Topic: Retrieve from the database...

[Darkpower]

Hey!

I need help with create an sql question, I think it will look like this, but not really sure:
And where do I place the code snippet?

Code: [Select]

$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";
mysql_query($query, $db_id);

Code where it will be placed so it can write You have '.$poang.' points.';
I need this sql question so it can get information from database, from column points.
Right now this code jumps directly too if($poang<=0) {
$skrivut .= '<b>You dont have any points left!</b>';

Code: [Select]

<?php include "antet.php"; include "func.php";
if (!isset($_SESSION["user"][1]))
{
header('Location: login.php'); die();
}
$usr=user($_SESSION["user"][0]);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Lottery - Win points</title>
<style type="text/css">
body     { background: #CCCCCC; }
p,input { font-size: 11px; font-family: "Verdana", "Helvetica", "Arial", sans-serif; color: #244189; }
label    { cursor: pointer; }
</style>
</head>
<body>
<?php
 
global $userrow, $db_id;
$poang = $userrow["points"];

$skrivut = $gissningar = '';
 
if($_POST{'ok'}) {
 
 $poang = $_POST{'poang'};
 
 $slump = rand(1,9);
 $skrivut .= 'Random number is '.$slump.'. ';
 
 $antal = count($_POST{'siffra'});
 
 if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }

 if($gissningar!='') {
  $skrivut .= 'You guessed '.$gissningar.'. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\nt have any points left!</b>';
 }
 else {
 $skrivut .= 'You have '.$poang.' points.';
 }
 }
 if($usr[7]>=10){
echo '
<p>Every number you buy costs 10 points. If you win: Your betting money + 100 points.</p>
 
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">
<p><input type="checkbox" name="siffra[]" id="t1" value="1" /> <label for="t1">1</label>
<input type="checkbox" name="siffra[]" id="t2" value="2" /> <label for="t2">2</label>
<input type="checkbox" name="siffra[]" id="t3" value="3" /> <label for="t3">3</label>
<input type="checkbox" name="siffra[]" id="t4" value="4" /> <label for="t4">4</label>
<input type="checkbox" name="siffra[]" id="t5" value="5" /> <label for="t5">5</label>
<input type="checkbox" name="siffra[]" id="t6" value="6" /> <label for="t6">6</label>
<input type="checkbox" name="siffra[]" id="t7" value="7" /> <label for="t7">7</label>
<input type="checkbox" name="siffra[]" id="t8" value="8" /> <label for="t8">8</label>
<input type="checkbox" name="siffra[]" id="t9" value="9" /> <label for="t9">9</label>
<input type="hidden" name="poang" value="'.$poang.'" />
<input type="submit" name="ok" value="Play" /></p>
</form>
<p>'.$skrivut.'</p>';
 }else{
 echo '<b><div align"center">You need at least 10 points to play!</div></b>';
 }
 
?>
 
</body>
</html>

[Adika]

If your code is working great, then try putting that sql statement here:

Code: [Select]

if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }

[color=red]$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";
$result = mysql_query($query, $db_id);
$poang = mysql_fetch_array($result);[/color]
 if($gissningar!='') {
  $skrivut .= 'You guessed '.$gissningar.'. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\nt have any points left!</b>';
 }
 else {
 $skrivut .= 'You have '.$poang.' points.';
 }

[Darkpower]

Close!

Now it says, You have Array points.

I changed this line:
$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";

to

$query="SELECT points FROM users where id='".mysql_real_escape_string($_SESSION["user"]["0"])."'";

[Adika]

Is that means that it is working now?

[Darkpower]

No, only the security i fixed :-/

Instead of Array, should be the number^_^

[Adika]

Sorry, I forgot to tell you, change this code:

Code: [Select]

$poang = mysql_fetch_array($result);to this one:

Code: [Select]

$myNum = mysql_fetch_array($result);
$poang = $myNum[0]And also add LIMIT 1 in your select sql statement just like you did in the Update statement, since you only getting out one record, so it's an extra security.

[Darkpower]

You forgot to add ; after $myNum[0]

GREAT MAN! You are the man!

Everything works perfectly now!

Have a nice weekend!

[Darkpower]

I found one BIG bugg i need help with. It has to do with Integer.

Let say, if you have 10 points you play with and the random number shows up is not correct you will loose 10 points and have zero now. If you updating the page so will those numbers add to your database: 4294967295.

OR

If you update the page and did match a number(you have no points to play with) you earn 100 points. How come? How can I solve this?
But if you leave the page after you have lost all your points and get back again and updating the page, nothing happens, it show only You need at least 10 points to play.


Updated code:

Code: [Select]

<?php include "antet.php"; include "func.php";
if (!isset($_SESSION["user"][1]))
{
header('Location: login.php'); die();
}
$usr=user($_SESSION["user"][0]);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Lottery - Win points</title>
<style type="text/css">
body     { background: #CCCCCC; }
p,input { font-size: 11px; font-family: "Verdana", "Helvetica", "Arial", sans-serif; color: #244189; }
label    { cursor: pointer; }
</style>
</head>
<body>
<?php
 
global $userrow, $db_id;
$poang = $userrow["points"];

$skrivut = $gissningar = '';
 
if($_POST{'ok'}) {
 
 $poang = $_POST{'poang'};
 
 $slump = rand(1,9);
 $skrivut .= 'Random number is <b>'.$slump.'</b>. ';
 
 $antal = count($_POST{'siffra'});
 
 if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }


$query="SELECT points FROM users where id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
$result = mysql_query($query, $db_id);
$myNum = mysql_fetch_array($result);
$poang = $myNum[0];



 if($gissningar!='') {
  $skrivut .= 'You guessed <b>'.$gissningar.'</b>. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\'t have any points left!</b>';
 }
 else {
 $skrivut .= 'You have <b>'.$poang.'</b> points.';
 }
 }
 if($usr[7]>=10){
echo '
<p>Every number you buy costs 10 points. If you win: Your correct number(10 points) + 100 points.</p>
 
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">
<p><input type="checkbox" name="siffra[]" id="t1" value="1" /> <label for="t1">1</label>
<input type="checkbox" name="siffra[]" id="t2" value="2" /> <label for="t2">2</label>
<input type="checkbox" name="siffra[]" id="t3" value="3" /> <label for="t3">3</label>
<input type="checkbox" name="siffra[]" id="t4" value="4" /> <label for="t4">4</label>
<input type="checkbox" name="siffra[]" id="t5" value="5" /> <label for="t5">5</label>
<input type="checkbox" name="siffra[]" id="t6" value="6" /> <label for="t6">6</label>
<input type="checkbox" name="siffra[]" id="t7" value="7" /> <label for="t7">7</label>
<input type="checkbox" name="siffra[]" id="t8" value="8" /> <label for="t8">8</label>
<input type="checkbox" name="siffra[]" id="t9" value="9" /> <label for="t9">9</label>
<input type="hidden" name="poang" value="'.$poang.'" />
<input type="submit" name="ok" value="Play" /></p>
</form>
<p>'.$skrivut.'</p>';
 }else{
 echo '<b><div align"center">You need at least 10 points to play!</div></b>';
 }
 
?>
 
</body>
</html>

[Adika]

Let say, if you have 10 points you play with and the random number shows up is not correct you will loose 10 points and have zero now.

But after you updating the database, the user will still have 10 points and can never have less than 10. - from your code

Code: [Select]

$poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);The above is that code.

4294967295

Still a mystery number. I think Scooby-Doo will find out what's happening there. :-)

If you update the page and did match a number(you have no points to play with) you earn 100 points. How come?

Code: [Select]

$poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);The above code answers your above question. :-)

But if you leave the page after you have lost all your points and get back again and updating the page, nothing happens, it show only You need at least 10 points to play.

The answer is in this line of the code:

Code: [Select]

if($usr[7]>=10){
I wonder what field does $usr[7] stands for?

[Darkpower]

This line:
if($usr[7]>=10){

$usr[7]=Points

I know, it should stop you from playing when you don't have 10 or more. But If you are still at the page when you loosing every points and push the update button it still updates to the column(points).

4294967295= this is the maximum number points column can receive.
But why does it add the maximum number when you updating the page?


*The above code answers your above question. :-)
Yeah, $poang = $userrow['points']+100;, but i don't want people to cheat by updating the page when you have no points left!

I found something, the form!
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">

.$_SERVER{'PHP_SELF'} = hmm, I wonder if this one who makes the game failure!

What do you think?

[pkedpker]

4294967295 = 32bit signed integer overflow happened and it's being read as unsigned integer..

basically what happened you had 0 points and you subtracted 10 from 0.. so you have  -10.. and -10 = 4294967295  in unsigned integer.. change MYSQL table datatype to SIGNED integer and it will show as -10..

[Darkpower]

But it will not show -10 on my page? or? I hope it will show, 0.

[Adika]

Ok, this problem requires step by step debugging.
First:

Code: [Select]

$usr=user($_SESSION["user"][0]);Explain me the above line of code. It needs to catch how many points does the user have, and he is doing it when the user enters the page. So, to do it, the script must connect to the database somewhere to get the points number. Since user() is some kind of custom function, explain me where is it and what is he doing.

[Darkpower]

I'm not really sure about that line, just integrated it because points=$usr[7] will work then. Database connections is in antet.php. func.php= all functions in the game, big file. I am new at php :-/ I can send func.php if you want, do you have msn? You can send me a PM with your email. And i post the solution here later.

[Darkpower]

pkedpker

I can only choose between those:

UNSIGNED, BINARY, UNSIGNED ZEROFILL, ON UPDATE CURRENT TIMESTAMP

[Adika]

Sorry, but I can't fix big things for free because it's time consuming, and time is money. But what I can do is put you in the right direction, so you can find the solution yourself.

So, open the func.php, and find the line where it says

Code: [Select]

function user($some_variable_will_be_here) {That line is feeding your $usr with data. Follow that function line by line, and found out what he does. For functions or words that you don't know what they mean, go to the www.php.net and "search for" box write in the word that you don't understand. And then click the arrow. Then it will show you the function that you didn't know, and how it's built and for what it is. That way you can understand your code. Hey, no pain no game! And if you are not here to learn php, than what are you doing here? And learning php is not just asking questions in the forums, but trying to find answers yourself. And php.net is the best way to find answers, since that's all you need (mostly). And since php is the easiest language to learn, spend some time, and learn it. My first language was also php and I learned everything by myself from php.net and by analyzing the script. If you have some questions, I will be happy to ask or to direct you to the right direction. And let me tell you one more thing: If you spend some time to completely understand this script that you are working on, you will gain instant knowledge of php, and after that you will see how easy this language is, and how good you can be in it in no time. Trust me, I was there where you are now before.

[Darkpower]

SOLVED!

Haha, solved it in a easy way 
You need an IF statement around sql^^

Code: [Select]

if($usr[7]>=10){
 if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }
 }else{
 echo '<b>You need at least 10 points to play!</b>';
 }

[Adika]

Great to hear that you solved it. :-)