Jump to content

Purchase page (math and/or database problem)

mattd8752

By mattd8752
in PHP Coding Help

 Share

Recommended Posts

mattd8752 Member

mattd8752

Posted
Posted
I've got another problem though, with another page:
[code]
<?php
session_start();
mysql_connect("localhost", "*****", "*****") or die("There was an error connecting to the mysql server.");
mysql_select_db("mattd_rpg");

$username=$_SESSION['username'];
$password=$_SESSION['password'];

$result=mysql_query("SELECT * FROM accounts WHERE username='$username' AND password='$password'");
if(mysql_num_rows($result) == 0){
die("Sorry, you are no longer logged in, please login again to continue playing.");
}else{
while($r=mysql_fetch_assoc($result)){
//This is where you would define all your resources, buildings, units, etc.
$cash=$r['money'];
}
}



if(isset($_GET['buy'])){
$buying = $_GET['buy'];


if($buying == "1"){
$money_spent == "500";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('Starter Car', '50', $username ) ");
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "Starter Car has been purchased for $500.  (You have $" . $newmoney . " left)";
}
}
if($_GET['buy'] == "2"){
$money_spent == "25000";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('92 Mustang GT', '225', $username ) "); //http://www.mustanggt.org/92gt.htm
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "92 Mustang GT has been purchased for $25000.  (You have $" . $newmoney . " left)";
}
}
if($_GET['buy'] == "3"){  // INCOMPLETE PAST HERE
$money_spent == "5000";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('1995 Jeta III', '115', $username ) "); //http://www.internetautoguide.com/car-specifications/09-int/1995/volkswagen/jetta-iii/index.html
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "1995 Jeta III has been purchased for $5000.  (You have $" . $newmoney . " left)";
}
}
}
?>
[/code]

Basically, that page should allow you to buy your cars, but it seems to read off:
92 Mustang GT has been purchased for $25000. (You have $999 left)
When I use http://mattdsworld.theicy.net/racing/purchase.php?buy=2
ect.
All of those work, but I do have an error with the data not being placed in the database and the cash left not being shown proper (and it doesn't give the error when you don't have enough cash as I loaded buy=2 with $999.
Ninjakreborn Prolific Member

Ninjakreborn

Posted
Posted
I don't see anything wrong with the script itself, it does what you tell it to do.

Is there something at some point wrong with teh calculations, I am not too good at math.,  eEcho each of your variables, and then check to see what they are, and do your calculations on paper, to make sure they are doing what they should be doing.
Ninjakreborn Prolific Member

Ninjakreborn

Posted
Posted
[quote]Please PM the answer to this as I am logging off if you can.[/quote]\
That's not the way the forum work's, it's meant to help everyone as a whole.
As I said, if it's not reading it
1. Check all the variables, make sure they are recieving there respective values (echo them)
2. Echo out the queries themselves, see what the string holds, so you can tell if the values are making it into teh query itself
If both of those work, check the calculations to make sure they are working right

It sounds like it's either 1 or 2, and they are both very easy to check, echo the variables, and the queries.
Ninjakreborn Prolific Member

Ninjakreborn

Posted
Posted
[code]
<?php
session_start();
mysql_connect("localhost", "*****", "*****") or die("There was an error connecting to the mysql server.");
mysql_select_db("mattd_rpg");

$username=$_SESSION['username'];
$password=$_SESSION['password'];
$result=mysql_query("SELECT * FROM accounts WHERE username='$username' AND password='$password'");
if(mysql_num_rows($result) == 0){
die("Sorry, you are no longer logged in, please login again to continue playing.");
}else{
while($r=mysql_fetch_assoc($result)){
//This is where you would define all your resources, buildings, units, etc.
$cash=$r['money'];
}
}



if(isset($_GET['buy'])){
$buying = $_GET['buy'];


if($buying == "1"){
$money_spent == "500";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('Starter Car', '50', $username ) ");
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "Starter Car has been purchased for $500.  (You have $" . $newmoney . " left)";
}
}
if($_GET['buy'] == "2"){
$money_spent == "25000";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('92 Mustang GT', '225', $username ) "); //http://www.mustanggt.org/92gt.htm
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "92 Mustang GT has been purchased for $25000.  (You have $" . $newmoney . " left)";
}
}
if($_GET['buy'] == "3"){  // INCOMPLETE PAST HERE
$money_spent == "5000";
if($money_spent > $cash){
echo "Not Enough Cash";
}else{
$newmoney=$cash-$money_spent;
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('1995 Jeta III', '115', $username ) "); //http://www.internetautoguide.com/car-specifications/09-int/1995/volkswagen/jetta-iii/index.html
mysql_query("UPDATE accounts SET money='$newmoney' WHERE username='$username' AND password='$password'");
//possibly no ;  next line might need single quotes
echo "1995 Jeta III has been purchased for $5000.  (You have $" . $newmoney . " left)";
}
}
}
?> [/code]
\
Looking at this more heavily, it's going to be very hard to debug this code, NEVER pass queries straight into sql.  Trap them into variables, clean them, then pass them in, it's also easier to find problems, and hunt down problems that way.  Also your calculations seem to complexe for something so simple, try toning it down a bit, see if you can find a simpler solution.

I don't think it's recieving that value from teh database $r['money'];
or whatever it was, I Don't think it's even populating that variable at all.
The cash variable, I am almost sure it's not reading that one, test that variable that it's getting the value, or use mysql_error to test if the query is even being ran.

Rewrite some of that, to allow you to hunt down the problem better.

Also it looks like you are not doing anything, there are 2 things you need to NOT do.

1. Make sure the passwords are encrypted
2. Make sure you are NOT passing that password (encrypted or not) around as a session with the username.  You have no need to carry that around, once they are logged in, they are logged in.
You don't have to double verify it, that is not safe.  Passing those variables straight into those queries is not a good idea, I think you should rewrite the whole thing, with my points in mind, I will bookmark this, if you don't have it figured out tomorrow or monday, I will help you figure out what is going on, once it's rewritten and easier to read.
mattd8752 Member

mattd8752

Posted
  • Author
Posted
Wow, after all that time, it was a simple syntax error: I guess I'm not going to need to rewrite (although I probably will redo the database and usersystem at some point:
$money_spent == "500"; see the 2 == signs, it was checking if they were the same instead of setting it.  I hope this fixes the problem.  I am going to post all my other scripts here so please check back (if they don't work).
mattd8752 Member

mattd8752

Posted
  • Author
Posted
[code]
mysql_query("INSERT INTO cars (name, hp, owner) VALUES('Starter Car', '50', $username ) ");[/code]
doesn't want to work, can anyone help with this one?  Although, it is connected to the database successfully since there is code beside it writing to a diff table.
mattd8752 Member

mattd8752

Posted
  • Author
Posted
Ok, complete redesign:
[code]
<?php
//PHP DB connect here
session_start();
mysql_connect("localhost", "*****", "*****") or die("There was an error connecting to the mysql server.");
mysql_select_db("mattd_rpg");

$username=$_SESSION['username'];
$password=$_SESSION['password'];

$result=mysql_query("SELECT * FROM accounts WHERE username='$username' AND password='$password'");
if(mysql_num_rows($result) == 0){
die("Sorry, you are not logged in, please login again to continue playing.  If you just signed in your username and/or password may be incorrect");
}else{
$query="select * from accounts";
$rt=mysql_query($query);
echo mysql_error();
while($nt=mysql_fetch_array($rt)){
if($nt[username] == $username){
echo $nt['username'].' '.$nt['money'].' '.$nt['email'].'<br>';
}
}
}
$cash = $nt[money];
//LOGIN CHECK MUST BE ADDED

$query="SELECT * FROM cars";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Cars:</center></b><br><br>";

$i=0;
while ($i < $num) {

$id=mysql_result($result,$i,"id");
$name=mysql_result($result,$i,"name");
$hp=mysql_result($result,$i,"hp");
$price=mysql_result($result,$i,"price");
$owner==mysql_result($result,$i,"owner");
if(!isset($owner){
if($cash > $price){
echo "ID: <a href=\"purchase.php?buy=" . $id . "\">" . $id . "</a><br>Name:" . $name . "<br>HP:" . $hp . "<br>Sale Price:" . $price . "<br><br>";
}else{
echo "ID:" . $id . "<br>Name:" . $name . "<br>HP:" . $hp . "<br>Sale Price:" . $price . " (you can\'t afford this car)<br><br>";
}
}else{
echo "<br>This car is sold.<br>";//Testing purposes only
}
$i++;
}

?>

[/code]

I put the line 43 in bold since my error is:
Parse error: syntax error, unexpected '{' in /home/mattd/public_html/racing/purchase.php on line 43

I'm not sure where that one is coming from.

I can't seem to find where an improper { is being sent.
Ninjakreborn Prolific Member

Ninjakreborn

Posted
Posted
[code]
<?php
//PHP DB connect here
session_start();
mysql_connect("localhost", "*****", "*****") or die("There was an error connecting to the mysql server.");
mysql_select_db("mattd_rpg");

$username=$_SESSION['username'];
$password=$_SESSION['password'];

$result=mysql_query("SELECT * FROM accounts WHERE username='$username' AND password='$password'");
if(mysql_num_rows($result) == 0){
die("Sorry, you are not logged in, please login again to continue playing.  If you just signed in your username and/or password may be incorrect");
}else{
$query="select * from accounts";
$rt=mysql_query($query);
echo mysql_error();
while($nt=mysql_fetch_array($rt)){
if($nt[username] == $username){
echo $nt['username'].' '.$nt['money'].' '.$nt['email'].'<br>';
}
}
}
$cash = $nt[money];
//LOGIN CHECK MUST BE ADDED

$query="SELECT * FROM cars";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Cars:</center></b><br><br>";

$i=0;
while ($i < $num) {

$id=mysql_result($result,$i,"id");
$name=mysql_result($result,$i,"name");
$hp=mysql_result($result,$i,"hp");
$price=mysql_result($result,$i,"price");
$owner==mysql_result($result,$i,"owner");
if(!isset($owner){
if($cash > $price){
echo "ID: <a href=\"purchase.php?buy=" . $id . "\">" . $id . "</a><br>Name:" . $name . "<br>HP:" . $hp . "<br>Sale Price:" . $price . "<br><br>";
}else{
echo "ID:" . $id . "<br>Name:" . $name . "<br>HP:" . $hp . "<br>Sale Price:" . $price . " (you can\'t afford this car)<br><br>";
}
}else{
echo "<br>This car is sold.<br>";//Testing purposes only
}
$i++;
}

?>
[/code]
mattd8752 Member

mattd8752

Posted
  • Author
Posted
More problems:  I can't get this page to finish working.  I've got a final code but it won't finish the purchase action.  The output is:
Matt 10000000 mrfg2006@gmail.com
Checking if you can purchase this car...
after I click a link with the code:
[code]<?php
//PHP DB connect here
session_start();
mysql_connect("localhost", "*****", "*****") or die("There was an error connecting to the mysql server.");
mysql_select_db("mattd_rpg");

$username=$_SESSION['username'];
$password=$_SESSION['password'];

$result=mysql_query("SELECT * FROM accounts WHERE username='$username' AND password='$password'");



if(mysql_num_rows($result) == 0){
die("Sorry, you are not logged in, please login again to continue playing.  If you just signed in your username and/or password may be incorrect");
}else{
$query="select * from accounts";
$rt=mysql_query($query);
echo mysql_error();
while($nt=mysql_fetch_array($rt)){
if($nt[username] == $username){
echo $nt['username'].' '.$nt['money'].' '.$nt['email'].'<br>';
}
}
}
$cash = $nt[money];
if(!isset($_GET['buy'])){

$query="SELECT * FROM cars";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Cars:</center></b><br><br>";

$i=0;
while ($i < $num) {

$id=mysql_result($result,$i,"id");
$name=mysql_result($result,$i,"name");
$hp=mysql_result($result,$i,"hp");
$price=mysql_result($result,$i,"price");
echo "ID: <a href=\"purchase.php?buy=" . $id . "\">" . $id . "</a><br>Name:" . $name . "<br>HP:" . $hp . "<br>Sale Price:" . $price . "<br><br>";
$i++;
}

}else{
//check all the stuff for the car they are buying
echo "Checking if you can purchase this car...<br>";


$query="SELECT * FROM cars";
$result=mysql_query($query);

$num=mysql_numrows($result);

$i=0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$name=mysql_result($result,$i,"name");
$hp=mysql_result($result,$i,"hp");
$price=mysql_result($result,$i,"price");
if($id == $_GET['buy']){
if($cash > $price){
echo "You can afford this veichle...  Attempting to purchase it...<br>";
mysql_query("INSERT INTO o_cars (name, hp, owner) VALUES($name, $hp, $username ) ");
}
}
$i++;
}

}
?>
[/code]
redbullmarky Advanced Member

redbullmarky

Posted
Posted
couple of pointers:
a) a post, followed by 2 bumps, all within 30 mins is a pretty annoying. people here arent paid to help, nor are anyones' problems more or less urgent than yours. If you need help urgently, consider a request for paid help in the freelancer forum.
b) as a tip - watch when you're pasting your code with DB connection stuff. You're not the first (and probably wont be the last) to leave your database login username/password in the code.

i've done you a favour in bumping your thread in the process of pointing out a couple of things, but please take note of what i've said and consider that your problem goes in the same pot for free help as everyone elses. If someone knows how to solve your problem, they'll post an answer...

good luck
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.