Jump to content

Possibly an easier method?

pengu

By pengu
in PHP Coding Help

 Share

Recommended Posts

pengu Member

pengu

Posted
Posted

Is there an easier method to do this?  The tables are absolute, they arent going to change, so.. not going to change that part.  But I've tried to make this secure.  $q should not have to be escaped because it's not going into query.. is that correct?

 

I just have a whole heap of querys and IF statements.

 

P.S Sorry for the long code..

 

<?php

/**************************************************
Page: wardrobe.php
Created on: 01/07/2009
Last modified: 24/07/2009
Modified by: Jamie Ross

Created by Jamie Ross of http://www.deadendcafe.net
**************************************************/

//db connection..
include('-------');
include('links.php');

$q = $_GET['q'];
$item = $_GET['item'];

switch ($q)
{
case 'equip':

mysql_real_escape_string($item);

if (empty($item)) {
	echo "No item was selected.";
	exit();
}

$sql = "SELECT itemid,item_type,item_name,style_points FROM item WHERE itemid = '".$item."'";
$result = mysql_query($sql);

if (mysql_num_rows($result) != 1) {
	echo "No item was found. ";
	exit();
}

$row = mysql_fetch_assoc($result);
$item_type = $row['item_type'];
$item_name = $row['item_name'];
$item_points = $row['style_points'];

$sql = "SELECT id,shirt,pants,shoes,ring,necklace FROM users WHERE id = '".$_SESSION['myid']."'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$shirt = $row['shirt'];
$pants = $row['pants'];
$shoes = $row['shoes'];
$ring = $row['ring'];
$necklace = $row['necklace'];

if ($item_name == $shirt || $item_name == $pants || $item_name == $shoes || $item_name == $ring || $item_name == $necklace) {
	echo "You already have this item equiped.";
	exit();
}

if ($item_type == 1) {

	$sql = "SELECT style_points FROM item WHERE item_name = '".$shirt."'";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$i_points = $row['style_points'];

	$sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);

	$sql = "UPDATE users SET shirt = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);
	echo "You have equiped your ".$item_name.".";
	exit();
	}

if ($item_type == 2) {

	$sql = "SELECT style_points FROM item WHERE item_name = '".$pants."'";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$i_points = $row['style_points'];

	$sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);

	$sql = "UPDATE users SET pants = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);
	echo "You have equiped your ".$item_name.".";
	exit();
	}

if ($item_type == 3) {

	$sql = "SELECT style_points FROM item WHERE item_name = '".$shoes."'";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$i_points = $row['style_points'];

	$sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);

	$sql = "UPDATE users SET shoes = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);
	echo "You have equiped your ".$item_name.".";
	exit();
	}

if ($item_type == 4) {

	$sql = "SELECT style_points FROM item WHERE item_name = '".$ring."'";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$i_points = $row['style_points'];

	$sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);

	$sql = "UPDATE users SET ring = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);
	echo "You have equiped your ".$item_name.".";
	exit();
	}

if ($item_type == 5) {

	$sql = "SELECT style_points FROM item WHERE item_name = '".$necklace."'";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$i_points = $row['style_points'];

	$sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);

	$sql = "UPDATE users SET necklace = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'";
	$result = mysql_query($sql);
	echo "You have equiped your ".$item_name.".";
	exit();
	}
break;

default:
	echo '<html><head></head><body><center><table width="800px"><tr><td colspan="4" align="center"><h1>'.$_SESSION['username'].'\'s wardrobe</h1></td>';
	echo '</tr><tr><th>ITEM ID</th><th>ITEM NAME</th><th>STYLE POINTS</th><TH> </th></tr>';
	$sql = "SELECT * FROM wardrobe WHERE user_id = '" . $_SESSION['myid'] . "'";
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
	echo "<tr>";
	echo "<td align='center'>" . $row['itemid'] . "</td>" ;
	echo "<td align='center'>" .$row['item_name'] . "</td>";
	echo "<td align='center'>" .$row['style_points'] . "</td>";
	echo "<td align='center'><a href='wardrobe.php?q=equip&item=".$row['itemid']."'>equip</a></td>";
	echo "</tr>";
	}
	echo '</table></center></body></html>';
break;
}	
?>

Link to comment
Share on other sites
pengu Member

pengu

Posted
  • Author
Posted

Wish you the best of luck in getting an answer...but fyi you are going to be hard pressed in finding someone willing to sift through a bunch of code and recommend what can be done better.  At least, for free, anyways...

 

Yeah figured as much, just want tips for structure..

 

I've just got query after query, oh well.

 

Thanks anyways.

Link to comment
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

in general, you can look for patterns in your script and consolidate.  For instance, I see that most of your queries/conditions seem to do pretty much the same thing, only columns and messages changing.  All of that can be consolidated into a single function with a few params passed to it. 

Link to comment
Share on other sites
pengu Member

pengu

Posted
  • Author
Posted

in general, you can look for patterns in your script and consolidate.  For instance, I see that most of your queries/conditions seem to do pretty much the same thing, only columns and messages changing.  All of that can be consolidated into a single function with a few params passed to it.

 

Thanks.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.