你好男孩和女孩我建立了一个战斗脚本,但现在我注意到,当我尝试添加一个新的SQL更新到它,它不存储会议变量中的健身房领导。 因此,用户去battle.php?gymleader = nick会话变量未设置
然后,我抓住nick并将它存储在一个会话变量后,我esape它为SQL注入等。然后,我搜索数据库找出什么怪物“尼克“然后显示怪物,然后主要战斗剧本进来。当他们去健身房,它会带他们去battle.php?gymleader =尼克,但是一旦他们进入战斗,它只会带他们去战斗。 PHP所以我认为它存储“尼克”,然后用户选择一个举动,然后重定向他们只是battle.php然后它存储可再次无可用吗?
它的作战完美的一面似乎不存储$ _SESSION ['gymleader']我说过我认为它存储两次。当用户第一次来到他的页面时,它设置正确,然后他们选择一个移动并将他们重定向到battle.php而不是battle.php?gymleader = nick然后它设置了gymleader没有任何IM猜测?
这里是战斗脚本
<?php
include 'config.php';
print_r ($_SESSION);
/// Here we unset the win/lost status
unset($_SESSION['battle_won']);
unset($_SESSION['battle_lost']);
$_SESSION['gymleader'] = mysql_escape_string($_GET['gymleader']);
//// here we get the users first monster
$sql = "SELECT * FROM user_pokemon WHERE belongsto='".$_SESSION['username']."' AND slot=1";
$result = mysql_query($sql) or die(mysql_error());
$battle_get = mysql_fetch_array($result);
$sql23 = "SELECT * FROM gyms WHERE leader='".$_SESSION['gymleader']."'";
$result23 = mysql_query($sql23) or die(mysql_error());
$battle_get23 = mysql_fetch_array($result23);
/// Here we get the image of the pokemon and any other info we need
$sql2 = "SELECT * FROM `pokemon` WHERE `name` = '" . $battle_get['pokemon'] . "'";
$result = mysql_query($sql2) or die(mysql_error());
$values = mysql_fetch_array($result);
////// Now we make there hp up from there level
$a = $battle_get['level'] ;
$b = 5;
$hpofuserpokemon = ($a * $B) ;
///// We make a random number up to take the hp down by
srand ((double) microtime()*1000000);
$random_number = rand(0,10);
srand ((double) microtime()*1000000);
$random_number2 = rand(0,13);
?>
<?php
unset($_SESSION['battle_won']);
unset($_SESSION['battle_lost']);
///// now we check to see if user is all ready in a battle we don't want to fill up database with fake battles
$sql12 = "SELECT * FROM battle WHERE username='".$_SESSION['username']."'";
$result12 = mysql_query($sql12) or die(mysql_error());
$battle_get12 = mysql_fetch_array($result12);
/// Here we do if there is a result we echo out nothing. Else if there is no battles stored we make one for them seen has were nice
if ($battle_get12['win'] == 1)
echo " ";
else
mysql_query("INSERT INTO battle
(username, hp, win, pokemon1name, pokemon_pic, gympokemon1, gympokemon1hp, gympokemon1pic, levelofgym) VALUES('".$_SESSION['username']."','".$hpofuserpokemon."', 1,'".$battle_get['pokemon']."','http://www.pokemontoxic.net/Geodude.png' ,'".$battle_get23['gympokemon1']."','".$battle_get23['gympokemon1hp']."','".$battle_get23['gympokemon1pic']."','".$battle_get23['level']."')
") or die(mysql_error());
$_SESSION['gymlevel'] = mysql_escape_string($battle_get23['level']);
?>
<?php
//// Here we check if users hp is under 0 or 0 meaning there dead
if ($battle_get12['hp'] < 0)
{
echo "You Lost the battle !!";
mysql_query("DELETE FROM battle WHERE username='".$_SESSION['username']."'")
or die(mysql_error());
$_SESSION["battle_lost"] = 1 ;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=battle_select.php?type=gym">';
die();
}
else {
print ("");
}
?>
<?php
/// Here is the most inport thing if the gyms pokemon has less than 0hp we give them the money etc....
if ($battle_get12['gympokemon1hp'] < 0)
{
$result3123123 = mysql_query("UPDATE users SET money=money+60 WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
$result3132131321 = mysql_query("UPDATE user_pokemon SET level=level+1 WHERE belongsto = '".$_SESSION['username']."' AND slot=1 AND pokemon = '".$battle_get['pokemon']."'");
$result31231236 = mysql_query("UPDATE battle SET onpokemon=onpokemon+1 WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
echo"You have won the battle. Please go back to the gym list to battle again.";
$_SESSION["battle_won"] = 1 ;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=battle_select.php?type=gym">';
exit;
die();
}
else
echo "";
?>
<?php
//// Now we wanna check to see if user has pressed the button to attack i wonder if they have ?
if(isset($_POST["action"]))
{
/// we take hp from the player
$hpdown = mysql_query("UPDATE battle SET hp=hp-".$random_number." WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
/// at the same time we take hp from the enermy
$enermy = mysql_query("UPDATE battle SET gympokemon1hp=gympokemon1hp-".$random_number2." WHERE username = '{$_SESSION['username']}'")
or die(mysql_error());
}
?>
已把您可以看到IM在页面的顶部设置gymleader会议virable
$_SESSION['gymleader'] = mysql_escape_string($_GET['gymleader']);
但是当他们正在争夺它只会刷新看过的页面全部在1页上并重新设置了它?
并即时得到上我已经添加
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
但我想这是因为没有什么是方的会话virable gymleader代码的新位一个错误?
会话开始在config.php与SQL连接
错误是什么意思? – Zefiryn 2011-12-29 15:26:20