rockwood

if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ? - - - Updated - - -   am wrong on this point HD ?

please see the Alan and !Angel Post on this page "http://makewebgames.io/showthread.php/43753-Boolean-Given?p=294236#post294236" epically $_GET value validation by ctype_digit()

your escape functions are doing properly sanitize and validate ??? and what are you doing for xss ? as per my view it is very important part of programming and i am not expert in these but little bit aware about these problem as per my view it is doesn't matter that you handle values by db or hard code so please try to escape your values properly, this is my point.

Thanks it is awesome

i am not good in english but as my understanding you have to make database in your mysql

i am saying about sprintf

preventing from XSS attacks nothing else

follow the file location :-"nwe\config" file name:-config.php // Database host $dbhost="localhost"; // Database username $dbuser="database username"; // Database password $dbpass="database password"; // Database name $dbname="Databse Name";

i dont think so both are very different in this sprintf("%s",!$_GET['step']) making string values from here in this if(!$_GET['step']) you are chking only like empty due to injection i advised for sprintf

if i did this so it would be like this <?php /*Made by Jcvenom Do not resell this mod Do not claim making this mod*/ /*------------includes--------------*/ include "globals.php"; /*------------includes--------------*/ echo "<center><main>Credit Exchange</main><hr width = '75%'>"; if($ir['jail'] > 1 || $ir['hospital'] > 1) { echo "Sorry this page is not viewable while in jail or hospital!<hr width='75%'/>"; exit($h->endpage()); } $_GET['step'] = sprintf("%s",$_GET['step']); if(!$_GET['step']) { //nowdoc is required here echo " Welcome to the Credit exchange, you can come here to spend your credits on special items & gains such as </br /> will boost and much more! <main>If you don't have any Credits ? <a href='donate.php' target = '_blank'> <font color=brown>Click Here</font></a> to buy Credit Card<hr width = '75%'><table width = '75%' class = 'rounded'><tr><td align = 'center'> <table width = '95%' style = 'font-weight:800;'><tr bgcolor = '#999999'> You have <b>".number_format($ir['credits'])."</b> credits.<hr width = '75%'>"; echo "<table width = '75%' class = 'rounded'><tr><td align = 'center'> <table width = '95%' style = 'font-weight:800;'><tr bgcolor = '#999999'> <td align = 'left'><center><font color=white>Description</td><td align = 'left'><center><font color=white>Info</td><td align = 'left'><center><font color=white>Cost</td></tr> <tr class = 'evens'> <td align = 'left'>• <i>Xanax x 10<td align = 'left'><center> [<a href='cctrade.php?step=xanax'><font color=green>Buy</font></a>]</i></a></td> <td align = 'left'>2 Credits</td> </tr> <tr class = 'evens'> <td align = 'left'>• <i>Happy Boost (+2500)<td align = 'left'><center> [<a href='cctrade.php?step=happy'><font color=green>Buy</font></a>]</i></a></td> <td align = 'left'>6 Credits</td> </tr> <tr class = 'evens'> <td align = 'left'>• <i>Energy boost (+500)<td align = 'left'><center> [<a href='cctrade.php?step=booste'><font color=green>Buy</font></a>]</i></a></td> <td align = 'left'>8 Credits</td> </tr> </table> </td></tr></table> <hr width = '75%'>><a href='explore.php'>Back</a><hr width = '75%'>"; } else { if(!in_array($_GET['step'],array('xanax', 'happy', 'booste'))) { echo "Error, Bad request. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { if(strcmp($_GET['step'],'xanax')=== 0) { if(!$_POST['step']) { echo "<form action = 'cctrade.php?step=xanax' method = 'post'> Are you sure you wish to swap <b>2</b> credits for x10 Xanax? <input type = 'submit' name = 'step' value = 'Continue'> </form> <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { if($ir['credits'] < 2) { echo "Sorry, You dont have enough credits to purchase x10 Xanax. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { try { $db->query("UPDATE `users` SET `credits`=`credits` - '1' WHERE userid=$userid"); $db->query("INSERT INTO inventory VALUES('',ITEMID-HERE,$userid,QUANTITY)"); event_add($ir['userid'],"Success, You have be credited x10 Xanax for 2 credits",$c); } catch (Exception $e) { echo $e->getMessage(); } echo "Success, You have be credited x10 Xanax for 2 credits. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } } } else if(strcmp($_GET['step'],'booste')=== 0) { if(!isset($_POST['step'])) { echo "<form action = 'cctrade.php?step=booste' method = 'post'> Are you sure you wish to swap <b>8</b> credits for 500 energy boost? <i>Note: This is <b><u>not</u></b> an item, You will receive a 500 energy boost for a short time.</i> <input type = 'submit' name = 'step' value = 'Continue'> </form> <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { if($ir['credits'] < 8) { echo "Sorry, You dont have enough credits to purchase a energy boost. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { try { $db->query("UPDATE `users` SET `energy`=`energy` + '500` WHERE userid=$userid"); $db->query("UPDATE `users` SET `credits`=`credits` - '8' WHERE userid=$userid"); event_add($ir['userid'],"You have be credited with 500 energy boost for 8 credits",$c); } catch (Exception $e) { echo $e->getMessage(); } echo "Success, You have be credited with 500 energy boost for 8 credits. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } } } else if(strcmp($_GET['step'],'happy')=== 0) { if(!$_POST['step']) { echo "<form action = 'cctrade.php?step=happy' method = 'post'> Are you sure you wish to swap <b>6</b> credits for 2500 happiness? <i>Note: This is <b><u>not</u></b> an item, You will recieve 2500 happy for a short time.</i> <input type = 'submit' name = 'step' value = 'Continue'> </form> <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { if($ir['credits'] < 6 ) { echo "Sorry, You dont have enough credits to purchase a happy boost. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } else { try { $db->query("UPDATE `users` SET `will`=`will` + '2500' WHERE userid=$userid"); $db->query("UPDATE `users` SET `credits`=`credits` - '6' WHERE userid=$userid"); event_add($ir['userid'],"You have be credited with 2500 happy for 6 credits",$c); } catch (Exception $e) { echo $e->getMessage(); } echo "Success, You have be credited with 2500 happy for 6 credits. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } } } else { echo "Error, Bad request. <hr width = '75%'>><a href='cctrade.php'>Back</a><hr width = '75%'>"; } } } $h->endpage(); ?>   This is not tested

yes, i made from scratch and i am sure it is very unique

can i upload Gym mod as paid work

Congrats !Angel and Good luck

who is the new owner of http://mccodemods.com/ ????

$posts_per_page = 10; $posts_topic = "number of users"; $pages = ceil("total number of rows" / $posts_per_page); $st = isset($_GET['st']) ? $_GET['st'] : 0; if (isset($_GET['lastpost'])) { $st = ($pages - 1) * 10; } $pst = -10; print "Pages: "; for ($i = 1; $i <= $pages; $i++) { $pst += 20; print "<a href='pagename.php?viewusernumber={"current row id"}&st=$pst'>"; if ($pst == $st) { print "<b>"; } print $i; if ($pst == $st) { print "</b>"; } print "</a> "; if ($i % 25 == 0) { print "<br />"; } } you should try something like this

I want it.

yes 100% possible

strip_tags and htmlspecialchars, i wanna add one more

you can add me in testing team

doing improvement

hi everyone, i wanna do some improvement work on my template so feedback of all guyz important for me i not very good in html and css but i am trying to learn designing concept too Thanks Rockwood

Can you send me the PSD?

awesome Frosty and best of luck

Good Luck Cronus

few security issues are showing in your script