetch_array($warriorinfo2); 
If I were to change the url to something like:

Code: Select all

http://example.com/page.php?id=whatever&cid=1' OR '2
Your SQL query would now look like:

Code: Select all

SELECT * FROM `characters` WHERE `cid`='1' OR '2'
You might as well just be saying goodbye to your database when a hacker finds out he can have some fun. Always use proper injection control. Here's a good tutorial:
http://www.tizag.com/mysqlTutorial/mysq ... ection.php

Onto what the script has to do. I read through your code and guessed you have a table with a list of characters in the arena called ffatb. Then you go onto a bit that checks the arena status to see whether or not it is closed, this is where you randomly call a variable $status from nowhere. I think you forgot to complete your script again :P

good luck ;)
Fighting for peace is declaring war on war. If you want peace be peaceful.
Top
User avatar
MikeD
Posts: 294
Joined: Thu Sep 08, 2011 4:28 am

Re: Help With DB Check

Post by MikeD »

Chris wrote:The first thing that I didn't understand is where $status is coming from. With that in mind, it might be a good idea to write down op paper what your script has to do in normal writing before making it. This will help you figure out the steps you have to take and will speed up the process rather than continuous trial and error.

A few things I'd like to ask about this script first however.

1. What is the first if statement for?

Code: Select all

if( isset($_GET['id']) ) 
Is this to control if the page name has been set? If so you will also want to check the REQUEST_URI to make sure you're on the template's script page and not the script itself.

Code: Select all

if( isset($_GET['id']) && $_SERVER['REQUEST_URI'] == '/index.php' ) 
. Otherwise I could type in the path to your script and still pass an id to it, making this check useless.

2. You might need to control more on how you insert information in your SQL queries:

Code: Select all

$warriorinfo="SELECT * FROM `characters` WHERE `cid`='$cid'";
$warriorinfo2=mysql_query($warriorinfo) or die("could not get character stats!");
$warriorinfo3=mysql_fetch_array($warriorinfo2); 
If I were to change the url to something like:

Code: Select all

http://example.com/page.php?id=whatever&cid=1' OR '2
Your SQL query would now look like:

Code: Select all

SELECT * FROM `characters` WHERE `cid`='1' OR '2'
You might as well just be saying goodbye to your database when a hacker finds out he can have some fun. Always use proper injection control. Here's a good tutorial:
http://www.tizag.com/mysqlTutorial/mysq ... ection.php

Onto what the script has to do. I read through your code and guessed you have a table with a list of characters in the arena called ffatb. Then you go onto a bit that checks the arena status to see whether or not it is closed, this is where you randomly call a variable $status from nowhere. I think you forgot to complete your script again :P

good luck ;)
The status is set at the top of the script after the session stuff. As for the injection thing, I have a check to make sure that the Cid belongs to the player, if it doesn't the page won't complete. However I will be switching that into a session soon anyways. I will check out that tutorial, thanks :)
Jackolantern wrote:I have actually had an odd problem before with PHP not liking a reference to an associative array in a SQL statement. I believe Chris explained one time why it doesn't like this, but I can't remember. So instead of:

Code: Select all

$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$warriorinfo3[charname]'";
...try this:

Code: Select all

$charname = $warriorinfo3[charname];
$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$charname'";
Try this simple fix and see if that doesn't work any better. If not, I will look into it a bit further, but I know I have had issues with that before.
Nope still getting stuck at

Code: Select all

if ($result = mysql_query($SQL1))
{
echo $cid;
even though the query should be unsuccessful.
Top
User avatar
Chris
Posts: 1581
Joined: Wed Sep 30, 2009 7:22 pm

Re: Help With DB Check

Post by Chris »

MikeD wrote:As for the injection thing, I have a check to make sure that the Cid belongs to the player.
I don't think you fully understand what I mean by "injection". I recommend you have a good read over that tutorial.

Could you also maybe give us a copy of the table structure, and the code where $status is. This will give us a better insight of what the script is supposed to be doing.

Jackolantern wrote:I have actually had an odd problem before with PHP not liking a reference to an associative array in a SQL statement. I believe Chris explained one time why it doesn't like this, but I can't remember.
Too be honest I don't actually fully understand why $array[key_that_could_be_a_constant] can be passed as a string without using quotation marks.

What I could do is define a constant and then things start acting weird if PHP warnings are turned off.

Code: Select all

define( 'hello', 'world' );

// now make an array with the key world
$array = array( 'world' => 'How\'s it orbiting?' );

echo hello; // world

// becomes $array['world']
echo $array[hello]; // How's it orbiting?

$array = array( hello => 'world' );
print_r($array); // Array ( [world] => world )


$array = array( myKey => 'my value' ); // notice undefined constant myKey, assumed 'myKey' <- the major issue I find
print_r($array); // Array ( [myKey] => my value )

echo $array[myKey]; // my value, notice undefined constant myKey, assumed 'myKey'
echo $array['myKey']; // my value

echo "$array[myKey]"; // my value
echo "{$array['myKey']}"; // my value

// echo "$array['myKey']"; // Parse syntax error    
Fighting for peace is declaring war on war. If you want peace be peaceful.
Top
User avatar
MikeD
Posts: 294
Joined: Thu Sep 08, 2011 4:28 am

Re: Help With DB Check

Post by MikeD »

Here is the full page from top to bottom

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
  <head>
  <meta http-equiv="content-type" content="text/html;charset=utf-8" />
  <meta name="generator" content="PSPad editor, www.pspad.com">
  <link rel="stylesheet" type="text/css" href="index.css" />
  <title>Warriors Realm</title>

  
  </head>
  <body>
<?php
  include_once 'connect.php';
  session_start();

  if (isset($_SESSION['player']))
{
  $player=$_SESSION['player'];
}
else
{
  
  header( 'Location: http://localhost/warrior/login.php' );
  exit;
}
    $status='unlocked';
    $playerinfo="SELECT * FROM `users` WHERE `username`='$player'";
    $playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
    $playerinfo3=mysql_fetch_array($playerinfo2);
    
    $pid=$playerinfo3['pid'];
    
?>
<div id="header" align="center">
  <p><a href="home.php" />Home</a> <a href="forum/index.php" />Forum</a> <div class="armory"> <a href="armory.php" />Armory</a> <a href="store.php" />Store</a> <a href="cards.php" />Cards</a>  <a href="arenas.php" />Arenas</a></p> 
  <p><a href="rankings.php" />Rankings</a> <a href="help.php" />Help</a> <a href="teams.php" />Teams</a> <a href="alliances.php" />Alliances</a> <a href="market.php" />Market</a> <a href="support.php" />Support</a> <a href="logout.php" />Log Out</a></p>
<?php
echo "<p>Welcome " . $player . "</p>";
?> 
  
</div>

<div id="body" align="center">
<?php
if (isset($_GET['id']))
{
$cid=$_GET['id'];

$warriorinfo="SELECT * FROM `characters` WHERE `cid`='$cid'";
$warriorinfo2=mysql_query($warriorinfo) or die("could not get character stats!");
$warriorinfo3=mysql_fetch_array($warriorinfo2);

if ($pid != $warriorinfo3['pid'])
{
echo "<p>This Warrior doesn't belong to you!</p>";
exit;
}
elseif ($pid == $warriorinfo3['pid'])
{ 
$charname = $warriorinfo3['charname'];
$SQL1="SELECT * FROM `ffatb` WHERE `charname`='$charname'";
if ($result = mysql_query($SQL1))
{
echo $cid;
//if ($status== 'locked')
//{
//actions
//}
//elseif ($status== 'unlocked')
//{

//countdown to start
//}
}
elseif ($result != mysql_query($SQL1)) //not joined
{
if ($status== 'locked')
{
echo "<p>Sorry You Are To Late, The Arena Has Already Started</p>";
}
elseif ($status== 'unlocked')
{

echo "<form method='post' action='freeforalltb.php?id=$cid'> <input type='submit' name='join' value='Join Arena' />";
?>
</form>
<?php
}

}}}
$sql ="SELECT * FROM `ffatb` WHERE `charname`=`charname`";
if ($result = mysql_query($sql))
{
?>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<td>
<tr>
<th align="center">Free For All - TB</th>
</tr>
<tr>
<td>
<?php
while ($row=mysql_fetch_row($result))
{
echo " ~ $row[1] ~ "; 
}}
?>
</td>
</tr>
</table>
<?php
if (isset($_POST['join']))
{
$updatedb="INSERT into `ffatb` (`username`, `charname`) VALUES ('$player','$charname')";
mysql_query($updatedb) or die("Could insert into Arena");
}
?>
</div>

<div id="sidebar" align="left">
        <p><div class="warriors"><a href="mywarriors.php" />My Warriors</a></div>
        <p><div class="tactics"> <a href="tactics.php" />Tactics</a> </div>
        <p><div class="battle"> <?php echo " <a href='battle.php?id=$cid'" ?>/>Battles</a></div>
        <p><div class="dungeons"> <a href="dungeons.php" />Dungeons</a></div>
        <p><div class="armory"><?php echo " <a href='armory.php?id=$cid'" ?>/>Armory</a></div>
        <p><div class="cards"><a href="cards.php" />Cards</a></div>
        <p><div class="cards"><a href="arenaactions.php?id=$cid" />Arena Actions</a></div>
<?php 
  if ($warriorinfo3['clanid'] !=0)
  {
       echo "<p><div class='myteam'> <a href='myteam.php' />My Team</a></div>";
       echo "<p><div class='myalliance'> <a href='myalliance.php' />My Alliance</a></div>";
  }
  else {
        echo "<p><div class='teams'> <a href='teams.php' />Join Team</a></div>";
       }     
?>
        <p><div class="equipment">
        <?php 
        
       echo "<a href='equipment.php?id=$cid' />My Equipment</a></div>";
       
?>
</div>
<div id="footer" align="center">
<p>Copyright, privacy and terms info</p>
</div>

  </body>
</html>
Top
Post Reply

Return to “Beginner Help and Support”