Noximity

Hey guys I've made this simple php code to fetch stuff for my website I'm pretty sure that I've done nothing wrong can anyone see any mistakes? <?php if($showclosedgames==1){$query1="SELECT * FROM games";} elseif($showclosedgames==0){$query1="SELECT * FROM games WHERE winner=''";} $record_count = $conn->query($query1); $per_page= $limit; $pages = ceil($record_count->num_rows / $per_page); if(!isset($_GET['page'])) { $page = 1; } else { $page = $_GET['page']; } if($page <= 0) { $start = 1; } else { $start = $page * $per_page - $per_page; } $prev = $page -1; $next = $page +1; if($showclosedgames==1){$query2="SELECT * FROM games ORDER BY amount DESC LIMIT $start, $per_page";} elseif($showclosedgames==0){$query2="SELECT * FROM games WHERE winner='' ORDER BY amount DESC LIMIT $start, $per_page";} $query = $query2; if ($result = $conn->query($query)) { while ($row = $result->fetch_assoc()) { if(empty($row['winner'])){$status='open';} elseif(!empty($row['winner'])){$status='closed';} ?>

Hello guys I'm wondering if I can make the "host.php" page appear within a modal on the same page. When a user clicks "Host a lobby' the host.php page will pop up on the same page. If anyone knows how to do this please help me! Thanks <?php if(isset($_SESSION['steamid'])) { echo' <a href="host.php" target="_BLANK"> <button type="button" class="btn btn-lg btn-inverse btn-custom waves-effect waves-light">Host a lobby</button> </a> '; } else { echo' <a href="?login"> <button type="button" class="btn btn-lg btn-inverse btn-custom waves-effect waves-light">Log In before Hosting</button> </a> '; } ?>

Hello users on phpfreaks! I have recently started my journey to master PHP coding. I have started creating my own website that uses php but I have been receiving one error that I can't quite fix "( ! ) Warning: mysqli_select_db() expects parameter 1 to be mysqli, string given in C:\wamp64\www\link.php on line 4" I have been trying to fix this for quite a while now and I can't seem to get my link.php to work properly! If anyone can give me a fix it would be highly appreciated! My code will be shown below! <?php @include_once 'settings.php'; //session_start $link = mysqli_connect($servername, $username, $password); //MySQL Host, Username, password $db_selected = mysqli_select_db('database', $link); //MySql database mysqli_query("SET NAMES utf8"); function fetchinfo($rowname, $tablename, $finder, $findervalue) { if ($finder == "1") $result = mysqli_query("SELECT $rowname FROM $tablename"); else $result = mysqli_query("SELECT $rowname FROM $tablename WHERE `$finder` =`$findervalue`"); $row = mysqli_fetch_assoc($result); return $row[$rowname]; } function secureoutput($string) { $string = mysqli_real_escape_string($string); $string = htmlentities(strip_tags($string)); $string = str_replace('>', '', $string); $string = str_replace('<', '', $string); $string = htmlspecialchars($string); return $string; } ?>

I recently created a script that allows users to get free items using another persons code. Soon I had figured out that users were typing "TESTCODE', admin='1" , "TESTCODE', balance='1" And a bunch of other stuff on this page to exploit their balances and other things. I've bee trying to clean up the code and prevent the users from exploiting this page but I am bamboozled on trying to fix it. I'm not too sure how to go about fixing it, If anyone knows what to change/type to fix this problem it is appreciated, Thanks! Help is highly appreciated Affiliates Page Code: <?php require_once 'templates/_header.php'; ?><input type="hidden" id="steamid" value="<?php echo $_SESSION['steamid']; ?>"> <?php $totalBet = 0; $totalReferredUsers = 0; $totalEarnings = 0; $availableEarnings = 0; if(!isset($_SESSION['steamid'])) { ?> <div class="notice notice-danger"> <strong> Error. </strong> <span style="display: block"> You don't have access to that site. </span> </div> <?php } else { ?> <?php $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // count referred users $sql = "SELECT played FROM users WHERE referredBy='".$_SESSION['steamid']."'"; $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $totalBet += $row['played']; } } $totalReferredUsers = mysqli_num_rows($result); // get user data $sql = "SELECT refEarningsTotal, refEarningsAvailable, code FROM users WHERE steamid='".$_SESSION['steamid']."'"; $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $totalEarnings = $row['refEarningsTotal']; $availableEarnings = $row['refEarningsAvailable']; $code = $row['code']; } } ?> <div class="row"> <h2><i class="fa fa-server"></i> Afilliates</h2> <div class="col-md-12"> <div id="afMsg"></div> <div class="input-group" style="margin-bottom:20px"> <input type="text" id="code333" class="form-control" value="<?php echo $code; ?>" placeholder="Your referral code..."> <span class="input-group-btn"> <a class="btn btn-primary" role="button" onclick="updateCode();">Update</a> </span> </div> <table class="table table-bordered"> <tbody> <tr> <th>Total referred users</th> <td><?php echo $totalReferredUsers; ?></td> </tr> <tr> <th>Total bet</th> <td><?php echo $totalBet; ?> $</td> </tr> <tr> <th>Total earnings</th> <td><?php echo $totalEarnings; ?> $</td> </tr> <tr> <th>Available earnings</th> <td><?php echo $availableEarnings; ?> $</td> </tr> </tbody> </table> <a role="button" class="btn btn-success btn-block" onclick="collectEarnings();">Collect earnings</a> <table class="table table-bordered" style="margin-top:25px;"> <thead> <tr> <th>Steam ID</th> <th>Total bet</th> </tr> </thead> <tbody> <?php $sql2 = "SELECT steamid, played FROM users WHERE referredBy='".$_SESSION['steamid']."'"; $result2 = $conn->query($sql2); if ($result2->num_rows > 0) { while($row2 = $result2->fetch_assoc()) { echo '<tr><td>'.$row2['steamid'].'</td>'; echo '<td>'.$row2['played'].'</td>'; } } $conn->close(); ?> </tbody> </table> </div> </div> <?php } ?> <?php require_once 'templates/_footer.php'; ?> If the user already has a referral code and the user updates it this script is executed: <?php include 'settings.php'; $code = strtoupper($_POST['code']); $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $code = $_POST['code']; $sql = "SELECT id FROM users WHERE code='".$code."'"; $result = $conn->query($sql); if ($result->num_rows > 0) { ?> <div class="notice notice-danger"> <strong> Error. </strong> <span style="display: block"> This code is already in use. </span> </div> <?php exit; } if(empty($code)) { ?> <div class="notice notice-danger"> <strong> Error. </strong> <span style="display: block"> Code can't be empty. </span> </div> <?php } else { // update code $sql = "UPDATE users SET code='".$code."' WHERE steamid='".$_POST['steamid']."'"; $result = $conn->query($sql); if ($conn->query($sql) === TRUE) { ?> <div class="notice notice-success"> <strong> Success! </strong> <span style="display: block"> Your referral code has been changed to <strong><?php echo $code; ?></strong>. </span> </div> <?php } else { ?> <div class="notice notice-danger"> <strong> Database error. </strong> <span style="display: block"> Please try again. (5) </span> </div> <?php } } $conn->close(); ?> Trade Link update code: <?php include 'settings.php'; $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "UPDATE users SET tlink='".$_POST['link']."&token=".$_POST['token']."' WHERE steamid='".$_POST['steamid']."'"; $result = $conn->query($sql); if ($conn->query($sql) === TRUE) { ?> <div class="notice notice-success"> <strong>Success!</strong> <span style="display:block">Your tradelink has been updated.</span> </div> <?php } else { ?> <div class="notice notice-danger"> <strong>Error!</strong> <span style="display:block">There was en error while updating your tradelink. Try refreshing site.</span> </div> <?php } $conn->close(); ?>