okay guys, ive got another problem. im making a text-based mmorpg and i have a page where users can buy 'fans' for a certain amount of money. here is the script for the form: <? session_start(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>buy fans</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form action="fanscheck2.php" method="post" name="" id=""> fans u want<input name="fansamount" type="text" id="fansamount"></td> <input type="submit" name="Submit" value="Submit"></td> </form> </body> </html> And here is the script to update the data in my database: <?php include 'db.php'; session_start(); echo $_SESSION['userid']; if (isset($_SESSION['userid'])) { $userid=$_SESSION['userid']; $userstatsall="SELECT * from userstats where userid='$userid'"; $userstatsall2=mysql_query($userstatsall) or die("Could not get user stats"); $userstatsall3=mysql_fetch_array($userstatsall2); if(isset($_POST['submit'])) { $fanswanted=$_POST['fansamount']; $fanswanted=strip_tags($fanswanted); $total=$fanswanted*100; if($fanswanted<0) { print "You cannot buy negative fans.."; } else if($userstatsall3['money']<$total) { print "You do not have enough money to buy that many fans."; } else if($userstatsall3['money']>=$total) { $getfans="UPDATE userstats SET money=money-'$total', fans=fans+'$fanswanted', WHERE userid='$userstatsall3[userid]'"; mysql_query($getfans) or die("Could not buy fans"); print "You bought $fanswanted fans. ."; } else { print "there was an error"; } } } else { print "Sorry, not logged in."; } print "test" ?> I get no error messages, but nothing comes up execpt for the user id, which i put to see if it worked and the "test". The data does not get updated in the database. Can anyone see what is wrong? thanks for your help. ps: Part of the script is copied from www.chipmunk-scripts.com's "Kill Monster" open-source game. [Edited by - bigfooot on October 22, 2005 9:56:50 PM]

1. Put your source inside source or code tags on gamedev.net
2. Do not call variables things like $userstatsall2 and $userstatsall3
3. Error reporting. Always put

error_reporting(E_ALL);

Everywhere, otherwise important errors won't get reported.

Examine the server's error log files to see the error, if display_errors is off (which it should be in a production environment, but you may have it turned on on your dev server)

Ideally, write an error handler which crashes out loudly and in a verbose manner for any error happening at all (even a E_NOTICE). That's what I do.

4. I'm not sure that die() does what you think it does. Don't use die. Instead use user_error (which will of course invoke your loud and fatal error handler)

5. Always cast things that should be an int into an int, otherwise you might get problems with SQL injection vulnerabilities, for example:

$fanswanted =  (int) $_POST['fansamount'];

Cheers

Mark

Thanks a lot Sander, that worked..

Now i get the "could not buy fans", but ill try to figure out what is going wrong before asking for help.

thanks also to Markr for your suggestions

hi,

I think your problem is, that you have no valid DB Connection
Param in your mysql_query() function...

you have to write:

mysql_query( $hDB, $sSQL ) or die("YOUR ERROR");


Hope this helps,

Marc

PS:

And i think, you don't havt to put $fanswanted in your SQL String in '',
(if it is an int field)

thank you marcjulian ,

What do the $hDB, $sSQL variables mean/do/execute?? Did you use it to represent a variable from my script for example $getfans? Or is it used for something else?

alex

What does file db.php look like?

the db.php looks like this:

<? /*  Database Information - Required!!  *//* -- Configure the Variables Below --*/$dbhost = 'localhost';$dbusername = 'MYUSERNAME';$dbpasswd = 'MYPASSWORD';$database_name = 'MYDATABASENAME';/* Database Stuff, do not modify below this line */$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd") 	or die ("Couldn't connect to server.");	$db = mysql_select_db("$database_name", $connection)	or die("Couldn't select database.");?>

I don't see the text "could not buy fans" anywhere in your code... so I have no idea why that is showing up.

On another note (and I hope you don't take this the wrong way), your code is pretty ugly. Now, I myself am the king of ugly code, so i can sympathize.... but if you really want to publish this game at some point in time, I'd highly suggest working on making your code as modular as possible.

Quote:Original post by Cygnus_X
I don't see the text "could not buy fans" anywhere in your code... so I have no idea why that is showing up.

On another note (and I hope you don't take this the wrong way), your code is pretty ugly. Now, I myself am the king of ugly code, so i can sympathize.... but if you really want to publish this game at some point in time, I'd highly suggest working on making your code as modular as possible.

The text "could not buy fans" comes from here:

{$getfans="UPDATE userstats SET money=money-'$total', fans=fans+'$fanswanted', WHERE userid='$userstatsall3[userid]'";mysql_query($getfans) or die("Could not buy fans");print "You bought $fanswanted fans. .";}

Lol, i know my code is ugly, im still a noob. Do you know of any tutorials/articles to making more modular code?