Someone can help me with this?
Code:<?php if ( $__TOKEN == 'ILoveAthensFiestaReallyBad' ) { if ( $_SESSION['logged_in'] == true && $_SESSION['nEMID'] != '' ) { if ( $mssql_link = @mssql_connect( 'WIN-BQZEUDB8KID\\SQLEXPRESS', 'sa', 'TESTE' ) ) { // Do points thing --------------------------------------------- $selectPoints = mssql_query( "SELECT * FROM OdinAccounts..tPurchases WHERE userNo = '".$_SESSION['nEMID']."' AND cashtype = '0';" ); if ( mssql_num_rows( $selectPoints ) == 0 ) { $insertPoints = mssql_query( "INSERT INTO OdinAccounts..tPurchases VALUES('".$_SESSION['nEMID']."', '0', '0', '0');" ); $userCoins = 0; } else if ( mssql_num_rows( $selectPoints ) == 1 ) { $userCoins = mssql_result( $selectPoints, 0, 2 ); } else { // Error #25MALL showMessage( 'error', 'Internal Server Error #25MALL' ); } // ------------------------------------------------------------- ?> <h1>Cash Shop<small style="float: right;">You have <?php echo $userCoins; ?> Coins</small></h1> <p>Here you can buy some special items for Athens Fiesta Coins. If you run out of coins you can buy more using form below.</p> <p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post" style="none"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="custom" value="<?php echo $_SESSION['nEMID']; ?>"> <input type="hidden" name="hosted_button_id" value="S6VMZ6MTGWDCC"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="on0" value="Amount"> <table> <tr> <td><select name="os0"><option value="5000 Gold">5000 Gold $5.00</option><option value="10,000 Gold">10,000 Gold $10.00</option><option value="25,000 Gold">25,000 Gold $25.00</option><option value="50,000 Gold">50,000 Gold $50.00</option><option value="100,000 Gold">100,000 Gold $100.00</option><option value="200,000 Gold">200,000 Gold $200.00</option></select></td> <td><input type="image" style="none" src="https://www.paypal.com/en_US/i/btn/btn_buynow_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"></td> </tr> </table> </form> </p> <?php $catID = mssql_escape_string( $_GET['cat'] ); $itemViewID = intval( $_GET['item'] ); if ( $catID == '' ) $catID = NULL; // Here we fetch categories $selectCategories = mssql_query( "SELECT category, name, parent FROM OdinAccounts..tItemCategory WHERE parent = NULL AND status = 'True';" ); if ( $catID == NULL && $itemViewID == 0 ) { while ( $category = mssql_fetch_array( $selectCategories ) ) { echo '<h2>'.$category['name'].'<small style="float: right;"><a style="font-size: 10px; color: #4c9ad3;" href="index.php?module=mall&cat='.$category['category'].'">See all</a></small></h2>'; // Select top 4 items from this category $selectItems = mssql_query( "SELECT TOP 3 * FROM OdinAccounts..tItem WHERE category = ".$category['category']." AND isSell = 'True' ORDER BY registerDate DESC;" ); echo '<table width="100%" class="cashShop"><tr>'; while ( $item = mssql_fetch_array( $selectItems ) ) { if ( $item['imageName'] == NULL ) $item['imageName'] = "NONE"; echo '<td width="100px"> <h1>['.$item['unit'].'x] '.$item['name'].'</h1> <a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/'.$item['imageName'].'.jpg" /></a><br />'; if($item['price'] == 0) echo 'Free'; else echo $item['price'].' Gold'; //<img src="http://forum.ragezone.com/images/mall/detailbtn.gif"> echo '<br /><a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/detailbtn.gif"></a></td>'; } echo '<td><a href="index.php?module=mall&cat='.$category['category'].'"><img src="http://forum.ragezone.com/images/mall/next.png" /></a></td>'; echo '</tr></table><br />'; } } elseif ( $itemViewID != 0 ) { $selectItemInfo = mssql_query( "SELECT * FROM Account..tItem WHERE goodsNo = $itemViewID AND isSell = 'True';" ); if ( mssql_num_rows( $selectItemInfo ) == 1 ) { $item = mssql_fetch_array( $selectItemInfo ); $selectCategoryName = mssql_query( "SELECT name FROM Account..tItemCategory WHERE category = (SELECT category FROM Account..tItem WHERE goodsNo = $itemViewID);" ); if ( $item['imageName'] == NULL ) $item['imageName'] = "NONE"; echo '<h2>['.$item['unit'].'x] '.$item['name'].'<small style="float: right;"><a style="font-size: 10px; color: #4c9ad3;" href="index.php?module=mall&cat='.$item['category'].'">'.mssql_result( $selectCategoryName, 0, 0 ).'</a></small></h2>'; echo '<table width="100%"><tr><td width="90px"><img src="http://forum.ragezone.com/images/mall/'.$item['imageName'].'.jpg" /><br /><center>'; if($item['price'] == 0) echo 'Free'; else echo $item['price'].' Gold'; echo '</center></td><td valign="top">'.$item['description'].'</td></tr><tr><td colspan="2"><div style="float: right;">'; echo '<form method="post">'; echo '<input class="roundedButton" type="submit" name="Buy" value="Buy Now!" /></form>'; echo '</div></td></tr></table>'; if ( $_POST['Buy'] ) { // First check if user has enought points $selectPoints = mssql_query( "SELECT * FROM OdinAccounts..tPurchases WHERE userNo = '".$_SESSION['nEMID']."' AND cashtype = '0';" ); if ( mssql_result( $selectPoints, 0, 2 ) >= $item['price'] ) { $newCash = ( mssql_result( $selectPoints, 0, 2 ) - $item['price'] ); $changePoints = mssql_query( "UPDATE Account..tCash SET cash = ".$newCash." WHERE userNo = ".$_SESSION['nEMID']." AND cashtype = 0;" ); if ( $changePoints ) { $insertItem = mssql_query( "INSERT INTO Account..tChargeItem(userNo, goodsNo) VALUES(".$_SESSION['nEMID'].",".$item['groupNo'].");" ); if ( $insertItem ) { showMessage( 'success', 'Item has been purchased' ); } else { showMessage( 'error', 'Internal item purchase error' ); } } else { showMessage( 'error', 'Internal item error' ); } } else { showMessage( 'error', 'You do not have enought coins.' ); } } } else { showMessage( 'error', 'Item not found!' ); } } else { $selectCategory = mssql_query( "SELECT name FROM OdinAccounts..tItemCategory WHERE category = '$catID' AND status = 'True';" ); if ( mssql_num_rows( $selectCategory ) == 1 ) { // Select sub-categories $selectSubCategories = mssql_query( "SELECT * FROM Account..tItemCategory WHERE parent = '$catID' AND status = 'True';" ); if ( mssql_num_rows( $selectSubCategories ) > 0 ) { while ( $category = mssql_fetch_array( $selectSubCategories ) ) { echo '<h2>'.$category['name'].'<small style="float: right;"><a style="font-size: 10px; color: #4c9ad3;" href="index.php?module=mall&cat='.$category['id'].'">See all</a></small></h2>'; // Select top 4 items from this category $selectItems = mssql_query( "SELECT TOP 3 * FROM Account..tItem WHERE category = ".$category['category']." AND isSell = 'True' ORDER BY registerDate DESC;" ); echo '<table width="100%" class="cashShop"><tr>'; while ( $item = mssql_fetch_array( $selectItems ) ) { if ( $item['imageName'] == NULL ) $item['imageName'] = "NONE"; echo '<td width="100px"><h1>['.$item['unit'].'x] '.$item['name'].'</h1> <img src="http://forum.ragezone.com/images/mall/'.$item['imageName'].'.jpg" /><br /> '; if($item['price'] == 0) echo 'Free'; else echo $item['price'].' Gold'; echo '<br /><a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/detailbtn.gif"></a> </td>'; } echo '<td><a href="index.php?module=mall&cat='.$category['category'].'"><img src="http://forum.ragezone.com/images/mall/next.png" /></a></td>'; echo '</tr></table><br />'; } } // Select Items in Category/Subcategory $selectCategoryItems = mssql_query( "SELECT * FROM OdinAccounts..tItem WHERE category = '$catID' AND isSell = 'True' ORDER BY registerDate DESC;" ); echo '<h2>'.mssql_result( $selectCategory, 0, 0 ).'<small style="float: right;"><a style="font-size: 10px; color: #4c9ad3;" href="index.php?module=mall">Cash Shop Home Page</a></small></h2>'; if ( mssql_num_rows( $selectCategoryItems ) > 0 ) { $column = 1; echo '<table width="100%" class="cashShop">'; while ( $item = mssql_fetch_array( $selectCategoryItems ) ) { if ( $item['imageName'] == NULL ) $item['imageName'] = "NONE"; if ( $column == 1 ) { echo '<tr>'; } $column++; echo '<td width="100px"><h1>['.$item['unit'].'x] '.$item['name'].'</h1><a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/'.$item['imageName'].'.jpg" /></a><br />'; if($item['price'] == 0) //<a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/'.$item['imageName'].'.jpg" /></a> echo 'Free'; else echo $item['price'].' Gold'; echo '<br /><a href="index.php?module=mall&item='.$item['goodsNo'].'"><img src="http://forum.ragezone.com/images/mall/detailbtn.gif"></a></td>'; if ( $column == 4 ) { echo '</tr>'; $column = 1; } } echo '</table>'; } else { showMessage( 'info', 'There are no items in this category.' ); } } else { showMessage( 'error', 'Category not found' ); } } } else { showMessage( 'info', 'Cash Shop is online.<br />Please visit Cash Shop sometime later' ); } } else { if ( isset( $_POST['Login'] ) ) { $username = mssql_escape_string( $_POST['username'] ); $password = mssql_escape_string( $_POST['password'] ); $mssql_link = @mssql_connect( 'WIN-BQZEUDB8KID\\SQLEXPRESS', 'sa', '@27685261@#$%' ); if ( !$mssql_link ) { showMessage( 'info', 'Online' ); } else { $checkUser = mssql_query( "SELECT OdinAccounts FROM tAccounts..sUsername WHERE nEMID = '$username' AND sUserPass = '$UserPassSalt';" ); if ( mssql_num_rows( $checkUser ) == 1 ) { $userInfo = mssql_fetch_array( $checkUser ); $_SESSION['nEMID'] = $userInfo[0]; $_SESSION['logged_in'] = true; showMessage( 'success', 'You are logged in!', 3, 'index.php?module=mall' ); } else { showMessage( 'error', 'Wrong username and/or password!' ); } } } else { echo '<center><form method="post"> Username: <input type="text" name="username" id="user_name"> Password: <input type="password" name="password" id="password"> <input type="submit" name="Login" id="Login" value="Login"> </form></center>'; } } } ?>
Code:Warning: mssql_query() [function.mssql-query]: message: Conversion failed when converting the varchar value 'valmor' to data type int. (severity 16) inC:\wamp\www\1\modules\mall.php on line 225 Warning: mssql_query() [function.mssql-query]: Query failed inC:\wamp\www\1\modules\mall.php on line 225 Warning: mssql_num_rows() expects parameter 1 to be resource, boolean given inC:\wamp\www\1\modules\mall.php on line 227
Reply With Quote
Originally Posted by NextIdea
