Means the query first before you tried to use $result failed.
hint: look at mysql_error( $result)
Whats wrong?
Moderator: General Moderators
Re: Whats wrong?
Like so?:
If i change player_id to 2 then player with id 2 gets points and if 3 then player with id 3 gets points. How can i do that dynamic (if player "hello32" have id 5 and he send sms with his username then he got points) ?
Code: Select all
<?php
$dbhost = 'localhost';
$dbuser = '********';
$dbpass = '********';
$dbname = '********;
if(!in_array($_SERVER['REMOTE_ADDR'],
array('81.20.151.38', '81.20.148.122'))) {
die("Error: Unknown IP");
}
mysql_connect("$dbhost", "$dbuser", "$dbpass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error());
$result = mysql_query("SELECT `player_id` FROM `wc3_player` WHERE `player_name` ='".$_GET['message']."'") or die(mysql_error());
if(mysql_num_rows($result) != 1) {
echo " No user found";exit;
}else{
$addxp = 75000;
$id = mysql_query("SELECT `tablename` `player_id` FROM `wc3_player` WHERE `player_name` ='".$_GET['message']."'");
mysql_query("UPDATE `database`.`wc3_player_race` SET `race_xp` = `race_xp` + ".$addxp." WHERE `wc3_player_race`.`player_id` = '1'' AND `wc3_player_race`.`race_id` =1");
echo "Points added";
}
?>Re: Whats wrong?
The same way you made the "message" column dynamic. And btw you must run inputs thru mysql_real_escape_string before using them as "dynamic parts of queries". Otherwise they can sneak in actual SQL into the inputs.
Re: Whats wrong?
I dont get it how to do it :/
Re: Whats wrong?
sprintf( "player_id = %d", $five )
"player_id = " . (int)$five
either will work
"player_id = " . (int)$five
either will work