pengu Posted July 28, 2009 Share Posted July 28, 2009 Is there an easier method to do this? The tables are absolute, they arent going to change, so.. not going to change that part. But I've tried to make this secure. $q should not have to be escaped because it's not going into query.. is that correct? I just have a whole heap of querys and IF statements. P.S Sorry for the long code.. <?php /************************************************** Page: wardrobe.php Created on: 01/07/2009 Last modified: 24/07/2009 Modified by: Jamie Ross Created by Jamie Ross of http://www.deadendcafe.net **************************************************/ //db connection.. include('-------'); include('links.php'); $q = $_GET['q']; $item = $_GET['item']; switch ($q) { case 'equip': mysql_real_escape_string($item); if (empty($item)) { echo "No item was selected."; exit(); } $sql = "SELECT itemid,item_type,item_name,style_points FROM item WHERE itemid = '".$item."'"; $result = mysql_query($sql); if (mysql_num_rows($result) != 1) { echo "No item was found. "; exit(); } $row = mysql_fetch_assoc($result); $item_type = $row['item_type']; $item_name = $row['item_name']; $item_points = $row['style_points']; $sql = "SELECT id,shirt,pants,shoes,ring,necklace FROM users WHERE id = '".$_SESSION['myid']."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $shirt = $row['shirt']; $pants = $row['pants']; $shoes = $row['shoes']; $ring = $row['ring']; $necklace = $row['necklace']; if ($item_name == $shirt || $item_name == $pants || $item_name == $shoes || $item_name == $ring || $item_name == $necklace) { echo "You already have this item equiped."; exit(); } if ($item_type == 1) { $sql = "SELECT style_points FROM item WHERE item_name = '".$shirt."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET shirt = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 2) { $sql = "SELECT style_points FROM item WHERE item_name = '".$pants."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET pants = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 3) { $sql = "SELECT style_points FROM item WHERE item_name = '".$shoes."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET shoes = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 4) { $sql = "SELECT style_points FROM item WHERE item_name = '".$ring."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET ring = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 5) { $sql = "SELECT style_points FROM item WHERE item_name = '".$necklace."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET necklace = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } break; default: echo '<html><head></head><body><center><table width="800px"><tr><td colspan="4" align="center"><h1>'.$_SESSION['username'].'\'s wardrobe</h1></td>'; echo '</tr><tr><th>ITEM ID</th><th>ITEM NAME</th><th>STYLE POINTS</th><TH> </th></tr>'; $sql = "SELECT * FROM wardrobe WHERE user_id = '" . $_SESSION['myid'] . "'"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td align='center'>" . $row['itemid'] . "</td>" ; echo "<td align='center'>" .$row['item_name'] . "</td>"; echo "<td align='center'>" .$row['style_points'] . "</td>"; echo "<td align='center'><a href='wardrobe.php?q=equip&item=".$row['itemid']."'>equip</a></td>"; echo "</tr>"; } echo '</table></center></body></html>'; break; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/167706-possibly-an-easier-method/ Share on other sites More sharing options...
.josh Posted July 28, 2009 Share Posted July 28, 2009 Wish you the best of luck in getting an answer...but fyi you are going to be hard pressed in finding someone willing to sift through a bunch of code and recommend what can be done better. At least, for free, anyways... Quote Link to comment https://forums.phpfreaks.com/topic/167706-possibly-an-easier-method/#findComment-884392 Share on other sites More sharing options...
pengu Posted July 28, 2009 Author Share Posted July 28, 2009 Wish you the best of luck in getting an answer...but fyi you are going to be hard pressed in finding someone willing to sift through a bunch of code and recommend what can be done better. At least, for free, anyways... Yeah figured as much, just want tips for structure.. I've just got query after query, oh well. Thanks anyways. Quote Link to comment https://forums.phpfreaks.com/topic/167706-possibly-an-easier-method/#findComment-884398 Share on other sites More sharing options...
.josh Posted July 28, 2009 Share Posted July 28, 2009 in general, you can look for patterns in your script and consolidate. For instance, I see that most of your queries/conditions seem to do pretty much the same thing, only columns and messages changing. All of that can be consolidated into a single function with a few params passed to it. Quote Link to comment https://forums.phpfreaks.com/topic/167706-possibly-an-easier-method/#findComment-884406 Share on other sites More sharing options...
pengu Posted July 28, 2009 Author Share Posted July 28, 2009 in general, you can look for patterns in your script and consolidate. For instance, I see that most of your queries/conditions seem to do pretty much the same thing, only columns and messages changing. All of that can be consolidated into a single function with a few params passed to it. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/167706-possibly-an-easier-method/#findComment-884414 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.