another query issue

General PHP Help
#1

I realize I may not be the best but here is the code

[code]


Train














<?php if(isset($_POST['archers'])) { $amount = $_POST['amount']; $att = $amount * 3; $def = $amount * 8; $food = $amount * 20; $copper = $amount * 20; $silver = $amount * 20; if($kvar['$food'] >= $food && $kvar['copper'] >= $copper && $kvar['silver'] >= $silver){ mysqli_query($conn, "UPDATE kingdom SET food = food - '$food' WHERE kname='$kingdom'"); mysqli_query($conn, "UPDATE kingdom SET copper = copper - '$copper' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET silver = silver - '$silver' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET archers = archers + '$amount' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET attack = attack + '$att' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET defense = defense + '$def' WHERE kname='$kingdom"); }elseif ($kvar['$food'] < $food && $kvar['copper'] < $copper && $kvar['silver'] < $silver){ echo "Sorry, you do not have enough resources to train your troops"; } } if(isset($_POST['pawns'])) { $amount = $_POST['amount']; $att = $amount * 1; $def = $amount * 1; $food = $amount * 15; $copper = $amount * 15; $silver = $amount * 15; if ($kvar['$food'] >= $food && $kvar['copper'] >= $copper && $kvar['silver'] >= $silver) { mysqli_query($conn, "UPDATE kingdom SET food = food - '$food' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET copper = copper - '$copper' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET silver = silver - '$silver' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET pawns = pawns + '$amount' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET attack = attack + '$att' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET defense = defense + '$def' WHERE kname='$kingdom"); } elseif ($kvar['$food'] < $food && $kvar['copper'] < $copper && $kvar['silver'] < $silver) { echo "Sorry, you do not have enough resources to train your troops"; } } if (isset($_POST['knights'])) { $amount = $_POST['amount']; $att = $amount * 15; $def = $amount * 15; $food = $amount * 50; $copper = $amount * 50; $silver = $amount * 50; if ($kvar['$food'] >= $food && $kvar['copper'] >= $copper && $kvar['silver'] >= $silver) { mysqli_query($conn, "UPDATE kingdom SET food = food - '$food' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET copper = copper - '$copper' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET silver = silver - '$silver' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET knights = knights + '$amount' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET attack = attack + '$att' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET defense = defense + '$def' WHERE kname='$kingdom"); } elseif ($kvar['$food'] < $food && $kvar['copper'] < $copper && $kvar['silver'] < $silver) { echo "Sorry, you do not have enough resources to train your troops"; } } if (isset($_POST['foots'])) { $amount = $_POST['amount']; $att = $amount * 5; $def = $amount * 5; $food = $amount * 17; $copper = $amount * 17; $silver = $amount * 17; if ($kvar['$food'] >= $food && $kvar['copper'] >= $copper && $kvar['silver'] >= $silver) { mysqli_query($conn, "UPDATE kingdom SET food = food - '$food' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET copper = copper - '$copper' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE kingdom SET silver = silver - '$silver' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET foots = foots + '$amount' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET attack = attack + '$att' WHERE kname='$kingdom"); mysqli_query($conn, "UPDATE army SET defense = defense + '$def' WHERE kname='$kingdom"); } elseif ($kvar['$food'] < $food && $kvar['copper'] < $copper && $kvar['silver'] < $silver) { echo "Sorry, you do not have enough resources to train your troops"; } } [/code] I really do not see an issue here, but there is one. So there's that and yeah yeah i need to use prepared statements , but I probably never actually use them
#2

I realized the issue when looking at my database that i had not selected the rows for it to update, smh

#3
i need to use prepared statements , but I probably never actually use them

Then why are you coming here for help? We help people do things right. If you have no intention of doing things right then don’t waste our valuable time.

#4

You don’t have to use prepared statements to do it

#5
You don't have to use prepared statements to do it

Sure, if you want to do it WRONG and open yourself and all your users to an SQL Injection Attack. You also have triple the amount of queries you need and depending on a button name to be submitted for your script to work will completely fail in certain circumstances. You need to use if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’)

Also, you NEVER EVER EVER send user supplied data directly to the database. Your code is a serious security risk. It is only a matter of time before you are hacked.

You would do better to use PDO with prepared statements.
https://phpdelusions.net/pdo

Sponsor our Newsletter | Privacy Policy | Terms of Service