my code isn't working correctly and i am out of ideas

General PHP Help
#1

i can’t seem to figure this out. I am new to php and this is like my first full script that i did alone so all help would be appreciated

[php]<?php
require_once(“config.php”);

$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];

$user_name=$_POST['username'];
$user_donateamount=$_POST['DonateAmount'];
$user_cardname=$_POST['CardName'];

$db = mysql_connect($auth_host, $auth_user, $auth_pass) or die (mysql_error());
mysql_select_db($auth_dbase,$db);

$sql = mysql_query("SELECT * FROM `user` WHERE 'name' = '$user_name'");

$row = mysql_fetch_array($sql);

    if('$user_donateamount' > $row['credits']) {
     echo "fail";
} else {
	$sql1 = mysql_query("SELECT * FROM `scores` WHERE 'name' = '$user_cardname'");
	echo "success";
if($row = mysql_fetch_array($sql))
		     {
				 mysql_query("UPDATE `scores` SET `score` = `score` + '$user_donateamount' WHERE 'name' = $user_cardname");
				 mysql_query("UPDATE `user` SET `credits` = `credits` - '$user_donateamount' WHERE 'name' = $user_name");
				 echo "success";
			 }
   else {
	   mysql_query("INSERT INTO scores(name,score ) VALUES ('". mysql_real_escape_string($user_cardname) ."','". mysql_real_escape_string($user_donateamount) ."')");
	   mysql_query("UPDATE `user` SET `credits` = `credits` - '$user_donateamount' WHERE 'name' = $user_name");

echo “success”;
}}

mysql_close($db);

?> [/php]

#2

Well, to be truthful there are few major things wrong with this script :

  1. Any script that has the word global in it is a bad sign. :o
  2. The script uses mysql which is obsolete, should be using mysqli or PDO (My Recommendation).
  3. I’m assuming the $GLOBALS array is using sessions and if that is the case then storing password in sessions is just asking for a serious security whoop-ass. ;D

My suggestion is to press the delete button on this file icon and start over. Search for high score tutorial in php, it can break the cardinal rule of using mysql if you don’t mind having to change in the near future. I have done some high score table interface between FLASH and MySQL in the past using outdated php (Before I taught myself php). I know there are better scripts out there that don’t involve using global (the major beef of this script for me).

I also meant to mention http://www.php.net just going over PHP’s built-in functions can help out a lot.

Sponsor our Newsletter | Privacy Policy | Terms of Service