PHP script that doesn't work

[thom6258]

I am making a game for my website but is having trouble getting the below script to work. It should give me my gold status and my level status but no it just doesn't want to:

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsst = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsst = $_SESSION['MM_Username'];
}
mysql_select_db($database_owngame, $owngame);
$query_rsst = sprintf("SELECT * FROM players WHERE username = %s ORDER BY username ASC", GetSQLValueString($colname_rsst, "text"));
$rsst = mysql_query($query_rsst, $owngame) or die(mysql_error());
$row_rsst = mysql_fetch_assoc($rsst);
$totalRows_rsst = mysql_num_rows($rsst);
?>

[Ken2k7]

Try -

$query_rsst = sprintf("SELECT * FROM players WHERE username = '%s' ORDER BY username", GetSQLValueString($colname_rsst, "text"));

[thom6258]

Hi again

 

The script still doesn't work it just shows Gold: and then nothing where it should say Gold: 100

[Ken2k7]

Mind posting the pertinent code? Also, can you verify that your SQL returns data?

[thom6258]

How do you verify that it returns data?

if you meant the hole code here it is:

<?php require_once('Connections/owngame.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsst = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsst = $_SESSION['MM_Username'];
}
mysql_select_db($database_owngame, $owngame);
$query_rsst = sprintf("SELECT * FROM players WHERE username = %s", GetSQLValueString($colname_rsst, "text"));
$rsst = mysql_query($query_rsst, $owngame) or die(mysql_error());
$row_rsst = mysql_fetch_assoc($rsst);
$totalRows_rsst = mysql_num_rows($rsst);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Your Company</title>
<body>
<table width="94%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="22%"> </td>
    <td width="63%" align="center"><h3>ThomasThings.coms Own Company game</h3></td>
    <td width="22%">TOTAL GOLD: <?php echo $row_rsst['gold']; ?></td>
  </tr>
  <tr>
    <td> </td>
    <td align="center"><img src="Images/<?php echo $row_rsst['level']; ?>.gif" alt="You are level: <?php echo $row_rsst['level']; ?>" width="200" height="200"/></td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td> </td>
    <td> </td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result($rsst);
?>

[Ken2k7]

Use var_dump on $totalRows_rsst. If it outputs 0, then no data was returned, which means your SQL is wrong.

[thom6258]

it outputs int(0) is that bad or good? i found out it was because of the login script it didn't give the right session or something like that it workes now many thanks

[thom6258]

I just got another problem when i try to give gold/money to my user the code lookes like this:

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $pay1 = $row_rsjob['payment'];
  $pay2 = $row_rsuser['gold'];
  $pay = $pay2 + $pay1;
  $updateSQL = sprintf("UPDATE players SET gold=%s WHERE id=%s",
                       GetSQLValueString($pay, "text"),
                       GetSQLValueString($_POST['id'], "int"));

  mysql_select_db($database_owngame, $owngame);
  $Result1 = mysql_query($updateSQL, $owngame) or die(mysql_error());

  $updateGoTo = "jobs.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

I have set everything up allright

[Ken2k7]

So... what's the problem?

[thom6258]

Sory i forgot to say the problem: the problem is that it just doesn't add the money, why can this be?

[Ken2k7]

var_dump($pay1, $pay2, $pay);

Put that line above the $updateSQL line and tell me what it outputs.

[fenway]

We don't debug php scripts on this board -- show us some sql statement output.