0
我试图插入使用在单独的函数中创建的字符串,但它似乎不工作。使用在单独的函数中创建的字符串插入到表中
我知道我应该使用一个switch语句或这个东西,但它纯粹是为了目前的测试。
<?php
function newItem($link){
$itemname = mysqli_real_escape_string($link, $_POST['itemname']);
if (strpos($itemname,'<') || strpos($itemname,'>') || strpos($itemname,'?') || strpos($itemname,'/') || strpos($itemname,'='))
{
echo "<script type='text/javascript'>alert('yeah....no');</script>";
} else {
$sql = "SELECT * FROM items WHERE itemname = '$itemname'";
$result = mysqli_query($link,$sql);
if(mysqli_num_rows($result) !== 1){
$sql = "INSERT INTO items(itemname,itemtype,attack,defence,energy)VALUES('$itemname'".RandomStats($link).")";
mysqli_query($link,$sql);
header("location: index.php");
}else{
echo "<script type='text/javascript'>alert('Item name already exists');</script>";
}
}
}
function RandomStats($link){
$rand = rand (1 , 100);
$itemtype = rand (1,3);
$itemtypeString;
if($itemtype = 1){
$itemtypeString = 'Armour';
}
if($itemtype = 2){
$itemtypeString = 'Sword';
}
if($itemtype = 3){
$itemtypeString = 'Shield';
}
if($rand <= 50){
//common
$attack = rand (1 , 50);
$defence = rand (1 , 50);
$energy = rand (1 , 50);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >50 and $rand <= 80){
//rare
$attack = rand (1 , 100);
$defence = rand (1 , 100);
$energy = rand (1 , 100);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >80 and $rand <= 98){
//exotic
$attack = rand (1 , 150);
$defence = rand (1 , 150);
$energy = rand (1 , 150);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >98 and $rand <= 100){
//ledgendary
$attack = rand (1 , 200);
$defence = rand (1 , 200);
$energy = rand (1 , 200);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
return $ItemStats;
}
?>
是不是只是我创建字符串的方式我让这个语句不正确或者是别的吗?
至少输出您的查询字符串,并尝试在MySQL运行调试完毕后所需的启动。你会知道很多新东西。 –
你是怎么做到的?我试图在发布之前回复一个警告框,但我没有发现任何内容 – GregHBushnell
它是'echo $ sql; die()' –