Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Q]doesn't insert the value to SQL

Newbie Spellweaver
Joined
Nov 6, 2007
Messages
87
Reaction score
0
look, i got this php code and when i try to insert the ItemIndex value into [Index] in table Item it just inserts 0, though when i printed the query that inserts it it showed me the value 47,48.
anyway you will understand when you see the code:
PHP:
<?php         // start of inner script
      
      $mssql_conn = mssql_connect('localhost' , 'sa' , '');
      mssql_select_db("kal_db",$mssql_conn); ?>
      <table width="300" align="center" dir="ltr"  style="border:solid 3px;" cellspacing="1"  cellpadding="4">  
       <?php  
      $sql = "SELECT * FROM SiteShop Order by ID desc"; 
      $result = mssql_query($sql,$mssql_conn);  
       ?> 
    <tr> 
    <td  align="left" colspan="2" width="300" > 
    <font style="font-size:22px; font-family:Arial;color:#666666; font-weight:bold;" > 
    Item Shop</font>  
    <font style="font-size:12px; font-family:Arial; color:#666666; font-weight:bold;" > 
    ( There are/is <?php echo mssql_num_rows($result); ?> products)</font> 
    </td>  
    </tr>  
    
    <?php 
     
    while ($row = mssql_fetch_array($result)) { 
    ?> 
    <form method="post" name="buy" id="buy" action="">
      <input type="hidden" value="<?php echo $row['ID'] ?>" name="id" id="id">
      <input type="hidden" value="<?php echo $row['Price'] ?>" name="price" id="price">
      <input type="hidden" vlaue="<?php echo $row['ItemIndex'] ?>" name="iindex" id="iindex">
      <input type="hidden" value="<?php echo $row['Amount'] ?>" name="amount" id="amount">
    <tr> 
      <td bgcolor="#666676" colspan="2" width="300" >Item Name:
      <u><b><font size="2"> <?php echo $row['ItemName'];?></font></b></u></td>  
    </tr>  
    <tr> 
      <td bgcolor="#999999" width="60" >Price:</td>  
      <td  bgcolor="#E4E4E4" width="240"><?php echo $row['Price'];?></td>  
    </tr>  
    <tr> 
      <td bgcolor="#999999" width="60">Amount:</td>  
      <td bgcolor="#E4E4E4" width="240"><?php echo $row['Amount'];?></td>  
    </tr>  
    <tr> 
      <td bgcolor="#999999" width="60">Image:</td>  
      <td bgcolor="#E4E4E4" width="240"><img src="<?php echo $row['Image'];?>" alt="Item Image"></td>  
    </tr>
    <tr>
      <td bgcolor="#999999" width="60">
      <input type="submit" name="buyitem" id="buyitem" value="Buy Item" style="height:15px; width:40px; font-size:8; background-color:black; color:white; border-color:black;"></td>
      <td bgcolor="#E4E4E4" width="240"></td>
    </tr>
    </form> 
    <?php 
    } 
    ?> 
</table>
<?php
if ($_POST['buyitem'])
{
      $mssql_connect = mssql_connect('localhost' , 'sa' , '');
      mssql_select_db("kal_db",$mssql_connect);
      $check_query = mssql_query("SELECT Num FROM Item WHERE PID = 517 AND [Index] = 31");
      $cur_money = mssql_result($check_query,0,Num);
      $price = $_POST['price']; 
      if ($cur_money < $price)
      {
            echo "You Don't have enough money!";
      }
      else
      {
            $rand_num = rand(1,10000000);
            $query = "INSERT INTO Item (PID,IID,[Index],Prefix,Info,Num,MaxEnd,CurEnd,SetGem,XAttack,XMagic,XDefense,XHit,XDodge,Protect,UpgrLevel,UpgrRate)
            VALUES ('517','". $rand_num ."','". $_POST['iindex'] ."','0','0','". $_POST['amount'] ."','0','0','0','0','0','0','0','0','0','0','0')";
            $res = mssql_query($query);
            if ($res)
            {
                  $query1 = "UPDATE Item SET Num = Num - ". $price ." WHERE PID = 517 AND [Index] = 31";
                  $res1 = mssql_query($query1);
                  if ($res1)
                  {
                        echo "The item was bought successfully!";
                  }
                  else 
                  {
                        echo "A problem occured during buying the item";
                  }
            }
      }
}            // end of inner script
?>
and here is a picture of SiteShop table:

it inserts amount and everything else only not the Index, any1 see what's the problem?
 
Last edited:
Newbie Spellweaver
Joined
Nov 6, 2007
Messages
87
Reaction score
0
zomg foxx thank youuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu :)
 
Upvote 0
Joined
Sep 10, 2006
Messages
2,817
Reaction score
1,417
inputs, tda-like way.
PHP:
$id = $_POST['id'];
$price = $_POST['price'];
$index = $_POST['iindex'];
$amount = $_POST['amount'];

if ($_POST['buyitem'])
{
	$error          = array();
	
    if( !ctype_alnum($id) ) 
    {
        $error['id'] = sprintf(UI_ERROR,'Turd.');
    }
   
    if( !ctype_alnum($price) ) 
    {
        $error['price'] = sprintf(UI_ERROR,'Turd.');
    }
	
	if( !ctype_alnum($iindex) ) 
    {
        $error['iindex'] = sprintf(UI_ERROR,'Turd.');
    }
	
	if( !ctype_alnum($amount) ) 
    {
        $error['amount'] = sprintf(UI_ERROR,'Turd.');
    }
   
    if( empty($error) ) 
    {

		$mssql_connect = mssql_connect('localhost' , 'sa' , '');
		mssql_select_db("kal_db",$mssql_connect);
		$check_query = mssql_query("SELECT Num FROM Item WHERE PID = 517 AND [Index] = 31");
		$cur_money = mssql_result($check_query,0,Num);
		$price = $_POST['price']; 
		if ($cur_money < $price)
		{
			echo "You Don't have enough money!";
		}
		else
		{
		    $rand_num = rand(1,10000000);
		    $query = "INSERT INTO Item (PID,IID,[Index],Prefix,Info,Num,MaxEnd,CurEnd,SetGem,XAttack,XMagic,XDefense,XHit,XDodge,Protect,UpgrLevel,UpgrRate)
		    VALUES ('517','". $rand_num ."','". $_POST['iindex'] ."','0','0','". $_POST['amount'] ."','0','0','0','0','0','0','0','0','0','0','0')";
		    $res = mssql_query($query);
		    if ($res)
		    {
		        $query1 = "UPDATE Item SET Num = Num - ". $price ." WHERE PID = 517 AND [Index] = 31";
		        $res1 = mssql_query($query1);
		        if ($res1)
		            {
		                echo "The item was bought successfully!";
		            }
		            else 
		            {
		                echo "A problem occured during buying the item";
		            }
		    }
		}
	}
}

You could also use ereg or mssql_real_escape_string(does it exist)?
 
Upvote 0
Newbie Spellweaver
Joined
Nov 6, 2007
Messages
87
Reaction score
0
$_POST['amount'] is directly putted into the database.

If anybody would fill in a harmful code you're screwed

Also, choosing a random number for IID is not smart since you will have doubles that way.
you mean that if someone is changing the hidden to text its not good?
and how can i do auto incerment to IID?
and how can i fix this probs?
 
Upvote 0
Back
Top