isset and variables

[alexrules01]

I finally understand the isset function! It took a while. But I don't know how to set the the variables
SO I got this (at the end of the page, and it links to the same page)
print "<a href='firstdog.php?chosendog=1&randomintellect=$randomintellect&randomkeeness=$randomkeeness&randomaggresiveness=$randomaggresiveness&weight=$weight&gender=$gender'> Buy Dog </a>"

And this at the top
if(isset($_GET['chosendog']))

I copied the structure of the link from Urban Realms, but I'm not sure how to get the variables working. I keep gettng the 'Undefined Variable randomintellect' etc etc.

Heres the whole page

firstdog.php

Code: Select all

<?php
include_once 'connect.php';
session_start();

?>

<?php
if (isset($_SESSION['player']))
{
  $player=$_SESSION['player'];
}
else
{
  echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
  exit;
}
?>

<?php

$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);

$pid = $playerinfo3['id'];

if(isset($_GET['chosendog']))
{
	print "You chose the small but speedy greyhound!";
	$updategreyhound="INSERT into greyhounds (pid,speed,intellect,size,weight,keeness,aggresiveness,gender,brokein) VALUES ('$pid','5','$randomintellect','small','$weight','$randomkeeness','$randomaggresiveness','$gender','1')";
	    mysql_query($updategreyhound) or die("Could not update map");
}

if(isset($_GET['chosendog2']))
{
	$updatemap="Update map set crname='$crinfo3[name]',crhp='$crinfo3[hp]' where mapr='$playerinfo3[mapr]' AND mapc='$playerinfo3[mapc]'";
	    mysql_query($updatemap) or die("Could not update map");
}

if(isset($_GET['chosendog3']))
{
	$updatemap="Update map set crname='$crinfo3[name]',crhp='$crinfo3[hp]' where mapr='$playerinfo3[mapr]' AND mapc='$playerinfo3[mapc]'";
	    mysql_query($updatemap) or die("Could not update map");
}

if(isset($_GET['chosendog4']))
{
	$updatemap="Update map set crname='$crinfo3[name]',crhp='$crinfo3[hp]' where mapr='$playerinfo3[mapr]' AND mapc='$playerinfo3[mapc]'";
	    mysql_query($updatemap) or die("Could not update map");
}
	


///////////// Dog 1 //////////////////
$randomweight = rand(1,4);
if ($randomweight == 1) {$weight = 22;}
if ($randomweight == 2) {$weight = 23;}
if ($randomweight == 3) {$weight = 24;}
if ($randomweight == 4) {$weight = 25;}

$randomgender = rand(1,2);
if ($randomgender == 1)
	{
		$gender = "Male";
	}
else
	{
		$gender = "Female";
	}

$randomintellect = rand(1,100);
$randomkeeness = rand(1,100);
$randomaggresiveness = rand(1,100);

///////////// Dog 2 //////////////////
$randomweight2 = rand(1,4);
if ($randomweight2 == 1) {$weight2 = 26;}
if ($randomweight2 == 2) {$weight2 = 27;}
if ($randomweight2 == 3) {$weight2 = 28;}
if ($randomweight2 == 4) {$weight2 = 29;}

$randomgender2 = rand(1,2);
if ($randomgender2 == 1)
	{
		$gender2 = "Male";
	}
else
	{
		$gender2 = "Female";
	}
	
$randomintellect2 = rand(1,100);
$randomkeeness2 = rand(1,100);
$randomaggresiveness2 = rand(1,100);

///////////// Dog 3 /////////////////
$randomweight3 = rand(1,4);
if ($randomweight3 == 1) {$weight3 = 30;}
if ($randomweight3 == 2) {$weight3 = 31;}
if ($randomweight3 == 3) {$weight3 = 32;}
if ($randomweight3 == 4) {$weight3 = 33;}

$randomgender3 = rand(1,2);
if ($randomgender3 == 1)
	{
		$gender3 = "Male";
	}
else
	{
		$gender3 = "Female";
	}
	
$randomintellect3 = rand(1,100);
$randomkeeness3 = rand(1,100);
$randomaggresiveness3 = rand(1,100);

////////////// Dog 4 ////////////////
$randomweight4 = rand(1,4);
if ($randomweight4 == 1) {$weight4 = 34;}
if ($randomweight4 == 2) {$weight4 = 35;}
if ($randomweight4 == 3) {$weight4 = 36;}
if ($randomweight4 == 4) {$weight4 = 37;}

$randomgender4 = rand(1,2);
if ($randomgender4 == 1)
	{
		$gender4 = "Male";
	}
else
	{
		$gender4 = "Female";
	}
	
$randomintellect4 = rand(1,100);
$randomkeeness4 = rand(1,100);
$randomaggresiveness4 = rand(1,100);

?>



<div id="apDiv1">Banner</div>
<div id="apDiv2">
  <table width="824" height="286" border="0">
    <tr>
      <td height="41" align="center">Dog 1</td>
      <td align="center">Dog 2</td>
      <td align="center">Dog 3</td>
      <td align="center">Dog 4</td>
    </tr>
    <tr>
      <td height="239" valign="top"><p>Gender: <?php print $gender; ?><br>
        Size: Small<br>
        Weight: <?php print $weight; ?>
      </p>
        <p>Speed: 5<br>
          Endurance: 1<br>
          Stamina: 1<br>
          Strength: 1</p>
        <p>Intellect: <?php print $randomintellect; ?><br>
          Keeness: <?php print $randomkeeness; ?><br>
          Aggresiveness: <?php print $randomaggresiveness; ?>
        </p>
        <p> <br>
      </p></td>
      <td valign="top"><p>Gender: <?php print $gender2; ?><br>
        Size: Medium-Small<br>
        Weight: <?php print $weight2; ?>
      </p>
        <p>Speed: 1<br>
          Endurance: 5<br>
          Stamina: 1<br>
          Strength: 1</p>
        <p>Intellect: <?php print $randomintellect2; ?><br>
          Keeness: <?php print $randomkeeness2; ?><br>
          Aggresiveness: <?php print $randomaggresiveness2; ?>
        </p></td>
      <td valign="top"><p>Gender: <?php print $gender3; ?><br>
        Size: Medium<br>
        Weight: <?php print $weight3; ?>
      </p>
        <p>Speed: 1<br>
          Endurance: 1<br>
          Stamina: 5<br>
          Strength: 1
        </p>
      <p>Intellect: <?php print $randomintellect3; ?><br>
        Keeness: <?php print $randomkeeness3; ?><br>
        Aggresiveness: <?php print $randomaggresiveness3; ?>
      </p></td>
      <td valign="top"><p>Gender: <?php print $gender4; ?><br>
        Size: Big<br>
        Weight: <?php print $weight4; ?>
      </p>
        <p>Speed: 1<br>
          Endurance: 1<br>
          Stamina: 1<br>
          Strength: 5</p>
      <p>Intellect: <?php print $randomintellect4; ?> <br>
        Keeness: <?php print $randomkeeness4; ?><br>
        Aggresiveness: <?php print $randomaggresiveness4; ?>
      </p></td>
    </tr>
  </table>
  <table width="823" border="0">
    <tr>
      <td width="174" height="26" align="center"><?php print "<a href='firstdog.php?chosendog=1&randomintellect=$randomintellect&randomkeeness=$randomkeeness&randomaggresiveness=$randomaggresiveness&weight=$weight&gender=$gender'> Buy Dog </a>" ?></td>
      <td width="171" align="center"><?php print "<a href='firstdog.php?chosendog2=1'> Buy Dog </a>" ?></td>
      <td width="285" align="center"><?php print "<a href='firstdog.php?chosendog3=1'> Buy Dog </a>" ?></td>
      <td width="175" align="center"><?php print "<a href='firstdog.php?chosendog4=1'> Buy Dog </a>" ?></td>
    </tr>
  </table>

[Jackolantern]

You have to actually $_GET every value out of the URL before you can use them. I am not sure what those "$_GET['chosendog3'] things are, since it looks like you only have a $_GET['chosendog'] value. If you do not have a variable called 'chosendog3', 'chosendog2', etc. in the URL, they will never be set. Then you will have to use something like $randomintellect = $_GET['randomintellect'] on each of the named variables in the URL to make a short variable name if you want to use them like that in a SQL query.

[Callan S.]

Code: Select all

if(isset($_GET['chosendog']))
   {
   $chosendog = $_GET['chosendog'];
   // now use $chosendog as the variable you work with
   {
   else
   {
   echo "Ah crap, they didn't put the info in the url, now what the heck am I gunna do? Probably send them back to the page telling them to choose this time!";
   }

Does that get what you were shooting for, Alex?

[alexrules01]

Ahh thanks Jackolantern! I thought I was missing something I've seen before. And those variables will be used, just very similar to what I was trying to do. And Callan, thanks. I get what you have to do now... I don't know why I didn't figure it out before
I will try it out right now

[Jackolantern]

As a quick check, are you sure you want to allow players to choose their dog stats in GET values? Remember that players can just copy the link location, alter the values and go to the page(faked stats and all), and without any kind of checks, whatever values they enter will be what is added to the database.

If this is a problem, what you can do is only send the value of the player's dog choice in the GET values in the URL, and on the processing script simply use that dog choice to select the rest of the stats and enter it into the database on the same page. As it stands, this script will allow any user to enter whatever stats they want into your database.

[alexrules01]

I understand what the problem is, but i dont understand what the second paragraph means?

Also I got all the variables to work with the GET function... but they still won't insert into the database.

I have this

$insertgreyhound="INSERT INTO greyhounds (pid,speed,intellect,size,weight,keeness,aggresive,gender,brokein) VALUES ('$pid','5','$intellect','Small','$weight','$keeness','$aggresiveness','$gender','1')";
mysql_query($insertgreyhound) or die("could not insert into greyhounds");
All the variables are set, and the table i want to insert into is calld greyhounds, so I'm not exactly sure what the problem is, probably some easy one.

[Jackolantern]

I will write some page logic to try to illustrate what I mean:

Right now, you have it set up something like this:

choosedog.php

Code: Select all

Player selects dog.

Dog's stats are determined.

Those stats are put into the URL with GET values.

Go to processdog.php

processdog.php

Code: Select all

Get the dog's stats out of the URL's GET values.

Record those dog stats into the database.

Since the problem occurs with the "Those stats are put into the URL with GET values" and "Get the dog's stats out of the URL's GET values", we are going to remove those parts:

newchoosedog.php

Code: Select all

Player selects dog.

Only the type of the dog that the player chose are entered into the URL's GET values.

Go to newprocessdog.php

newprocessdog.php

Code: Select all

Get the player's dog choice out of the URL's GET value. No stats will be stored in the URL.

Determine the stats based on the dog.

Record those stats into the database.

Now only the dog type is being stored in the URL, and that is fine because you are letting the player choose their dog anyway (if however that is not how your game works, then the script is going to have to be structured differently). The important thing is that the stats of the dog are calculated in the same script that enters it into the database because there is no 100% safe way to pass variables back and forth between scripts. That means that something as sensitive as new player stats to be recorded into the database definitely should not be passed that way. $_GET is the most insecure method of passing variables, and nothing should be passed that way that you would not want the player to enter in directly themselves. $_POST is a tiny bit more secure, but advanced users can still submit whatever info they want through special applications or browser features. $_SESSION is much more secure than the previous two methods, since we have now moved all the data onto the server, with it never passing back to the user. However, there still are some exploits that can target session data. The most secure method is to take it completely out of the user's hands and calculate your sensitive data and enter it into the database in the same script.

[Callan S.]

Code: Select all

$insertgreyhound="INSERT INTO greyhounds (pid,speed,intellect,size,weight,keeness,aggresive,gender,brokein) VALUES ('$pid','5','$intellect','Small','$weight','$keeness','$aggresiveness','$gender','1')";
mysql_query($insertgreyhound) or die("could not insert into greyhounds");

Your using $pid to match it up to the player ID in the player database? Have you checked you didn't set the greyhound pid to auto increment?

[alexrules01]

Code: Select all

$insertgreyhound="INSERT INTO greyhounds (pid,speed,intellect,size,weight,keeness,aggresive,gender,brokein) VALUES ('$pid','5','$intellect','Small','$weight','$keeness','$aggresiveness','$gender','1')";
mysql_query($insertgreyhound) or die("could not insert into greyhounds");

Your using $pid to match it up to the player ID in the player database? Have you checked you didn't set the greyhound pid to auto increment?

No its not auto incrementing...made sure of that

And Jack that made perfect sense! Thank you so much! It should work perfectly with the structure of the game. I will be psoting my idea soon on the forum, just wanted to get some base work done.

Once again thanks (still the insert isn't working, but I'll use Jack's idea for now and see if it does work)

[Jackolantern]

Code: Select all

$insertgreyhound="INSERT INTO greyhounds (pid,speed,intellect,size,weight,keeness,aggresive,gender,brokein) VALUES ('$pid','5','$intellect','Small','$weight','$keeness','$aggresiveness','$gender','1')";
mysql_query($insertgreyhound) or die("could not insert into greyhounds");

Your using $pid to match it up to the player ID in the player database? Have you checked you didn't set the greyhound pid to auto increment?

No its not auto incrementing...made sure of that

And Jack that made perfect sense! Thank you so much! It should work perfectly with the structure of the game. I will be psoting my idea soon on the forum, just wanted to get some base work done.

Once again thanks (still the insert isn't working, but I'll use Jack's idea for now and see if it does work)

Your welcome! And for the insert, remove the ' ' from any number literals (5, 1, 9, etc.), like this:

Code: Select all

"INSERT into greyhounds (pid,speed,intellect,size,weight,keeness,aggresiveness,gender,brokein) VALUES ('$pid',5,'$randomintellect','small','$weight','$randomkeeness','$randomaggresiveness','$gender',1)";
       mysql_query($updategreyhound) or die("Could not update map");

You only use 'single-quotes' to surround string values and variables.