Reputation: 35
This mysql_query just work some times
I don't know why but this mysql_query is just working some times. i don't know why becasue everything is working fine this one here:
mysql_query("UPDATE users SET `profit`=profit+$profit, `won`=won+$jackpotcost, `gameswon`=gameswon+1, `games`=games+1 WHERE `steamid`='$winnerid'") or die(mysql_error());
But this one does not work:
while($row = mysql_fetch_array($rs))
{
if($row["userid"] == $winnerid)
{
$time=time();
$time=$time+10;
mysql_query("UPDATE users SET `profit`=profit+$profit, `won`=won+$jackpotcost, `gameswon`=gameswon+1, `games`=games+1 WHERE `steamid`='$winnerid'") or die(mysql_error());
mysql_query("INSERT INTO `messages` (`type`,`app`,`userid`,`title`,`msg`,`time`,`active`,`delay`) VALUES ('success','0','$winnerid','Congratulations!','You won $$jackpotcost in Game #$cg with a $wonpercent% chance!','10',1,$time)");
}
else
{
$loserid = $row["userid"];
$rs = mysql_query("SELECT * FROM ".$p2t."game".$cg." WHERE `userid`=".$loserid."");
$losercost=0;
while($lrow = mysql_fetch_array($rs))
{
$losercost+=$lrow['value'];
}
$time=time();
$time=$time+10;
mysql_query("UPDATE users SET `profit`=profit-$losercost, `games`=games+1 WHERE `steamid`='$loserid'") or die(mysql_error());
mysql_query("INSERT INTO `messages` (`type`,`app`,`userid`,`title`,`msg`,`time`,`active`,`delay`) VALUES ('error','0','$loserid','GL Next Game!','$winnername won $$jackpotcost in Game #$cg with a $wonpercent% chance!','10',1,$time)");
}
}
If someone can help me and explain what is wrong with it
Upvotes: 1
Views: 42
Answers (2)
Reputation:
If it is working sometimes, I suspect that you are not using mysql_real_escape_string($variable).
You'll want to do:
$variable = ""; // content goes here
// then for readying the input
mysql_real_escape($variable);
$query = ""; // your query goes here.
mysql_query($query);
What does this do?
mysql_real_escape_string() Is going to escape quotes that are entered into the variable or user input.
It will ready your varable/input for queries.
NOTE: You might want to move to MySQLi (AKA: MySQL improved) or move to PDO. It will improve your code majorly with security issues.
Hoped this helped.
Upvotes: 0
Reputation: 42716
You're overwriting the $rs variable on the inner loop. Change the name and it should be fine.
Upvotes: 3
Related Questions
- Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Reference - What does this error mean in PHP?
- How does PHP 'foreach' actually work?
- When should I use 'self' over '$this'?
- MySQL : SELECT all USERS With 2 messages open and clicked after timestamp
- Array and for each loop issues
- Getting 2 mysql queries into one?
- How can I send over multiple check box checks in POST to be deleted from a database?
- How to implement template logic in PHP