Topic: Retrieve from the database...

[Darkpower]

Hey!

I need help with create an sql question, I think it will look like this, but not really sure:
And where do I place the code snippet?

Code: [Select]

$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";
mysql_query($query, $db_id);

Code where it will be placed so it can write You have '.$poang.' points.';
I need this sql question so it can get information from database, from column points.
Right now this code jumps directly too if($poang<=0) {
$skrivut .= '<b>You dont have any points left!</b>';

Code: [Select]

<?php include "antet.php"; include "func.php";
if (!isset($_SESSION["user"][1]))
{
header('Location: login.php'); die();
}
$usr=user($_SESSION["user"][0]);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Lottery - Win points</title>
<style type="text/css">
body     { background: #CCCCCC; }
p,input { font-size: 11px; font-family: "Verdana", "Helvetica", "Arial", sans-serif; color: #244189; }
label    { cursor: pointer; }
</style>
</head>
<body>
<?php
 
global $userrow, $db_id;
$poang = $userrow["points"];

$skrivut = $gissningar = '';
 
if($_POST{'ok'}) {
 
 $poang = $_POST{'poang'};
 
 $slump = rand(1,9);
 $skrivut .= 'Random number is '.$slump.'. ';
 
 $antal = count($_POST{'siffra'});
 
 if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }

 if($gissningar!='') {
  $skrivut .= 'You guessed '.$gissningar.'. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\nt have any points left!</b>';
 }
 else {
 $skrivut .= 'You have '.$poang.' points.';
 }
 }
 if($usr[7]>=10){
echo '
<p>Every number you buy costs 10 points. If you win: Your betting money + 100 points.</p>
 
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">
<p><input type="checkbox" name="siffra[]" id="t1" value="1" /> <label for="t1">1</label>
<input type="checkbox" name="siffra[]" id="t2" value="2" /> <label for="t2">2</label>
<input type="checkbox" name="siffra[]" id="t3" value="3" /> <label for="t3">3</label>
<input type="checkbox" name="siffra[]" id="t4" value="4" /> <label for="t4">4</label>
<input type="checkbox" name="siffra[]" id="t5" value="5" /> <label for="t5">5</label>
<input type="checkbox" name="siffra[]" id="t6" value="6" /> <label for="t6">6</label>
<input type="checkbox" name="siffra[]" id="t7" value="7" /> <label for="t7">7</label>
<input type="checkbox" name="siffra[]" id="t8" value="8" /> <label for="t8">8</label>
<input type="checkbox" name="siffra[]" id="t9" value="9" /> <label for="t9">9</label>
<input type="hidden" name="poang" value="'.$poang.'" />
<input type="submit" name="ok" value="Play" /></p>
</form>
<p>'.$skrivut.'</p>';
 }else{
 echo '<b><div align"center">You need at least 10 points to play!</div></b>';
 }
 
?>
 
</body>
</html>

[Adika]

If your code is working great, then try putting that sql statement here:

Code: [Select]

if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".$_SESSION["user"]["0"]."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }

[color=red]$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";
$result = mysql_query($query, $db_id);
$poang = mysql_fetch_array($result);[/color]
 if($gissningar!='') {
  $skrivut .= 'You guessed '.$gissningar.'. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\nt have any points left!</b>';
 }
 else {
 $skrivut .= 'You have '.$poang.' points.';
 }

[Darkpower]

Close!

Now it says, You have Array points.

I changed this line:
$query="SELECT points FROM users where id='".$_SESSION["user"]["0"]."'";

to

$query="SELECT points FROM users where id='".mysql_real_escape_string($_SESSION["user"]["0"])."'";

[Adika]

Is that means that it is working now?

[Darkpower]

No, only the security i fixed :-/

Instead of Array, should be the number^_^

[Adika]

Sorry, I forgot to tell you, change this code:

Code: [Select]

$poang = mysql_fetch_array($result);to this one:

Code: [Select]

$myNum = mysql_fetch_array($result);
$poang = $myNum[0]And also add LIMIT 1 in your select sql statement just like you did in the Update statement, since you only getting out one record, so it's an extra security.

[Darkpower]

You forgot to add ; after $myNum[0]

GREAT MAN! You are the man!

Everything works perfectly now!

Have a nice weekend!

[Darkpower]

I found one BIG bugg i need help with. It has to do with Integer.

Let say, if you have 10 points you play with and the random number shows up is not correct you will loose 10 points and have zero now. If you updating the page so will those numbers add to your database: 4294967295.

OR

If you update the page and did match a number(you have no points to play with) you earn 100 points. How come? How can I solve this?
But if you leave the page after you have lost all your points and get back again and updating the page, nothing happens, it show only You need at least 10 points to play.


Updated code:

Code: [Select]

<?php include "antet.php"; include "func.php";
if (!isset($_SESSION["user"][1]))
{
header('Location: login.php'); die();
}
$usr=user($_SESSION["user"][0]);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Lottery - Win points</title>
<style type="text/css">
body     { background: #CCCCCC; }
p,input { font-size: 11px; font-family: "Verdana", "Helvetica", "Arial", sans-serif; color: #244189; }
label    { cursor: pointer; }
</style>
</head>
<body>
<?php
 
global $userrow, $db_id;
$poang = $userrow["points"];

$skrivut = $gissningar = '';
 
if($_POST{'ok'}) {
 
 $poang = $_POST{'poang'};
 
 $slump = rand(1,9);
 $skrivut .= 'Random number is <b>'.$slump.'</b>. ';
 
 $antal = count($_POST{'siffra'});
 
 if (isset($antal) && !empty($antal)) {
 foreach($_POST{'siffra'} as $tal) {

 
  if(is_numeric($tal)) {
   $gissningar .= ' '.$tal;
   if($tal==$slump) {
   $poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
   else {
   $poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);
   }
  }
 }
 }


$query="SELECT points FROM users where id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
$result = mysql_query($query, $db_id);
$myNum = mysql_fetch_array($result);
$poang = $myNum[0];



 if($gissningar!='') {
  $skrivut .= 'You guessed <b>'.$gissningar.'</b>. ';
 }
 
 if($poang<=0) {
  $skrivut .= '<b>You don\'t have any points left!</b>';
 }
 else {
 $skrivut .= 'You have <b>'.$poang.'</b> points.';
 }
 }
 if($usr[7]>=10){
echo '
<p>Every number you buy costs 10 points. If you win: Your correct number(10 points) + 100 points.</p>
 
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">
<p><input type="checkbox" name="siffra[]" id="t1" value="1" /> <label for="t1">1</label>
<input type="checkbox" name="siffra[]" id="t2" value="2" /> <label for="t2">2</label>
<input type="checkbox" name="siffra[]" id="t3" value="3" /> <label for="t3">3</label>
<input type="checkbox" name="siffra[]" id="t4" value="4" /> <label for="t4">4</label>
<input type="checkbox" name="siffra[]" id="t5" value="5" /> <label for="t5">5</label>
<input type="checkbox" name="siffra[]" id="t6" value="6" /> <label for="t6">6</label>
<input type="checkbox" name="siffra[]" id="t7" value="7" /> <label for="t7">7</label>
<input type="checkbox" name="siffra[]" id="t8" value="8" /> <label for="t8">8</label>
<input type="checkbox" name="siffra[]" id="t9" value="9" /> <label for="t9">9</label>
<input type="hidden" name="poang" value="'.$poang.'" />
<input type="submit" name="ok" value="Play" /></p>
</form>
<p>'.$skrivut.'</p>';
 }else{
 echo '<b><div align"center">You need at least 10 points to play!</div></b>';
 }
 
?>
 
</body>
</html>

[Adika]

Let say, if you have 10 points you play with and the random number shows up is not correct you will loose 10 points and have zero now.

But after you updating the database, the user will still have 10 points and can never have less than 10. - from your code

Code: [Select]

$poang = $userrow['points']-10;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);The above is that code.

4294967295

Still a mystery number. I think Scooby-Doo will find out what's happening there. :-)

If you update the page and did match a number(you have no points to play with) you earn 100 points. How come?

Code: [Select]

$poang = $userrow['points']+100;
   $query = "UPDATE users SET points=points+$poang WHERE id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1";
   mysql_query($query, $db_id);The above code answers your above question. :-)

But if you leave the page after you have lost all your points and get back again and updating the page, nothing happens, it show only You need at least 10 points to play.

The answer is in this line of the code:

Code: [Select]

if($usr[7]>=10){
I wonder what field does $usr[7] stands for?

[Darkpower]

This line:
if($usr[7]>=10){

$usr[7]=Points

I know, it should stop you from playing when you don't have 10 or more. But If you are still at the page when you loosing every points and push the update button it still updates to the column(points).

4294967295= this is the maximum number points column can receive.
But why does it add the maximum number when you updating the page?


*The above code answers your above question. :-)
Yeah, $poang = $userrow['points']+100;, but i don't want people to cheat by updating the page when you have no points left!

I found something, the form!
<form action="'.$_SERVER{'PHP_SELF'}.'" method="post">

.$_SERVER{'PHP_SELF'} = hmm, I wonder if this one who makes the game failure!

What do you think?

[pkedpker]

4294967295 = 32bit signed integer overflow happened and it's being read as unsigned integer..

basically what happened you had 0 points and you subtracted 10 from 0.. so you have  -10.. and -10 = 4294967295  in unsigned integer.. change MYSQL table datatype to SIGNED integer and it will show as -10..

[Darkpower]

But it will not show -10 on my page? or? I hope it will show, 0.

[Adika]

Ok, this problem requires step by step debugging.
First:

Code: [Select]

$usr=user($_SESSION["user"][0]);Explain me the above line of code. It needs to catch how many points does the user have, and he is doing it when the user enters the page. So, to do it, the script must connect to the database somewhere to get the points number. Since user() is some kind of custom function, explain me where is it and what is he doing.

[Darkpower]

I'm not really sure about that line, just integrated it because points=$usr[7] will work then. Database connections is in antet.php. func.php= all functions in the game, big file. I am new at php :-/ I can send func.php if you want, do you have msn? You can send me a PM with your email. And i post the solution here later.

[Darkpower]

pkedpker

I can only choose between those:

UNSIGNED, BINARY, UNSIGNED ZEROFILL, ON UPDATE CURRENT TIMESTAMP