0
我試圖插入使用在單獨的函數中創建的字符串,但它似乎不工作。使用在單獨的函數中創建的字符串插入到表中
我知道我應該使用一個switch語句或這個東西,但它純粹是爲了目前的測試。
<?php
function newItem($link){
$itemname = mysqli_real_escape_string($link, $_POST['itemname']);
if (strpos($itemname,'<') || strpos($itemname,'>') || strpos($itemname,'?') || strpos($itemname,'/') || strpos($itemname,'='))
{
echo "<script type='text/javascript'>alert('yeah....no');</script>";
} else {
$sql = "SELECT * FROM items WHERE itemname = '$itemname'";
$result = mysqli_query($link,$sql);
if(mysqli_num_rows($result) !== 1){
$sql = "INSERT INTO items(itemname,itemtype,attack,defence,energy)VALUES('$itemname'".RandomStats($link).")";
mysqli_query($link,$sql);
header("location: index.php");
}else{
echo "<script type='text/javascript'>alert('Item name already exists');</script>";
}
}
}
function RandomStats($link){
$rand = rand (1 , 100);
$itemtype = rand (1,3);
$itemtypeString;
if($itemtype = 1){
$itemtypeString = 'Armour';
}
if($itemtype = 2){
$itemtypeString = 'Sword';
}
if($itemtype = 3){
$itemtypeString = 'Shield';
}
if($rand <= 50){
//common
$attack = rand (1 , 50);
$defence = rand (1 , 50);
$energy = rand (1 , 50);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >50 and $rand <= 80){
//rare
$attack = rand (1 , 100);
$defence = rand (1 , 100);
$energy = rand (1 , 100);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >80 and $rand <= 98){
//exotic
$attack = rand (1 , 150);
$defence = rand (1 , 150);
$energy = rand (1 , 150);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >98 and $rand <= 100){
//ledgendary
$attack = rand (1 , 200);
$defence = rand (1 , 200);
$energy = rand (1 , 200);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
return $ItemStats;
}
?>
是不是隻是我創建字符串的方式我讓這個語句不正確或者是別的嗎?
至少輸出您的查詢字符串,並嘗試在MySQL運行調試完畢後所需的啓動。你會知道很多新東西。 –
你是怎麼做到的?我試圖在發佈之前回復一個警告框,但我沒有發現任何內容 – GregHBushnell
它是'echo $ sql; die()' –