Bank Problem [SOLVED]
Posted: Sun Jul 24, 2011 4:49 pm
Hi there everyone!
I am currently having an issue with the bank system that I created. Whenever I try to withdraw money from it, the page goes through successfully with no obvious syntactical errors, but I never actually withdraw any money from the bank. Any ideas on why this is?
Here is my withdraw.php:
And here is my withdrawck.php (which checks the withdraw.php):
Thanks everyone!
I am currently having an issue with the bank system that I created. Whenever I try to withdraw money from it, the page goes through successfully with no obvious syntactical errors, but I never actually withdraw any money from the bank. Any ideas on why this is?
Here is my withdraw.php:
Code: Select all
<html>
<head>
<title>Withdraw</title>
</head>
<body>
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='home.php'>Login</a>";
exit;
}
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("Could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
include_once 'statpanel.php';
include_once 'logo.php';
?>
<?php
echo "<br><br><br><br><br><center><i>"How much would you like to take out?"</i>";
?>
<script language="JavaScript">
function onlyNumbers(evt)
{
var e = event || evt; // for trans-browser compatibility
var charCode = e.which || e.keyCode;
if (charCode > 31 && (charCode < 48 || charCode > 57))
return false;
return true;
}
</script>
<br><br><form name="message" action="withdrawck.php" method="post">
Galleons: <input type="text" onkeypress="return onlyNumbers();" name="galleons" /><br>
Sickles: <input type="text" onkeypress="return onlyNumbers();" name="sickles" /><br>
Knuts: <input type="text" onkeypress="return onlyNumbers();" name="knuts" /><br><br>
<input type="submit" value="Withdraw" />
</form>
</body>
</html>Code: Select all
<html>
<head>
<title>Withdraw</title>
</head>
<body>
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<div id="login2" div align="center">
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
exit;
}
?>
</div>
<?php
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
$pid=$playerinfo3['id'];
include_once 'statpanel.php';
?>
<?php
if(isset($_POST['submit'])){
$galleons=$_POST['galleons'];
$sickles=$_POST['sickles'];
$knuts=$_POST['knuts'];
}
$moneyinfo="SELECT * from playermoney where pid='$pid'";
$moneyinfo2=mysql_query($moneyinfo) or die("Could not get playermoney stats!");
$moneyinfo3=mysql_fetch_array($moneyinfo2);
$bgalleons=$moneyinfo3['bgalleons'];
$pgalleons=$playerinfo3['galleons'];
$bsickles=$moneyinfo3['bsickles'];
$psickles=$playerinfo3['sickles'];
$bknuts=$moneyinfo3['bknuts'];
$pknuts=$playerinfo3['knuts'];
$ck_pgalleons = "SELECT galleons FROM players WHERE pid = '".$pid."'";
$ck_bgalleons = "SELECT bgalleons FROM playermoney WHERE pid = '".$pid."'";
$ck_psickles = "SELECT sickles FROM players WHERE pid = '".$pid."'";
$ck_bsickles = "SELECT bsickles FROM playermoney WHERE pid = '".$pid."'";
$ck_pknuts = "SELECT knuts FROM players WHERE pid = '".$pid."'";
$ck_bknuts = "SELECT bknuts FROM playermoney WHERE pid = '".$pid."'";
if( mysql_num_rows( mysql_query( $ck_bgalleons ) ) < $galleons ){
die("There are not enough galleons in your account. Please go back and try again.<br>
<form name=\"back\" action=\"withdraw.php\"
method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}
elseif( mysql_num_rows( mysql_query( $ck_bsickles ) ) < $sickles ){
die("There are not enough sickles in your account. Please go back and try again.<br>
<form name=\"back\" action=\"withdraw.php\"
method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}
if( mysql_num_rows( mysql_query( $ck_bknuts ) ) < $knuts ){
die("There are not enough knuts in your account. Please go back and try again.<br>
<form name=\"back\" action=\"withdraw.php\"
method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}
$updatebgalleons="UPDATE playermoney SET bgalleons= '$bgalleons' - '$galleons' WHERE pid='$pid'";
mysql_query($updatebgalleons) or die("Could not update player's galleon status");
$updatepgalleons="UPDATE players SET galleons='$pgalleons' + '$galleons' WHERE name='$player'";
mysql_query($updatepgalleons) or die("Could not update player's galleon status");
$updatebsickles="UPDATE playermoney SET bsickles='$bsickles' - '$sickles' WHERE pid='$pid'";
mysql_query($updatebsickles) or die("Could not update player's sickle status");
$updatepsickles="UPDATE players SET sickles='$psickles' + '$sickles' WHERE name='$player'";
mysql_query($updatepsickles) or die("Could not update player's sickle status");
$updatebknuts="UPDATE playermoney SET bknuts='$bknuts' - '$knuts' WHERE pid='$pid'";
mysql_query($updatebknuts) or die("Could not update player's knut status");
$updatepknuts="UPDATE players SET knuts='$pknuts' + '$knuts' WHERE name='$player'";
mysql_query($updatepknuts) or die("Could not update player's knut status");
echo "<br><br><br><br><br>";
echo "<center>";
echo "<a href='withdraw.php'>Withdraw more</a>";
echo "<br><br><a href='index.php'>Go back to Diagon Alley</a>";
echo "</center>";
?>
</body>
</html>
By putting the logic into MySQL for the sole purpose of quarantining shady code, all you would be doing is making your code fail silently due to a failed query, which could cause your application to try to chug along without the data it needs to continue properly. 