PFMaBiSmAd

http://w3schools.com/php/php_mysql_insert.asp

You are not actually calling your function.

You didn't exactly state what problem you were having when you attempted to do this. All you posted was a statement of what you wanted to do.

Your header() redirect needs an exit; statement after it to prevent the remainder of the code on the page from being accessed when someone ignores the header that was sent to the browser.

Probably a fatal runtime error at the mysql_ statement, either because the mysql extension is not enabled or is perhaps corrupted or a mis-matched version... What does full php error_reporting/error logging show?

http://w3schools.com/php/php_mysql_intro.asp

You can use mysql_error() as part of your or die() statement to get php/mysql to tell you why the query is failing. You are not selecting a database, so that would be one error.

You are calling your ->write() method, which is where your INSERT query is at, every time you submit to the page - When you submit the form from your display_alter_page() code, the above two lines of code inserts a record.

http://www.phpmyedit.org/

Best guess is you have a logic error in your code and your INSERT query is also being executed when you execute the UPDATE query code or your browser is requesting your page twice and the second request is executing the code where your INSERT query is located. It would be helpful if you posted the actual code on your page that is producing this symptom so that someone could see what your code actually is.

Just SELECT the columns you want in your query statement.

Edit: LOL, duplicate information from above ^^^ ^^^ Not if you use htmlentities(), with the second parameter set to ENT_QUOTES, on DATA being output to the browser that could contain HTML special characters and/or use urlencode() if this is going into a URL. What are you actually doing at the point that the HTML gets broken by a ' ?

It's unlikely that the time your form processing page is taking is causing this. You also didn't give us any indication of how long your form processing page takes to run/how long this blank page is displayed? I'm going to guess your symptom is being caused by something you are doing on pageA in the browser (some validation or other), because I just simulated what you state you are doing (form on pageA and a 10 second delay on pageB before redirecting to pageC) and the result in two different browsers was - after submitting the form, pageA was still being displayed and the pageA status bar indicated waiting for the server..., then after the 10 second delay the redirect caused pageC to be requested and displayed. If you want help with your actual problem, you will need to post enough of your code that REPRODUCES the problem. If the code you are going to post doesn't reproduce the problem for you on your system, don't bother posting it. The 'efficiency' you have heard about concerning classes/OOP has nothing to do with the execution time of your script. In fact, the same exact application written using classes/OOP would take slightly longer to run. OOP is just a different coding method and if your exiting programming is doing something to cause an unusual result, using OOP won't change that until you find and fix what you are doing in your code that is causing the problem.

Most likely, your HTML is missing some quotes around the values and the space character is serving as a break character rather than as part of the data.

If the timezone database that php is using is up to date, DST changes should automatically be taken into account. See the NOTE: and the PECL link on this page - http://www.php.net/manual/en/timezones.php for how you can update php's timezone database. You can also use the timezone_version_get() function to get find out what version of the database you already have.

The problem is because php.net thought they would - Above quote is from the magic_quotes section of the php.net documentation.

You could also use mysql_error() to get php/mysql to tell you why the query is failing.

The last while(){ statement in the posted code is missing a closing } and the if(isset($_GET['ID'])){ line is missing it's closing } Edit: and there seems to be at least one other one missing. Edit2: It was just those two that were missing. I seriously recommend that you properly indent your code so that blocks at the same level are indented the same amount. This would get the {}'s to line up and you could find missing ones.

Here is what the code on the page you have posted in this thread would look like - <?php include("../connection.php"); session_start(); $username = $_SESSION['username']; ?> <style type="text/css"> <!-- body,td,th { font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #48371E; } body { background-color: #ffffff; } a:link { color: #48371E; } a:visited { color: #48371E; } a:hover { color: #48371E; } a:active { color: #48371E; } .style1 { font-size: 9px; font-style: italic; } --> </style> <title>Buy Item</title> </head> <body> <table width="300" height="100" border="0" cellpadding="6" background="../Photos/Message box/Msgbox.png"> <tr> <td width="274" height="30"> <?php $query = mysql_query("SELECT * FROM Game WHERE User='$username'"); $row = mysql_fetch_assoc($query); //$dbusername = $row['User']; // not used //$dbpassword = $row['Password']; // not used //$email = $row['Email']; // not used //$name= $row['Fac Name']; // not used //$attck = $row['Attack']; // not used (spelling error in variable name) //$defense = $row['Defense']; // not used (also duplicated below) //$health = $row['Health']; // not used (also duplicated below) //$extra1 = $row['Extra 1']; // not used //$extra2 = $row['Extra 2']; // not used //$extra1N = $row['Extra number 1']; // not used //$extra2N = $row['Extra number 2']; // not used //$Rank = $row['Rank']; // not used //$location = $row['Location']; // not used //$Won = $row['Won']; // not used //$Loss = $row['Loss']; // not used $money = $row['Money']; // used //$credits = $row['Credits']; // not used $xp = $row['XP']; // used // $attack = $row['Attack']; // not used (no spelling error in this one) // $defense = $row['Defense']; // not used (duplicated above) //$health = $row['Health']; // not used (duplicated above) $S = $row['S']; // used //$V = $row['V']; // not used //$A = $row['A']; // not used $query = mysql_query("SELECT * FROM HQ WHERE User='$username'"); $row = mysql_fetch_assoc($query); //$HQ = $row['HQ']; // not used //$Raidar = $row['Raidar']; // not used //$Defense = $row['Defense']; // not used, letter case difference //$Missile = $row['Missile']; // not used //$Runway = $row['Runway']; // not used //$Gate = $row['Gate']; // not used //$Defence2 = $row['Defence2']; // not used //$Vehicle = $row['Vehicle']; // not used $Troops = $row['Troops']; // used // item specific values (see the $items array that is immediately after these comments in the code) //$price = 250; //$level = -1; // XP level needed (-1 to disable) //$item = "Riflemen 3rd Class"; //$skill = 10; // added to skill level //$attack = 25; // added to attack level //$defense = 25; // added to defense level // put the following $items array code into a separate file and include it into any page that needs to access the item array // you can also loop through the $items array to list the item name and features in your menu where you select an item to purchase $items = array(); $items[1] = array('price'=>250, 'level'=> -1, 'item' => "Riflemen 3rd Class", 'skill' => 10, 'attack' => 25, 'defense' => 25); // Define other items here... $item_code = isset($_GET['item']) ? (int)$_GET['item'] : 0 ; // get and condition any item_code on the end of the URL if(isset($items[$item_code])){ // the item does exist, populate the program variables with the appropriate values foreach($items[$item_code] as $key => $value){ ${$key} = $value; } if($Troops >1){ if($xp>$level){ if($money>=$price){ $AD2 = $S + $skill; // calc new skill level if(($Troops == 2 && $AD2 > 100) || ($Troops == 3 && $AD2 > 1000) || ($Troops == 4 && $AD2 > 3000) ||($Troops == 5 && $AD2 > 5000) ){ die ("Troop limit reached!<br><a href='../Shop.php'>Back</a>"); } $total = $money - $price; // for display purposes mysql_query("UPDATE Game SET Money = Money - $price, Attack = Attack + $attack, Defense = Defense + $defense, S = S + $skill WHERE user = '$username'"); mysql_query("UPDATE Weapons SET R3 = 2 WHERE user = '$username'"); echo "$username you have just bought $item! You now have $total Coins<br><a href='../Shop.php'>Back</a>"; } else { echo "You do not have enough money to buy this item! <br><a href='../Shop.php'>Back</a>"; } } else { echo "You need 250 XP to buy this item! <br><a href='../Shop.php'>Back</a>"; } } else { echo "You require a troop camp to use this item!<br><a href='../Shop.php'>Back</a>"; } } else { echo "The item you selected does not exist!<br><a href='../Shop.php'>Back</a>"; } ?> </tr> </table> <p> </p> I left in, but commented out, the variables being assigned from your queries that are not used, contain typo's, are duplicated, and have different letter case than what the program is actually using. There was also some logic errors and at least one wrong link and one HTML error in a link. Edit: The background color is also different in the above code from what you have in your code.

Your query on line 468 failed due to an error of some kind and you don't have any error checking or error reporting logic in your code to get your code to tell you if and why the query failed.

In the amount of time you have spent fooling around with the errors on the one page of code in this thread (which I am guessing was just to add one item to the list of available items), you could have consolidated all your items into one page. Are you going to keep taking the better part of a day every time you add a page or simplify your life and make this easier? You don't even need to do this all at once. Just set up the scheme and get one item working, then you can use the new method to add new items and migrate your existing items over as you see fit.

^^^ If you have created a different page for each possible item, that only differs in the value(s) being used in the code, you have missed the point of using a programming language and missed the point of using variables to hold values. You should have ONE page that is passed some item identifier and it simply sets up a variable(s) and reuses one set of code. In programming, anytime you find yourself repeating code, either within one page or making duplicate pages that only differ in the value they use, you can consolidate the code into one instance and save yourself a HUGE amount of time in the process. You will only have one set of code to change. This will also kind of force you to organize all the values your code is using in to an array (or perhaps a database table) that will make it easier to change any values in the future simply by changed the data, rather than going through the code making changes to the values hard-code in the statements. If you are going to go through a large number of pages 'fixing' the same code over and over anyway, wouldn't it be better to spend the same or less amount of time simplifying the whole scheme to use one file?

I think you probably need to use a programming editor that shows line numbers so that you can accurately determine where in your code an error is being reported at. Simply amazing.

That might be part of your code, but it is not the code where the error is occurring at. It would help if you posted the complete error message and the complete file where the error is occurring.

^^^ No you won't. When data is properly escaped (only once) the \ characters are not inserted into the database and when it is retrieved, with magic_quotes_runtime turned OFF, the \ characters as not added to the retrieved data and you don't need to do anything before you use the data.