Page 1 of 1

Ladder

Posted: Mon Jan 28, 2008 6:44 pm
by Aravinthan
Hi, I am a new to this forum, and I want to know how to make a ladder.
Let me explain,
I am making a website for a gaming clan: http://warfaringwarriors.x10hosting.com
And I tought of making a ladder. Every saturday, there is gunna be a match and the players partipating in the match will receive points.
Here is what I can do:
- THe registration page
-Create the table and display it by points:
Input page(after the registration from the HTML form has been sent):
<?php

$points= addslashes($points);
$eso = addslashes ($eso);
$email = addslashes ($email);
$country = addslashes ($country);

@ $link = mysql_pconnect ("localhost", "user", "pass");

if (!$link)
{
echo "Error: Can't connect right now. Please try again later.";
exit;
}

mysql_select_db("database");
$query = "insert into clanapp values
('".$points."', '".$eso."', '".$email."','".$country."')";

$result = mysql_query($query);
if ($result)

mail( "officers@warfaringwarriors.x10hosting.com ", "New application for the Warfaring Warriors Training Camp Tournament",
"eso: $eso","</br>","email: $email","</br>","country: $country","</br>", "From: $email" );
echo "Application inserted into database. <a href='index.php'>Go Back.</a>";

?>
Output Page:
<?php
$link = mysql_connect ("localhost", "user", "pass");
mysql_select_db ("database", $link);
$result = mysql_query("SELECT * FROM database", $link);
if (mysql_db_query("batabase", "select * from table", $link))
{
print ("");
}
else
{
print ("The query could not be executed!<BR>");
}

$link = mysql_connect ("localhost", "user", "pass");

mysql_select_db("database",$link);

$Result = mysql_query("SELECT * FROM table ORDER BY 'points'",$link);
echo "<table cellpadding='0' width='400'>";
echo "<tr bgcolor='#eeeeee'>";
echo "<th>Points</th><th>ESO Username</th><th>e-mail</th><th>country</th>";
echo "</tr>";

while ($Row = mysql_fetch_row($Result))
{
printf ("<tr><td align='center'>%s</td><td align='center'>%s</td><td align='center'>%s</td><td align='center'>%s</td></tr>",
$Row[0], $Row[1], $Row[2], $Row[3] );
}


echo "</table>";




?>
Will this work?
Here is what I need help with:
-Update the points, which I tried and failed miserably....

Thanks for your help, If you need more details please dont hesitate to ask me
Good day!

Edit: I forgot to mention, when I say Update the points which means: for exemple Player X plays 5 games and he has 100 poitns till now, and he gets 10 poitns for game 6. Well When I will update it , It shud do: 100+10... I have an idea, I think in the outpage i shud put a textbox near the names/points thing, andthere the officers can put the points he got. At the bottom there is a submit button, when they click, it sends to another page. Where there is a function thats adds up the funtion and saves the result i nthe DB. But how to do it, I can't figure it out...!!!

Re: Ladder

Posted: Mon Jan 28, 2008 7:47 pm
by Christopher
Two think first. You should use the mysql_escape_real() function on the values that go into the database. Likewise you should convert htmlentities() in output to the page and email.

If you have a HTML form then you can get the values in PHP from the $_POST superglobal array. Give it a try and post updated code.

Re: Ladder

Posted: Tue Jan 29, 2008 5:50 am
by Ollie Saunders
Will this work?
Should do. If you have any specific problems we can help you better.
-Update the points, which I tried and failed miserably....
an update query looks a bit like this

Code: Select all

UPDATE `tableName` SET `colA` = 'valueA', `colB` = 'valueB' WHERE `id` = 45
It's good practice in MySQL to put backticks (`) round the various identifiers as I have done in the example.

Code: Select all

$points= addslashes($points);
You should target these with $_POST or $_GET for more secure code a la:

Code: Select all

$points = addslashes($_POST['points']);
and use mysql_real_escape_string() as aborint, oh so correctly, advised

Re: Ladder

Posted: Tue Jan 29, 2008 6:23 am
by Aravinthan
Thanks for your quick replys ,
I have a few questions, as i aint that familiar with PHP, I would like to know what and how to use:
- mysql_escape_real()
- htmlentities()
OK so I updated the form what I understood:
Form:
form name="wrwrtc" action="input.php" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
ESO Username:
</td>
<td>
<input type="text" name="eso">
</td>
</tr>
<tr>
<td>
E-mail:
</td>
<td>
<input type="text" name="email">
</td>
</tr>
<tr>
<td>
Country:
</td>
<td>
<input type="text" name="country">
</td>
</tr>
<tr>
<td>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Reset">
</td>
</tr>
</table>
</form>
Input Page:
<?php

$points = addslashes($_POST['points']);
$eso = addslashes ($_POST['eso']);
$email = addslashes ($_POST['emal']);
$country = addslashes ($_POST['county']);

@ $link = mysql_pconnect ("localhost", "username", "password");

if (!$link)
{
echo "Error: Can't connect right now. Please try again later.";
exit;
}

mysql_select_db("database");
$query = "insert into clanapp values
('".$points."', '".$eso."', '".$email."','".$country."')";

$result = mysql_query($query);
if ($result)

mail( "officers@warfaringwarriors.x10hosting.com ", "New application for Warfaring Warriors Train Camp Tournament",
"eso: $eso","</br>","email: $email","</br>","country: $country","</br>", "From: $email" );
echo "Application inserted into database. <a href='index.php'>Go Back.</a>";

?>
And ole, I know that update code, but what I cant understand is what should I put
UPDATE `tableName` SET `colA` = 'valueA', `colB` = 'valueB' WHERE `id` = 45
Where what? Points, ok but what shud I put as points, you understand..?

Re: Ladder

Posted: Tue Jan 29, 2008 7:58 am
by Ollie Saunders
I would like to know what and how to use:
- mysql_escape_real()
In the same way you are currently using addslashes(), just change it to mysql_real_escape_string()

Use htmlentities() when you output things you have queried from the database.

Code: Select all

$data = mysql_fetch_assoc($result);
echo htmlentities($data['foo']);
And ole, I know that update code, but what I cant understand is what should I put
Imagine a table with columns named foo and bar. Foo is the primary key. In the same way that you might SELECT a particular row like this:[sql]SELECT * FROM `table` WHERE `foo` = 10[/sql]To UPDATE that same row you might do something like this:[sql]UPDATE `table` SET `bar` = 'monkey' WHERE `foo` = 10[/sql]Notice the WHERE clauses are the same as they are both addressing the same row.

Re: Ladder

Posted: Tue Jan 29, 2008 6:21 pm
by Aravinthan
Use htmlentities() when you output things you have queried from the database.

Code: Select all

$data = mysql_fetch_assoc($result);
echo htmlentities($data['foo']);
Ok thanks I got it!
Imagine a table with columns named foo and bar. Foo is the primary key. In the same way that you might SELECT a particular row like this:[sql]SELECT * FROM `table` WHERE `foo` = 10[/sql]To UPDATE that same row you might do something like this:[sql]UPDATE `table` SET `bar` = 'monkey' WHERE `foo` = 10[/sql]Notice the WHERE clauses are the same as they are both addressing the same row.
Yh but, the thing is where 'foo' = 10, but I won't know the points he would have, That means for everyone I woud need to change the code, which would make it pretty long, isn't there an easier way?

Re: Ladder

Posted: Tue Jan 29, 2008 6:58 pm
by Ollie Saunders
Yh but, the thing is where 'foo' = 10, but I won't know the points he would have, That means for everyone I woud need to change the code, which would make it pretty long, isn't there an easier way?
In order to change something you must be able to locate it first. If you haven't allowed for that you need to change it. There's no way round it, sorry.