+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Programmers Gateway (https://lckb.dev/forum/forumdisplay.php?fid=196)
+---- Forum: Coders Talk (https://lckb.dev/forum/forumdisplay.php?fid=192)
+---- Thread: [PHP]Seals System (/showthread.php?tid=773)
- Infinity - 04-22-2012
Im trying to make a seal system for the website.
What Im trying ahcer is to select all tables t_inven09 t_inven00 up.
Once there you check if there is an item from one id to another.
i if you change the options (a_option0_idx0 to a_option4 idx4) either item_idx0 to item_idx04.
I do not know if in the right direction so I ask someone to take a look and tell me the errors you find.
I think there .. xDD
I need a good instruction book .. If you can provide would be appreciated.
Thank you,
Att: Infinity
Spanish:
Estoy intentando hacer un sistema de sellos, para la pagina web.
Lo que estoy intentando ahcer es que seleccione todas las tablas t_inven00 hasta t_inven09.
Una vez alli que compruebe si hay algun item desde una id a otra.
i si esta que le cambie las opciones (a_option0_idx0 hasta a_option4 idx4) ya sea item_idx0 hasta item_idx04.
No se si voy por el buen camino por eso pido que alguien le eche un vistazo y me diga los errores que encuentre.
Creo que hay.. xDD
Necesito un buen libro de instrucciones.. Si lo pueden aportar se agradeceria.
Gracias,
Att: Infinity
$playerz = $_POST[Name];
mysql_select_db( $SiteSQL["config-database_db"] , $Site_sqlcon) or die( mysql_error() );
$seals_info = mysql_query("SELECT a_item_idx0, a_item0_option0, a_item0_option1, a_item0_option2, a_item0_option3, a_item0_option4 FROM t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 WHERE a_index = $item");
$seals_info = mysql_query("SELECT a_item_idx1, a_item1_option0, a_item1_option1, a_item1_option2, a_item1_option3, a_item1_option4 FROM t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 WHERE a_index = $item");
$seals_info = mysql_query("SELECT a_item_idx2, a_item2_option0, a_item2_option1, a_item2_option2, a_item2_option3, a_item2_option4 FROM t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 WHERE a_index = $item");
$seals_info = mysql_query("SELECT a_item_idx3, a_item3_option0, a_item3_option1, a_item3_option2, a_item3_option3, a_item3_option4 FROM t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 WHERE a_index = $item");
$seals_info = mysql_query("SELECT a_item_idx4, a_item4_option0, a_item4_option1, a_item4_option2, a_item4_option3, a_item4_option4 FROM t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 WHERE a_index = $item");
$r = 1;
$t = 1;
while( $row = mysql_fetch_array( $seals_info ) )
{
if (($row[a_item_idx] >= 2000-7199))
{
$doseals = mysql_query("UPDATE t_inven00, t_inven01, t_inven02, t_inven03, t_inven04, t_inven05, t_inven06, t_inven07, t_inven08, t_inven09 SET a_item0_option0= 200, a_item0_option1= 200, a_item0_option2= 200 , a_item0_option3= 200, a_item0_option4= 200, a_item1_option0= 200, a_item1_option1= 200, a_item1_option2= 200, a_item1_option3= 200, a_item1_option4= 200, a_item2_option0= 200, a_item2_option1= 200, a_item2_option2= 200, a_item2_option3= 200, a_item2_option4= 200, a_item3_option0= 200, a_item3_option1= 200, a_item3_option2= 200, a_item3_option3= 200, a_item3_option4= 200, a_item4_option0= 200, a_item4_option1= 200, a_item4_option2= 200, a_item4_option3= 200, a_item4_option4= 200 WHERE a_item_idx0= 2000, a_item_idx1= 2000, a_item_idx2= 2000, a_item_idx3= 2000, a_item_idx4= 2000);
echo "
Seals Added";
}
else
{
echo "
Not Items for selling";
}
$r++;
$t++;
}
?>
- Reza - 04-23-2012
this is completely wrong if you need help add me on skype: ) if you need a more immediate
response here keep in mind i dont know exactly what your trying to accomplish the following
would remove the item if you give it a $item value 0-4 and i use this in my itemremove
function if anything your result would look similar to this but with a different in the query etc
<?php
mysql_select_db( $SiteSQL["config-database_db"] , $Site_sqlcon) or die( mysql_error() );
$update = mysql_query();
$lastdigit = (substr($characterid, -1, 1));
$table = ("`t_inven0$lastdigit`");
$qry =("UPDATE `".$SiteSQL["config-database_db"]. "`.$table SET `a_item_idx$item` = 0 WHERE $table.`a_char_idx` =$chaid AND $table.`a_tab_idx` =$itemtype AND $table.`a_row_idx` =$row;");
$cqry = ("select `a_item_idx$item` from `".DB. "`.$table WHERE $table.`a_char_idx` =$chaid AND $table.`a_tab_idx` =$itemtype AND $table.`a_row_idx` =$row;");
if(mysql_result(mysql_query($cqry), 0) <= 0)
{echo "There is no item there"; return;}
$insert = mysql_query($qry);
if(!$insert)
{
echo "failed to reset item contact dev";
}
else
{
echo "Successfully Reset";
}
return;
?>
- Wizatek - 04-23-2012
i would recommed using PDO as it protects u from mysql injections
$qry =("UPDATE `".$SiteSQL["config-database_db"]. "`.$table SET `a_item_idx$item` = 0 WHERE $table.`a_char_idx` =$chaid AND $table.`a_tab_idx` =$itemtype AND $table.`a_row_idx` =$row;");
To do this in a safe way it would look something like this
if( ctype_digit( $characterid ) && ctype_digit( $row ) && cype_digit( $itemtype ) )
{
$query = sprintf
("
UPDATE
%s.t_inven0%d
SET
a_item_idx%d = 0
WHERE
a_char_idx = :charid
AND
a_tab_idx = :itemtype
AND
a_row_idx = :row
", $SiteSQL[config-database_db],
$lastdigit,
$item );
$dbh = $db->prepare($query);
$dbh->execute( array( :charid => $characterid,
:itemtype => $itemtype,
:row => $row ));
}
- Reza - 04-23-2012
I dont really know how Maxes website works but in my stuff everything is sanitized properly and shouldnt be injectable.
but for the other request (reading material)
heres what wiza was talking about
2
and here is a place where i learned most my s*it when i started webserver scripting.
2
- Wizatek - 04-24-2012
Still i would prefer PDO over having to sanitize everything.
Why PDO is so good is because it sends the part in $db->prepare() to the database first.
Then after the mysql command is send, it will send the parameters. These parameters cant be querys on itself, and also wont be executed by the server under any circumstance.
Making it 100% safe against SQL injections without having to sanitize yourself.
But its of course a personal preference.
I learned when its about the game database or website that u can never be to cautious about security.
Sadly i had to learn it the hard way
