Page 2 of 2

Re: Whats wrong?

Posted: Fri Feb 19, 2010 3:29 pm
by josh
Means the query first before you tried to use $result failed.

hint: look at mysql_error( $result)

Re: Whats wrong?

Posted: Sat Feb 20, 2010 8:27 am
by Linjon
Like so?:

Code: Select all

<?php 
$dbhost = 'localhost'; 
$dbuser = '********'; 
$dbpass = '********';
$dbname = '********;
 
if(!in_array($_SERVER['REMOTE_ADDR'], 
array('81.20.151.38', '81.20.148.122'))) { 
die("Error: Unknown IP"); 
} 
mysql_connect("$dbhost", "$dbuser", "$dbpass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error()); 
 
$result = mysql_query("SELECT `player_id` FROM `wc3_player` WHERE `player_name` ='".$_GET['message']."'") or die(mysql_error()); 
if(mysql_num_rows($result) != 1) { 
echo " No user found";exit; 
}else{
 
$addxp = 75000;
 
$id = mysql_query("SELECT `tablename` `player_id` FROM `wc3_player` WHERE `player_name` ='".$_GET['message']."'");
mysql_query("UPDATE `database`.`wc3_player_race` SET `race_xp` = `race_xp` + ".$addxp." WHERE `wc3_player_race`.`player_id` = '1'' AND `wc3_player_race`.`race_id` =1");
echo "Points added";
}
?>
If i change player_id to 2 then player with id 2 gets points and if 3 then player with id 3 gets points. How can i do that dynamic (if player "hello32" have id 5 and he send sms with his username then he got points) ?

Re: Whats wrong?

Posted: Sat Feb 20, 2010 5:51 pm
by josh
The same way you made the "message" column dynamic. And btw you must run inputs thru mysql_real_escape_string before using them as "dynamic parts of queries". Otherwise they can sneak in actual SQL into the inputs.

Re: Whats wrong?

Posted: Thu Feb 25, 2010 11:39 am
by Linjon
I dont get it how to do it :/

Re: Whats wrong?

Posted: Sat Feb 27, 2010 5:09 am
by Linjon
Help please?

Re: Whats wrong?

Posted: Sat Feb 27, 2010 1:44 pm
by josh
sprintf( "player_id = %d", $five )
"player_id = " . (int)$five

either will work