cdoyle Posted August 23, 2008 Share Posted August 23, 2008 Hi, I'm working on a page, where the user can train their character. There enter how many times to train, and select from a drop down what area they want to train. I got the strength one all setup, and working fine. But then I realized afterwards, the way I have it now. All those IF's will need to be redone for each option in the dropdown. How could I code this, so it does all the checks first, and then looks at the switch? $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); switch($_POST["train"]) { case "Strength": //Check that player has Awake Left if ($player->Awake <= 0) { include("templates/private_header.php"); echo "You are too tired to train."; include("templates/private_footer.php"); exit; } //Check that player has energy Left if ($player->energy <=0) { include("templates/private_header.php"); echo "You have no energy left"; include("templates/private_footer.php"); exit; } //check that player has paid taxes if ($player->Taxes_Owed >0) { include("templates/private_header.php"); echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; include("templates/private_footer.php"); exit; } else { $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); include("templates/private_header.php"); echo "You just trained\n" . $energyreduce . "times" ; echo "$energyreduce"; include("templates/private_footer.php"); exit; } } Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 23, 2008 Share Posted August 23, 2008 Soe of that logic is out of place. I think this will work better for you: <?php $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); include("templates/private_header.php"); //Check that player has Awake Left if ($player->Awake <= 0) { echo "You are too tired to train."; } //Check that player has energy Left else if ($player->energy <=0) { echo "You have no energy left"; } //check that player has paid taxes else if ($player->Taxes_Owed >0) { echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; } //Perform the training else { switch($_POST["train"]) { case "Strength": $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Agility": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Stamina": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; } echo "You just trained\n" . $energyreduce . "times" ; echo "$energyreduce"; } include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 23, 2008 Author Share Posted August 23, 2008 I think this is almost what I need, the IF's seem to work but it's executing them, as soon as the page opens then does the training automatically it seems. It doesn't display the drop downs, or gives the user a chance to select anything. here is my whole page so far, I tried to just copy/paste what you had and replace what I had. <?php /*************************************/ /* ezRPG Gym script */ /* Written by Chris From Wa */ /* http://code.google.com/p/ezrpg */ /* http://www.bbgamezone.com/ */ /* http://www.caraudiocentral.net */ /*************************************/ include("lib.php"); define("PAGENAME", "CAC World Gym...Pump You Up!"); $player = check_user($secret_key, $db); $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); include("templates/private_header.php"); //Check that player has Awake Left if ($player->Awake <= 0) { echo "You are too tired to train."; } //Check that player has energy Left else if ($player->energy <=0) { echo "You have no energy left"; } //check that player has paid taxes else if ($player->Taxes_Owed >0) { echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; } //Perform the training else { switch($_POST["train"]) { case "Strength": $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Agility": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Stamina": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; } echo "You just trained\n" . $energyreduce . "times" ; echo "$energyreduce"; exit; } include("templates/private_footer.php"); include("templates/private_header.php"); echo "<h3>Welcome to the CAC World Gym!</h3><br>If you're a homeowner in our lovely city, all of our equipment is yours to use <strong>FREE!</strong><p>"; echo "The city just requires that you have all your property taxes paid in full<br>"; echo "You currently owe\n$<strong>" . $player->Taxes_Owed . "\n</strong>in taxes<p>"; echo "You can currently train\n<strong>" . $player->energy . "</strong>\ntimes<p>"; echo "<strong>How many times would you like to train</strong><p>"; echo "<form method=\"post\" action=\"gym.php\">"; echo "<input type=\"text\" name=\"trainamount\" value=\"$player->energy\"/><p> "; echo "<strong>What area would you like to work on?</strong><br>"; echo "<select name=\"train\"\n"; echo "<option value=\"Strength\">Strength</option>\n"; echo "<option value=\"Speed\">Speed</option>\n"; echo "<option value=\"Defense\">Defense</option\n"; echo "<input type=\"submit\" value=\"Train\" />\n"; include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 23, 2008 Share Posted August 23, 2008 This should do it. Look throught he code and see if you can understand the logic. It's pretty strait forward <?php /*************************************/ /* ezRPG Gym script */ /* Written by Chris From Wa */ /* http://code.google.com/p/ezrpg */ /* http://www.bbgamezone.com/ */ /* http://www.caraudiocentral.net */ /*************************************/ include("lib.php"); define("PAGENAME", "CAC World Gym...Pump You Up!"); $player = check_user($secret_key, $db); include("templates/private_header.php"); if (isset($_POST['train'])) { $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); //Check that player has Awake Left if ($player->Awake <= 0) { echo "You are too tired to train."; } //Check that player has energy Left else if ($player->energy <=0) { echo "You have no energy left"; } //check that player has paid taxes else if ($player->Taxes_Owed >0) { echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; } //Perform the training else { switch($_POST["train"]) { case "Strength": $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Agility": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Stamina": //$updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; } echo "You just trained\n" . $energyreduce . "times" ; echo "$energyreduce"; } } else { echo "<h3>Welcome to the CAC World Gym!</h3><br>If you're a homeowner in our lovely city, all of our equipment is yours to use <strong>FREE!</strong><p>"; echo "The city just requires that you have all your property taxes paid in full<br>"; echo "You currently owe\n$<strong>" . $player->Taxes_Owed . "\n</strong>in taxes<p>"; echo "You can currently train\n<strong>" . $player->energy . "</strong>\ntimes<p>"; echo "<strong>How many times would you like to train</strong><p>"; echo "<form method=\"post\" action=\"gym.php\">"; echo "<input type=\"text\" name=\"trainamount\" value=\"$player->energy\"/><p> "; echo "<strong>What area would you like to work on?</strong><br>"; echo "<select name=\"train\"\n"; echo "<option value=\"Strength\">Strength</option>\n"; echo "<option value=\"Speed\">Speed</option>\n"; echo "<option value=\"Defense\">Defense</option\n"; echo "<input type=\"submit\" value=\"Train\" />\n"; } include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 23, 2008 Author Share Posted August 23, 2008 That worked! The only part I'm not familiar with is the isset part. I'm new to this still, and haven't came across that yet. I just looked it up, and it kind of makes sense, but could you explain how it works here? Thanks again for your help on this! Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted August 23, 2008 Share Posted August 23, 2008 It checks to see if a variable is set. Manual does a good job of explaining it: isset(). isset — Determine whether a variable is set Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 23, 2008 Share Posted August 23, 2008 What he said ^^^ Basically the script first checks to see if (isset($_POST['train'])) { if the value for the train field has been posted. If so, then the script attempts to perform the training. Else, it will display the form. Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 23, 2008 Author Share Posted August 23, 2008 What he said ^^^ Basically the script first checks to see if (isset($_POST['train'])) { if the value for the train field has been posted. If so, then the script attempts to perform the training. Else, it will display the form. I really like how that works, it cuts down on a lot of the coding that I had. Have another question, after they train. I have this echo "your stats are now"; echo $player->strength; etc.. That works, but it's not showing the updated stats after they trained, it's showing what they had before they trained. Is there a way to make it so it shows what they have now? do I need to re query the db? Also, since my first question has been solved. Where do I mark it as solved? Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 23, 2008 Share Posted August 23, 2008 You know the amount that you are increasing strength by, right? This should work: echo "your stats are now " . ($player->strength + $statupdate); Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 25, 2008 Author Share Posted August 25, 2008 OK, Thanks to everyones help, I have this all up and running. Since this is the first time I've used a text box in a page, to get data from the user. Is there any security issues with the page as I have it now? on this line if (isset($_POST['train'])) { Do I need to mysql_real_escape_string? Here is the code to my page as it is now. include("templates/private_header.php"); if (isset($_POST['train'])) { $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); //Check that player has Awake Left if ($player->Awake <= 0) { echo "You are too tired to train."; } //Check that player has energy Left else if ($player->energy <=0) { echo "You have no energy left"; } //check that player has paid taxes else if ($player->Taxes_Owed >0) { echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; } //Perform the training else { switch($_POST["train"]) { case "Strength": $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Speed": $updatestrength = $db->execute("UPDATE `players` SET `agility`= `agility`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Defense": $updatestrength = $db->execute("UPDATE `players` SET `vitality`= `vitality`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; } echo "You just trained\n" . $energyreduce . "\ntimes" ; echo "Your stats are<p>"; $newstats=$db->execute("Select `strength`, `agility`, `vitality` from players Where `id`=?", array($player->id)); while ($newstats1 = $newstats->fetchrow()) { echo "Strength\n" . $newstats1['strength'] . "<p>"; echo "Defense\n" . $newstats1['vitality'] . "<p>"; echo "Speed\n" . $newstats1['agility'] . "<p>"; echo "Total Stats:\n" . ($newstats1['strength']+$newstats1['agility']+$newstats1['vitality']) . "<br>"; } } } else { echo "<h3>Welcome to the CAC World Gym!</h3><br>If you're a homeowner in our lovely city, all of our equipment is yours to use <strong>FREE!</strong><p>"; echo "The city just requires that you have all your property taxes paid in full<br>"; echo "You currently owe\n$<strong>" . $player->Taxes_Owed . "\n</strong>in taxes<p>"; echo "You can currently train\n<strong>" . $player->energy . "</strong>\ntimes<p>"; echo "<strong>How many times would you like to train</strong><p>"; echo "<form method=\"post\" action=\"gym.php\">"; echo "<input type=\"text\" name=\"trainamount\" value=\"$player->energy\"/><p> "; echo "<strong>What area would you like to work on?</strong><br>"; echo "<select name=\"train\"\n"; echo "<option value=\"Strength\">Strength</option>\n"; echo "<option value=\"Speed\">Speed</option>\n"; echo "<option value=\"Defense\">Defense</option\n"; echo "<input type=\"submit\" value=\"Train\" />\n"; } include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted August 25, 2008 Share Posted August 25, 2008 You only really need to use mysql_real_escape_string() on data that will be inserted into a database. To ensure that is is safe. Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 25, 2008 Author Share Posted August 25, 2008 ah OK. I wasn't sure if people could put something in that text box, to cause bad things to happen to the db. so there really isn't anything I need to do with this? Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 25, 2008 Share Posted August 25, 2008 Although mysql_real_escape_string() will handle possible SQL injection, I would not say it is the only validation that would need to be done. With respect to the code you have above here are a few other things I would do: The value for $_POST['trainamount'] should be a number so you should add validation for that. It doesn't appear you are doing any math on this value, but that is always a concern as a non-number or a zero value can cause unrecoverable errors. For $_POST["train"] you are expecting a value from a fixed list. You should validate that the posted value is from that list. You should always, always assume the user is passing bad data and perform the necessary validations and have the proper error/warning conditions in place. Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 25, 2008 Author Share Posted August 25, 2008 OK, I thought there should be some type of validation. $_Post['trainamount'] Would I use something like this? if (is_numeric($_POST['trainamount')) { I'm not really sure where to put it, does it go right after the $POST_['train']? Quote Link to comment Share on other sites More sharing options...
cdoyle Posted August 26, 2008 Author Share Posted August 26, 2008 OK, I tried this if (isset($_POST['train']) && is_numeric($_POST['trainamount'])&& ($_POST['trainamount'] > 0)) { It seems to work, and also makes sure someone doesn't enter a negative number. Is this the right way to do it? Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 26, 2008 Share Posted August 26, 2008 That's not quite how I would implement it. If the user enters a value in a form and a value is not appropriate I typically will display an error message and presentt he user with the form with the previously entered values. With regard to $_POST['trainamount'] can it be any number (e.g. 2, 3.1459, -3, etc.)? Based upon the text I would assume it needs to be a positive integer (1, 2, 3, etc.). This has not been checked for errors and I didn't spend too much time validating the logic <?php include("templates/private_header.php"); $errors = false; if (isset($_POST['train'])) { //Validate the user entered values if (!is_int($_POST['trainamount']) || is_int($_POST['trainamount'])<1) { $errors[] = "Train amount must be a positive integer"; } if (!in_array($_POST['train'], array('Strength', 'Speed', 'Defense')) { $errors[] = "Training area is not a valid value"; } } if (isset($_POST['train'] && $errors==false) { $statupdate=($player->energy*$player->Awake)/100; $awakereduce=($player->Awake-5); $energyreduce=($_POST['trainamount']); //Check that player has Awake Left if ($player->Awake <= 0) { echo "You are too tired to train."; } //Check that player has energy Left else if ($player->energy <=0) { echo "You have no energy left"; } //check that player has paid taxes else if ($player->Taxes_Owed >0) { echo "<strong>You Deadbeat!</strong> <br>We already told you. You have to pay your property taxes before you can use our gym.<p>"; echo "You didn't think we knew that kind of stuff about you, did ya!<br>"; echo "Pay your taxes or we'll also put that video of you and the goat on youtube"; } //Perform the training else { switch($_POST["train"]) { case "Strength": $updatestrength = $db->execute("UPDATE `players` SET `strength`= `strength`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Speed": $updatestrength = $db->execute("UPDATE `players` SET `agility`= `agility`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; case "Defense": $updatestrength = $db->execute("UPDATE `players` SET `vitality`= `vitality`+?, `Awake`=?, `energy`= `energy`-? WHERE `id`=?", array($statupdate, $awakereduce, $energyreduce, $player->id)); break; } echo "You just trained\n" . $energyreduce . "\ntimes" ; echo "Your stats are<p>"; $newstats=$db->execute("Select `strength`, `agility`, `vitality` from players Where `id`=?", array($player->id)); while ($newstats1 = $newstats->fetchrow()) { echo "Strength\n" . $newstats1['strength'] . "<p>"; echo "Defense\n" . $newstats1['vitality'] . "<p>"; echo "Speed\n" . $newstats1['agility'] . "<p>"; echo "Total Stats:\n" . ($newstats1['strength']+$newstats1['agility']+$newstats1['vitality']) . "<br>"; } } } else { echo "<h3>Welcome to the CAC World Gym!</h3><br>If you're a homeowner in our lovely city, all of our equipment is yours to use <strong>FREE!</strong><p>"; echo "The city just requires that you have all your property taxes paid in full<br>"; echo "You currently owe\n$<strong>" . $player->Taxes_Owed . "\n</strong>in taxes<p>"; echo "You can currently train\n<strong>" . $player->energy . "</strong>\ntimes<p>"; echo "<strong>How many times would you like to train</strong><p>"; if ($errors) { echo "The following errors occured:"; echo "<ul><li>" . implode('<li></li>', $errors) . '</li></ul>'; } echo "<form method=\"post\" action=\"gym.php\">"; echo "<input type=\"text\" name=\"trainamount\" value=\"$player->energy\"/><p> "; echo "<strong>What area would you like to work on?</strong><br>"; echo "<select name=\"train\"\n"; echo "<option value=\"Strength\">Strength</option>\n"; echo "<option value=\"Speed\">Speed</option>\n"; echo "<option value=\"Defense\">Defense</option\n"; echo "<input type=\"submit\" value=\"Train\" />\n"; } include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.