Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
43 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to For Beginners

[solved]Errors: a little bit of php/sql?

Started by
1 comment, last by JinixVomitorium 11 years, 3 months ago
$sql=mysql_query("SELECT * FROM player WHERE player_name=".$POST['char_name']."");
if( mysql_num_rows($sql) == 0 ) {
$sql=mysql_query("INSERT INTO player(account_id, player_name) VALUES(".$_SESSION['id'].", ".$_POST['char_name']." ) " ) or die (mysql_error() );
exit();
} else {
echo 'Character Name is taken, please try another...';
}
Im getting these errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in/www/zymichost.com/g/a/l/galaxy-star-games/htdocs/play.php on line 9
Unknown column 'vortex' in 'field list'
Im not too sure the sql query is correct, i get confused when combining the string and such with different quotations. Unknown column i believe is referring to the insert of $_POST['player_name'] but not sure.
if anyone can shed some light on these errors, i would be appreciated!

add me on skype, i need some new associates for coding.

skype: daniel.lamonds

c++, Visual basic, fortran, html/5, css, php,java script, sql, others......

Advertisement

The value you query has to be in quotes. Your query currently expands to SELECT * FROM player WHERE player_name=vortex (from what I understand from the error, the posted character name expands to vortex; if not, just pretend it is for the sake of the example), and so the query searches the table for rows where the player_name field has the same value as the vortex field.

What you want is quotes around the character name so it expands to a string and not a field name in the query.

$sql=mysql_query("SELECT * FROM player WHERE player_name='$POST[char_name]'");

But you should also strongly consider sanitizing the input and not just stick it directly from an untrusted user's browser into the query string; clicky. Check out mysql_escape_string(), or even better: prepared statements.

Thanks, I will use that in the future. I actually went back and assigned the form values to variables to make it easier, and stripped it of all non valid characters, I just wanted to get it working before adding protection to sql injection. Thank you again! :)

add me on skype, i need some new associates for coding.

skype: daniel.lamonds

c++, Visual basic, fortran, html/5, css, php,java script, sql, others......

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
gjl
New Generated Constructor & JIT Issue AngelCode
MrK45
Inheriting from application registered class AngelCode
Advertisement

Recommended Tutorials

jb-dev
The Gaming Industry and Agile methodologies Production and Management
deftware
'Slope Lighting' Terrain Graphics and GPU Programming
Myopic Rhino
Continuing GameMonkey Script: Advanced Use General and Gameplay Programming
Myopic Rhino
Working With AVI Files General and Gameplay Programming
Myopic Rhino
Motion Planning Using Potential Fields Artificial Intelligence

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top