Jump to content

maitland

New Members
  • Posts

    2
  • Joined

  • Last visited

maitland's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I'm new to code that's why it's all like that I'm trying to learn as I do this and I got stuck on arrays. thank you for taking time to look at it and for the help
  2. I'm trying to build a form for a TCG i run where it allow people to vote for decks they want to see released. It would show in the database by adding 1 for yes and nothing for no. I have it coded but I can't get it to update the database does anyone see where I went wrong? <?php session_start(); if (isset($_SESSION['USR_LOGIN'])=="") { header("Location:http://leisure.day-is-gone.net/login.php"); } include("mytcg/settings.php"); include("$header"); if(!$_SERVER['QUERY_STRING']) { $select = mysql_query("SELECT * FROM `$table_members` WHERE name='$_SESSION[USR_LOGIN]'"); while($row=mysql_fetch_assoc($select)) { ?> <h1>Release Me Form</h1> Chose an option for all.<Br> <?php $select2 = mysql_query("SELECT * FROM `$table_cards` WHERE released='N' AND `voted` NOT LIKE '$_SESSION[USR_LOGIN]' ORDER BY set2, category, deckname"); $count = mysql_num_rows($select2); if($count==0) { echo "There are currently no requested decks.\n"; echo "<br /><br />\n\n"; } else { echo "<table width=\"100%\">\n"; echo "<form method=\"post\" action=\"forms_reme2.php?thanks\"> <input type=\"hidden\" name=\"name\" value=\"$row[name]\" /> <input type=\"hidden\" name=\"email\" value=\"$row[email]\" />"; echo "<tr><td width=\"50%\"><b>Deckname</b></td><td width=\"25%\"><b>Category</b></td><td width=\"10%\"><b>Yes</b></td><td width=\"10%\"><b>No</b></td></tr>\n"; while($row2=mysql_fetch_assoc($select2)) { $cat=$row2[category]; if ($row2[groupmember]=="No") { echo " <input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>\n"; } else { echo "<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[set2]: $row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>"; }} echo "</table>\n"; echo "<br /><br />\n"; } ?> <tr><td> </td><td><input type="submit" name="submit" value="Release It! " /></td></tr> </table> </form> <?php } } elseif($_SERVER['QUERY_STRING']=="thanks") { if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") { exit("<p>You did not press the submit button; this page should not be accessed directly.</p>"); } else { $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; $profanity = "/(beastial|bestial|blowjob|clit|cum|cunilingus|cunillingus|cunnilingus|cunt|ejaculate|fag|felatio|fellatio|fuck|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i"; $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i"; $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i"; if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) { exit("<h1>Error</h1>\nKnown spam bots are not allowed.<br /><br />"); } foreach ($_POST as $key => $value) { $value = trim($value); if (empty($value)) { exit("<h1>Error</h1>\nEmpty fields are not allowed. Please go back and fill in the form properly.<br /><br />"); } elseif (preg_match($exploits, $value)) { exit("<h1>Error</h1>\nExploits/malicious scripting attributes aren't allowed.<br /><br />"); } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) { exit("<h1>Error</h1>\nThat kind of language is not allowed through our form.<br /><br />"); } $_POST[$key] = stripslashes(strip_tags($value)); } $name = escape_sql(CleanUp($_POST['name'])); $email = escape_sql(CleanUp($_POST['email'])); $reme = escape_sql(CleanUp($_POST['reme'])); if (is_array($reme)) { if($_POST['submit']){ foreach($_POST["id"] AS $key => $val) { $id = $val; $area = $_POST['reme'.$id.'']; $update = "UPDATE cards SET reme='$area' AND voted='$name' WHERE id='$id'"; } }} if(mysql_query($update, $connect)) { ?> <h1>Thank You!</h1> Thank you for sending in the release it form this helps me decide what upcoming decks to release. Please take what you see below <br /><br /> <center> <?php } else { ?> <h1>Error</h1> It looks like there was an error in processing your level up form. Send the information to <?php echo $tcgemail; ?> and we will send you your rewards ASAP. Thank you and sorry for the inconvenience. <?php } } } include("$footer"); ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.