yourichi

Using random you wont really be able to provide the same result everytime. and if I understand correctly, your asking to randomly pick someone , but you have to be able to repeat picking the same person as proof? doesnt that kind of defeat the point of it being random? O_o You have to prioritize which function is actually more important to the game itself. To ensure you'll always have a winner you need the "random" to have the exact range as the number of rows ('players') You want to use a seperate number entered ie winning lottery numbers aspect, well they purely base their sense from having multiple random numbers drawn from a 'hat' but you want to enter this number? therefore taking away the 'lottery' aspect imo. Why not broaden the controls of your 'game' and make it more like an actual game, get each contestant to pick say 5 numbers from 20 for example. (if your looking at a low number of people entering for a higher odds at getting a winner you specify to your players pick 1 from each list in say a drop down list on a form with 5 lists each with the below range) $randomnumber1 = rand(1,4) $randomnumber2 = rand(5, $randomnumber3 = rand(9,12) $randomnumber4 = rand(13,16) $randomnumber5 = rand(17,20) winner = someone who gets 3/5 matchs for example. depending on what exactly your trying to achieve. Somehow to me it reads like your trying to pretend its fair which if was the case it might look like.. players table would look like | idticketnumber | winner | loser | randomnumber | | 1 | 0 | 0 | | | 2 | 0 | 0 | | etc etc $myrandomkey = $_GET['number']; resultQuery = SELECT `idticketnumber` `where randomnumber` == $myrandomnumber if ( resultquery = false ){ $winner = rand(1,10) $query = "UPDATE set lotterytable `winner` = '1' `randomnumber` = '$myrandomkey' where id=$winner"; } else echo idticketnumber you get the idea..

Hi there, trying to create a function more out of lazyness an timesaving than anything im sure it has to do with something combining the use of INSERT and x++ in an array, but im failing at figuring out the right way of doing it to achieve the right combination of effects. in simple need to create a 600x600 grid of co-ordinates where x starts at 1, ending in 600 with y starting at 1 and ending in 600 so basically a cubed set of entrys, (360,000 rows) not even sure thats possible lol.. the table only needs to contain the colums of id, x , y , ownerid (where id is auto inc) any suggestions, as you can tell its a pain-staking long case of affairs to create with a manual VERY long sql statement, trying to figure out a better way of doing this. help please? Thanks

ooo ctype why didnt i think of that! >.<! anyhow going back on topic of the sql injection etc, a standard filter using mysql real escape should be sufficient combined with standard data validation ensuring that only the limited answers are accepted and else error everything else so no action is taken upon any dodgy input?

heh just spent 30minutes trying to work out why the hell i couldnt validate correctly with is_int. found the answer on good ol php.net lol kinda explains why it was always returning as invalid -.- so using numeric was correct after all -.-

sorry that second sentance was meant to say "does the case statement filter.." in the form of a question. must have missed the word lol

Ok, So whats the best way to provide protection against the string based inputs such as the form selection boxs? the case statement that id already created to filter anything that wasnt in the predefined options?

So a revised segment of code would look something along the lines of this? if (isset($_GET['transfer'])) $linkchoice=$_GET['transfer']; else $linkchoice=''; switch($linkchoice){ case 'yes' : if(!$_POST) { echo "failed to recieve data for transfer"; } else { //$post = array_map(“cleanQuery”, $_POST); $noscout = strip_slashes($_POST['scouts1']); if(!is_int($noscout)){ $noscout = "Invalid number"; } $fromscouts1 = strip_slashes($_POST['fromscouts1']); //if()){ switch($fromscouts1){ case : etc etc etc

Dont get me wrong, Im not saying I dont implement it, its just like i said i dont go overboard on it as its an unreliable validator to any wannabe mischief makers. Think i represented what i was looking for poorly, as it feels like you think im disagreeing with you, which isnt the case. and the numeric factor like i said i noted, an will use int rather than numeric, that was my lack of knowledge on the true purpose of that. It was one of the things i was looking for

I appriciate the input, like I said that particular cleanquery was passed to me from a friend who'd had problems with people manipulating forms and various other issues, and suggested that would be a good fix for validating. The backwards compatibility parts of it are like you said fairly obsolete and isn't really my end goal on a production level. As for certain I will be working with php 5~ install. Wasnt really the key issue I was looking at. Your point about the numeric value is duely noted, that was something I was wondering about myself, hence I asked. Ive never been a big fan of client sided form validation as its always so easily broken. I was merely trying to enforce that particular form field could only be passing numbers. Wasnt looking for anything fancy like float values etc. its just purely meant for handling whole round numbers. As an easy way to prevent any kind of data corruption or intentional breaking, or maniupulation of sql injection etc. the numeric value isnt actually an index of any kind, its just purely a physical value that will go into a few maths questions to alter a few fields decided by the select lists. obviously ensuring that the list data maintains its legitamacy is important as it tells the query - the numeric value from field $a and + to field $b as both field a and b are stored in db as INT. This particular task will not require any repopulation, altho I can think of another page where I will need to do such, so Its useful to keep in mind for reference.

Ok bit of a longwinded one but basically on page I will have a standard form <form name"lala" action=post.php?transfer=yes type="POST"> <input type="textbox" name="scouts1"> <input type="select" name="fromscouts1"> <input type="select" name="toscouts1"> <input type="button" name="transfer"> </form> (not gonna type it all, but you get the idea) Now its actually posting to itself. concept is, towards the top of the page, there is a like a header box, that has <?php onloadfindpostdata(); ?> now in the database connection resource file that i use for majority of my functions is Now this was recommended to me by a friend who was doing similar things with forms and recommended this function he got from a guide on protecting your php forms from SQL injection etc. function cleanQuery($string) { if(get_magic_quotes_gpc()) // prevents duplicate backslashes { $string = stripslashes($string); } if (phpversion() >= '4.3.0') { $string = mysql_real_escape_string($string); } else { $string = mysql_escape_string($string); } return $string; } Now This is the function thats called when the page is loaded, to pick up any form entrys and changes they wish to do <?php function onloadfindpostdata() { if (isset($_GET['transfer'])) $linkchoice=$_GET['transfer']; else $linkchoice=''; switch($linkchoice){ case 'yes' : if(!$_POST) { echo "failed to recieve data for transfer"; } else { //$post = array_map(“cleanQuery”, $_POST); $noscout = cleanQuery($_POST['scouts1']); if(!is_numeric($noscout)){ $noscout = "Invalid number"; } $fromscouts1 = cleanQuery($_POST['fromscouts1']); //if()){ switch($fromscouts1){ case 'lions' : $fromscouts1 = "lions"; break; case 'griffins' : $fromscouts1 = "griffins"; break; case 'home' : $fromscouts1 = "home"; break; default: echo "Stop screwing around"; exit; } $toscouts1 = cleanQuery($_POST['toscouts1']); //if()){ switch($toscouts1){ case 'lions' : $toscouts1 = "lions"; break; case 'griffins' : $toscouts1 = "griffins"; break; case 'home' : $roscouts1 = "home"; break; default: echo "Stop screwing around"; exit; } Now the leading question is, is this sufficent validating to prevent abuse of the form, as the eventual form will have 4 more sets of data sets on the form like this, I already have that in place, but felt it was only nessecary to show one of the sets of data, The data once validated will construct a query that looks something like if ($toscouts1 == "griffins") AND ($fromscouts1 == 'lions'){ $query = "SELECT `scouts`,`alphascouts`,`betascouts` FROM troops WHERE id='_SESSION[user_id]'"; mysql bla bla bla or die etc list($alphascouts,$betascouts) ($results) etc etc $newfrom = "$alphascouts - $noscouts"; $newto = "$betascouts + $noscouts"; $query = "UPDATE `troops` SET `alphascouts` = '$newfrom', `betascouts` ='$newto' WHERE id ='_SESSION[user_id]`"; } Oh and about the case GET statement, reason im posting to separate case GET's is ill have separate forms for performing a different task not concerning this particular function, and wanted to be identify different post data from a different form. otherwise it seems a little redundant i know. Also setting defined case options, was hoping to prevent misuse of url entrys into GET requests. although im sure i need to be filtering the get request also clarify please? made that up on the fly so didnt really type it out in full correctly, skipped the obvious query parts. made it as a general idea of what im trying to achieve and how im using the user data. So in short are the validations sufficient for what im trying to achieve. As this project is starting to move towards ready for testing although not ready to go onto a production enviroment, it will be readily available. At this stage I want to test not to have it crushed before it even gets off the ground, so im starting to go back round and tightening up the obvious entry points on forms etc. Voices, opinions? (yes i know my coding is sloppy, thats not what i was asking ) Thanks Regards, Yourichi~

I see, thats great, Thank you very much for your help, much appriciated. Im sure Ill be posting more here over the course of the next few weeks as it develops into more tricky things Thanks again. Regards Yourichi

ah found it, needed to remove the [] = at the start of the array call works perfectly, thank you very much! Would you mind to explain a little exactly how the array works to achieve what i was after? as I will need to replicate various functions of similar nature. Dont particularly like just copy an pasting code, I prefer to understand exactly what the code is supposed to be doing an how it reachs the results otherwise I'll never improve lol Thanks again! Regards Yourichi

mm the logic does seem quite sound.. only 1 minor syntax error that i cant figure out is the second array { $atMaxPopAry[$town['id']] = $town['maxpop']; } //Get list of towns over the max population $query = "SELECT `id`, `maxpop` FROM `users` WHERE `currentpop` > `maxpop`"; $result = mysql_query($query) or die (mysql_error()); $overMaxPopAry = array() while($town = mysql_fetch_assoc($result)) { $overMaxPopAry[] = [$town['id']] = $town['maxpop']; <-- seems to make it unhappy , }

ok simply put i want to run a tick based game every 15minutes a tick will run and go through each players row in the DB and update the various relevant fields Starting with a simple function first, once ive figured this out ill have the framework to create the rest. This function is too read the players row, pull their max population, current population, and "income population per tick" So i need it too read the number of population to add to each persons current population whilst ensuring they dont exceed the max. Reason i store the income population as an individual variable for each user, as later on this figure will be possible to be different for each person based on the level of their city so to speak. Hope that clarifys what im trying to achieve Thanks

Ok The basics of this function is to serve as a "tick" (end goal to be called from a php file accessed as part of a chron job) To update each row (user, who meet certain criteria) with the intention to increase or decrease by another stored variable within the user's row. Please excuse the sloppy code, Im by no means even halfway good at php yet, I have a lot of bad habbits >.< function populationtick() /**Begin pull of all rows, then proceed to update each row for certain fields**/ { $result = mysql_query("SELECT `id`,`towninc`,`maxpop`,`currentpop` FROM `users` WHERE `currentpop` < `maxpop`") or die (mysql_error()); $num = mysql_num_rows($result); /** WHERE `currentpop` < `maxpop` **/ echo "$num rows found<br>"; list($id,$towninc,$maxpop,$currentpop) = mysql_fetch_row($result); if($currentpop < $maxpop) { $newpop = $currentpop + $towninc; echo "$newpop will now be the new population"; $updaterequired = "yes"; } else { echo "$id town at max population"; $updaterequired = "no"; exit; } if ($newpop > $maxpop){ $newpop = $maxpop; echo "over the max adjusting to max pop"; } if($updaterequired == "yes"){ mysql_query("UPDATE haypi.users SET currentpop ='$newpop'"); echo "update complete for $id done"; echo "new population is $newpop and the population inc was $towninc"; } } /**End Function **/ like i said its pretty sloppy, and I prolly should be using a more suitable array, at current this code (of course) will update all records based on the first record encountered (because i dont have the WHERE on the update query) (failing to think of a suitable way to loop this through each row, to pull the new variables for each row an then process an update for each row. Any help with this would be greatly appriciated!

Think i fixed this, i did a little more reading, i was having a severe blonde moment, apparently i was mis-using the mysql_query in the second query line (172) I was doing another fetch which is supposed to return a resource, where as for an update i need to be requesting boolean. >feels stupid for no realizing how sloppy that coding was grmbl<

Hi guys, I appreciate this is just a common error, ive searched through an found many threads with the same error and tried using the mysql error func but it was of no joy, Im still fairly fresh to php itself, but im fairly familar with C structures in general, i think im just being blind on what im doing. trying to create a function to be called that will basically reduce the number of coins one individual person has. ensuring they have enough credit available. (im aware there are other more individual ways of doing this as per shop/pricing but it doesnt particularly fit with the bigger scheme of things to what im trying to achieve hence a seperate function for just reducing the coin count by 50 is what im after. function purchasebox() { list($coin1) = mysql_fetch_row(mysql_query("select coin from users where id='$_SESSION[user_id]'")); if ($coin1> '49') { $newcoin = $coin1 - '50'; mysql_fetch_row(mysql_query("UPDATE sdaccount.users SET coin ='$newcoin' WHERE id='$_SESSION[user_id]'")); echo "Successfully bought!"; } else { echo "Not enough coins"; } } Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\supreme\dbc.php on line 172 Box successfully bought! mysql_fetch_row(mysql_query("UPDATE sdaccount.users SET coin ='$newcoin' WHERE id='$_SESSION[user_id]'")); is line 172 Thanks for any help, im sure its so stupidly obvious what ive done lol, im just having a very long blonde moment >.<! Regards. Edit: One thing to be noted, it is actually working as far as I can see, It is updating the correct person's coin, and follows the rule of more than 50. and will subtract 50 if they have sufficient coin. So it appears to work, its just not clear why its giving this error.