Magictallguy

Whereas, with standard procedural MySQLi_* functions, I can! *Anything* that the user can touch, I work on. I live by a "it doesn't have to look good, it just has to work well" system.. If a user can exploit my work, then it doesn't work well!

I'd recommend a build similar to mine actually, the build you've suggested is good, but I've done comparisons and mine's better :P Also, my setup only cost me £298.99 (including case) Speccy dump (cleaned up a lot): Operating System Microsoft Windows 8 Pro (WMC) 64-bit CPU AMD A8-5600K - Trinity RAM 8.00 GB DDR3 @ 800MHz - 820MHz Motherboard ASUSTeK COMPUTER INC. F2A85-M LE (FM2) Graphics DELL 1905FP (1280 x 1024 @ 60Hz) MW19E-AAA (1600 x 1024 @ 60Hz) GeForce GTS 450 (EVGA - SLI Bridged, Master) GeForce GTS 250 (SLI Bridged, Slave) Hard Drives 233GB Western Digital WDC (SATA) 149GB SAMSUNG (SATA) 1499GB SAMSUNG (SATA) PSU 850w I'll be upgrading my graphics card to a GeForce GTX 295 shortly.

Alright.. *rephrases* My work is secured against threats I know how to secure against Prepping statements is still not currently necessary, whether or not I'm setting myself up for future failure :P

Syntax Highlighter from Asgaard: Luminous Easy to use, and highly customisable

Getting us back on track a little, my personal choice is MySQLi. My current line of work doesn't need PDO, so I won't use it. The only thing that would be advantageous in my use of PDO is the catch the insecurities that I miss (which is bloody rare) - and I always proof-read my work. I will admit, I've been having some serious thought about whether I should start using PDO full time and eradicate my MySQLi methods entirely, but I so little to no point. My work is secure, so preparing statements isn't a necessity. The people I work for prefer MySQLi over PDO. I prefer MySQLi over PDO (then again, I'm much more comfortable with MySQLi). All-in-all, I think I'm happy to switch over in the future should the industrial side demand it, but I'm happy with MySQLi. It does what I want, when I want, and how - naturally, I've wrote my own class and a couple of abstraction layers and, they all use MySQLi (and a couple of converted-from-Python tricks)

Question: Why use sprintf() on straight text? Untested, but this should work - not the cleanest code in the world <?php include(__DIR__ . '/config.php'); global $_CONFIG; define("MONO_ON", 1); require(__DIR__ . '/class/class_db_'.$_CONFIG['driver'].'.php'); $db = new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c = $db->connection_id; $userInfo = $db->query('SELECT `userid`, `username`, `sides` FROM `users` ORDER BY `sides` DESC LIMIT 3'); if($db->num_rows($userInfo) > 0) { $announce = ''; $i = 0; $stNdRd = array( 1 => '1st', 2 => '2nd', 3 => '3rd' ); $prize = array( 1 => 10, 2 => 5, 3 => 1 ); while($row = $db->fetch_row($userInfo)) { ++$i; $announce .= $stNdRd[$i].' Place - '.$row['username'].' Winning '.$prize[$i].' Magic Box'.(($prize[$i] == 1) ? '' : 'es')."\r\n"; $db->query("INSERT INTO `inventory` VALUES (NULL, 72, ".$row['userid'].", ".$prize[$i].")"); } $db->query("INSERT INTO mod_announcements (`annouce_NAME`, `annouce_TEXT`, `annouce_TIME`, `annouce_URGENCY`, `annouce_TOPIC`, `annouce_POSTED`) VALUES ('Hackers VS Police', 'Hackers Vs Police Event has Finished. The Winners are: ".$announce." Congrats and well done.', unix_timestamp(), 'No Urgency', 'Fun', 'System Message')"); $db->query("UPDATE `users` SET `new_announcements` = `new_announcements` + 1"); $db->query("UPDATE `users` SET `sides` = 0 WHERE `sides` > 0"); } ?>

That's a pretty easy fix. This is without viewing any source, just guess work here. Edit your class_db_mysql.php and add this before the final } function free_result($result) { if(!$result) $result = $this->result; mysql_free_result($result); }   Do the same to your class_db_mysqli.php, but simply change mysql_free_result to mysqli_free_result

Wow, didn't spot your message until now. I'll start working on that at some point tomorrow - could be fun ^.^

Code updated, stupid syntax highlighter -.-

Thank you, original code updated and optimised slightly

After having a brief look at the code on Xampp, it's a bloody mess. I'm surprised that thing even works.

Send me that section of your yourgang.php (via PM), I'll have a look and see what's going wrong there. That code should work fine

You know, that sounds pretty cool.. Let's do that! xD

Code updated, I believe there should be no bugs now

To get us back on topic, this system I use for "Fed Reports" is simple to use. Here's what I've got in my "header"   if($ir['fedjail']) { $q = $mtg->query(sprintf("SELECT `fed_days`, `fed_reason` FROM `fedjail` WHERE (`fed_userid` = %u)", $ir['userid'])); $r = $mtg->fetch_row($q); if($_SERVER['PHP_SELF'] != '/fedreport.php') { $mtg->error(sprintf("You have been put in the %s Federal Jail for %s day%s.<br />Reason: %s<br /><br /><a href='fedreport.php'>Appeal against this</a>", $mtg->gameSettings('game_name'), $mtg->output($r['fed_days']), $mtg->s($r['fed_days']), $mtg->output($r['fed_reason']))); } else { $mtg->notice(sprintf("You have been put in the %s Federal Jail for %s day%s.<br />Reason: %s", $mtg->gameSettings('game_name'), $mtg->output($r['fed_days']), $mtg->s($r['fed_days']), $mtg->output($r['fed_reason']))); } }

Due to multiple IRL issues, this offer has been rescinded. My apologies to all

"Cronless Crons"? I've done it ;)

Recoded (for v2) Tested for parse errors only <?php include(__DIR__ . '/sglobals.php'); if(!in_array($ir['user_level'], array(2, 3))) { echo "You can't access this"; $h->endpage(); exit; } $_GET['action'] = isset($_GET['action']) && ctype_alpha($_GET['action']) ? strtolower(trim($_GET['action'])) : null; switch($_GET['action']) { case 'index': index(); break; case 'status': status(); break; default: index(); break; } * function index() { global $db; ?>10.0.0.0 and 127.0.0.1 are default IPs. Pay no attention to those. <table border='1' class='table' cellpadding='2' cellspacing='2' width='100%'> <tr> <th>IP</th> <th>How Many</th> <th>ID's</th> <th>Usernames</th> <th>Status</th> <th>Cleared By</th> </tr><?php $sql = $db->query("SELECT `username`,`lastip`, COUNT(`userid`) AS `numusers`, `userid`, CAST(GROUP_CONCAT(`userid`) AS CHAR) AS `userlist` " . "FROM `users` " . "WHERE (`lastip` != '') " . "GROUP BY `lastip` " . "HAVING (`numusers` > 1) " . "ORDER BY `lastip`" ); if(!$db->num_rows($sql)) { ?><tr><td colspan='6' class='center'>No multis have been detected</td></tr><?php } else { while($z = $db->fetch_row($sql)) { $doipcheck = $db->query("SELECT * FROM `ipfinder` WHERE (`ip` = '".$z['lastip']."')"); $ip = $db->fetch_row($doipcheck); echo "<tr> <td><a href='ipfinder.php?action=status&ip=",$z['lastip'],"'>",$z['lastip'],"</a></td> <td>",$z['numusers'],"</td> <td>",wordwrap($z['userlist'], 50, "\n", true),"</td> <td><a href='viewuser.php?u=",$z['userid'],"'>",$z['username'],"</td> <td>",(empty($ip['status']) ? "<span style='color:blue;'>Needs Checking</span>" : stripslashes($ip['status'])),"</td> <td>",(!$ip['cleared_by'] ? "No-one" : $ip['cleared_by']),"</td> </tr>"; } echo "</table>"; } } ** function status() { global $db, $h, $ir; if(!isset($_POST['submit'])) { if(!isset($_GET['ip'])) { echo "You haven't specified an IP's status to edit"; $h->endpage(); exit; } $sql = $db->query("SELECT `status` FROM `ipfinder` WHERE (`ip` = '".$_GET['ip']."')"); $a** = $db->fetch_row($sql); ?>Editing the status of IP: <?php echo $_GET['ip']; ?> You can use code, but limit it to font colours only (<font color=colour>Text</font>) <font color=red>Multi</font> - <font color=green>Federal Jailed</font> <font color=green>Library IP</font> <font color=orange>Side Note:</font> <form action='ipfinder.php?action=status' method='post'> <input type='hidden' name='ip' value='<?php echo $_GET['ip']; ?>' /> <textarea rows='10' cols='50' name='status'><?php echo stripslashes(htmlspecialchars($a['status'])); ?></textarea> <input type='submit' name='submit' value='Change Status' /> </form><?php } else { if(empty($_POST['ip'])) { echo "You didn't specify an IP's status to edit"; $h->endpage(); exit; } $db->query("INSERT INTO `ipfinder` VALUES ('".$db->escape($_POST['ip'])."', '".$db->escape($_POST['status'])."', '".$ir['username']."') ON DUPLICATE KEY UPDATE `status` = '".$db->escape($_POST['status'])."', `cleared_by` = '".$ir['username']."'"); stafflog_add("Edited the status of IP: ".$_POST['ip']); echo "Status updated.<a href='staff.php'>Back</a>"; } } $h->endpage(); ?>   The SQL as that appears to have been lost in the interwebs! CREATE TABLE `ipfinder` ( `id` INT( 11 ) NOT NULL PRIMARY KEY AUTO_INCREMENT, `ip` VARCHAR( 255 ) NOT NULL DEFAULT '' UNIQUE, `status` TEXT NOT NULL, `cleared_by` VARCHAR( 255 ) NOT NULL DEFAULT '' );   All, minor update to the code, see above the SQL

Try appending an or die/exit mysql_error to the mysql_query()'s Was: mysql_query($someQuery); Becomes: mysql_query($someQuery) or exit(mysql_error());   Any errors flagged from your queries will actually stop the script and allow you to debug

There were multiple errors in that code. Fixed and formatted, though I'm not doing much else - that code's too messy after then one I've just done for you lol <?php echo "<table width='100%'><tr><td valign='left' width='95%'><font size=2 color=silver><b>Weapon Market</b></font></td><td><table width=100%><tr><td align=right>"; include('../beta/files/link.php'); echo " Weapon Market. Users can come here to buy weapons that they can to to another city and sell at a black market for profit.'></a></td></tr></table><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; if(!isset($tools)) { echo "<font color=red><b>Error | It Seems Something Went Wrong Processing Your Account. Please Try Logging Out And Then Logging Back In. If The Problem Persists Please Email Support At [email protected]. We Apologize For The Inconvenience.</b></font><center><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; session_destroy(); exit(); } $qry = 'SELECT * FROM weapons WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); $has_weapons_array = mysql_fetch_array($res); $weapon_names = array( 'bbgun_bullet', 'handgun_bullet', 'shotgun_bullet', 'rifle_bullet', 'bbgun', 'handgun', 'shotgun', 'ak47', 'bomb', 'taser', 'baseballbat', 'shank', 'detonator', 'battery' ); $name_hash = array( 'bbgun_bullet' => 'BBGun Bullet (4-9)', 'handgun_bullet' => 'Handgun Bullet (9-47)', 'shotgun_bullet' => 'Shotgun Bullet (28,142)', 'rifle_bullet' => 'Rifle Bullet (47-237)', 'bbgun' => 'BBGun (280-300)', 'handgun' => 'Handgun (470-500)', 'shotgun' => 'Shotgun (96-100)', 'ak47' => 'AK47 (415-500)', 'bomb' => 'Bomb (248-250)', 'taser' => 'Taser (45-50)', 'baseballbat' => 'Baseball Bat (90-100)', 'shank' => 'Shank (55-100)', 'detonator' => 'Detonator (427-475)', 'battery' => 'Battery (3-9)' ); $qry = 'SELECT * FROM prices_booze WHERE city=' . db_quote_smart($player->city); $res = db_query($qry); $prices = mysql_fetch_array($res); $qry = 'SELECT * FROM weapons WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); $weapons = mysql_fetch_array($res); $limit = $has_weapons_array["weapon_limit"]; $space_used = 0; foreach($weapon_names as $name) { $space_used += $weapons[$name]; } $space_left = $limit - $space_used; $action = $_GVARS['action']; if($action == 'buy') { foreach($weapon_names as $weapon) { $price = $prices[$weapon]; $amount = (isset($_POST[$weapon]) ? intval($_POST[$weapon]) : 0); $cost = $price * $amount; if($amount > 0) { if($gUser['cash'] < $cost) { echo "<font color=red><b>Error | You Do Not Have Enough Money To Purchase $amount unit(s) Of $weapon.</b></font><center><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; } elseif(($space_left - $amount) < 0) { echo "<font color=red><b>Error | You Do Not Have Enough Space To Carry $amount unit(s) Of $weapon.</b></font><center><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; } else { $space_left -= $amount; $gUser['cash'] -= $cost; $qry = 'UPDATE user_characters SET cash=cash-' . $cost . ' WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); $randscam = mt_rand(1, 100); $randscam2 = mt_rand(1, 100); if($randscam == $randscam2) { echo "<font color=red><b>Error | You Were Scammed By A Dealer. The Weapons You Bought Turned Out To Be Replicas.</b></font><center><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; $randexp = rand(0, 1); $qry = 'UPDATE user_characters SET exp=exp+' . $randexp . ' WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); } else { $qry = "UPDATE weapons SET $weapon=$weapon+$amount WHERE uid=" . db_quote_smart($player->uid); $res = db_query($qry); $randexp2 = rand(1, 3); $qry = 'UPDATE user_characters SET exp=exp+' . $randexp2 . ', drug_points=drug_points+' . $amount . ' WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); $sql = "UPDATE adv_stats SET drugs_bought=drugs_bought+$amount WHERE email='" . $stats_array["email"] . "'"; $sql = mysql_query($sql); echo "<font color=green><b>Ciao | You Have Purchased $amount Crate(s) Of $weapon.</b></font><center><img src='/beta/layout_images/headertop.gif' width=100% height=4></center>"; } } } } } // gets updated version of weapons in pocket $qry = 'SELECT * FROM weapons WHERE uid=' . db_quote_smart($player->uid); $res = db_query($qry); $has_weapons_array = mysql_fetch_array($res); echo "<table align=center width=100% bgcolor=000000><tr><td>"; echo "<table width='450' cellpadding='0' border='2' bordercolor='black' style='margin:0 auto;background-image: url(/beta/layout_images/bg_2.gif);'> <tr bgcolor=#11111> <td align=center> <font face=verdana size=1 color=silver><b>Weapon</b></font> </td> <td align=center> <font face=verdana size=1 color=silver><b>Cost</b></font> </td> <td align=center> <font face=verdana size=1 color=silver><b># you have</b></font> </td> <td align=center> <font face=verdana size=1 color=silver><b># to buy</b></font> </td> </tr>"; $space_used = 0; $row = 0; foreach($weapon_names as $weapon) { $space_used += $has_weapons_array[$weapon]; echo ('<tr bgcolor="#' . ($row++ % 2 ? '444444' : '333333') . '"> <td align="center" width="125"><font face="tahoma" size="1" color="#ffffff"><b><a href="javascript<img src="images/smilies/tongue.png" border="0" alt="" title="Stick Out Tongue" class="inlineimg" />opUp(\'weaponsmarket_graph_view.php?weapons=' . $weapon . '\')">' . $name_hash[$weapon] . '</a></b></td> <td align="center" width="125"><font face="tahoma" size="1" color="#ffffff">$ ' . number_format($prices[$weapon]) . '</font></td> <td align="center" width="125"><font face="tahoma" size="1" color="#ffffff">' . number_format($has_weapons_array[$weapon]) . '</font></td> <td align="center" width="125"><font face="tahoma" size="1" color="#ffffff"><form name="login" action="driver.php?x=weaponstore" method="post"><input type="text" name="' . $weapon . '" size=5 style="font-weight:none;font-size:8pt;color:#ffffff;font-family:arial;background-color:#000000;border-color:#ffffff" maxlength="15"></font></td> </tr>'); } echo " </table> <table width='450' cellpadding='0' border='2' bordercolor='black' style='margin:0 auto;background-image: url(/beta/layout_images/bg_2.gif);'> <tr bgcolor=#11111 valign=top><td> <table width=100%><tr> <td align=left width=125><font face=verdana size=1 color=silver><input type=radio checked name=action value=buy> Buy </td> <td align=center width=250><font size=1><font color=#FFFFFF><b>Weapon space:</b></font> " . $space_used . "/" . $has_weapons_array["weapon_limit"] . "</font></td> <td align=right width=125><center><font face=verdana size=1 color=silver><input type=submit value=\" Purchase Weapon \" style=\"FONT-WEIGHT: bold; FONT-SIZE: 8pt; COLOR: #FFFFFF; FONT-FAMILY: Arial; BACKGROUND-COLOR: #333333\" size=1></center></td> </tr></table> </td></tr> </table>"; ?>

NOTE: Tested for parse errors only <table width='100%'><tr><td valign='left' width='95%'><font size=2 color='silver'><strong>Stock Market</strong></font></td><td><table width=100%><tr><td align=right> <?php include('../beta/files/link.php'); ?>Stock Market. Users can come buy stocks here. Stock values are calculated every 5 minutes and connect to the real stock ticker to give some realism to the feature. So like real stocks users have the chance to gain or lose stock value without random methods.'</td></tr></table><img src='/beta/layout_images/headertop.gif' width=100% height=4 /><?php if(!isset($tools)) { ?><font color=red><strong>Error | It Seems Something Went Wrong Processing Your Account. Please Try Logging Out And Then Logging Back In. If The Problem Persists Please Email Support At [email protected]. We Apologize For The Inconvenience.</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center><?php session_destroy(); exit(); } echo "<font color=red><strong>Error | The Stock Market Is Currently Closed. Sorry For The Inconvenience.</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center>"; exit; //********************************************* // SETTINGS //********************************************* $comission = 0.03; //broker percentage based comission on all trades $comissiondisplay = ($comission * 100) . '%'; //just used to show them how much their paying //********************************************* $company = isset($company) && ctype_digit($company) ? abs(@intval($company)) : null; if((isset($action) && $action == "trade") && !empty($company)) { // kill non numbers preg_match_all("/([0-9]+)/", $shares, $regs); $shares = implode("", $regs[1]); $sql_shares = mysql_query("SELECT `shares`, `total` FROM `stocks_shares` WHERE ((`company` = " . $company . ") AND (`uid` = " . $player->uid . "))") or exit(mysql_error()); $row_shares = mysql_fetch_assoc($sql_shares); $port_total = $row_shares['total']; $port_shares = $row_shares['shares']; $sql = mysql_query("SELECT `price`, `company` FROM `stock_companies` WHERE (`ticker` = " . $company . ")") or exit(mysql_error()); if(!mysql_num_rows($sql)) { echo "There appears to be an issue. Please inform an administrator"; exit; } $row = mysql_fetch_assoc($sql); $price = $row['price']; $name = $row['company']; $trade_value = $price * $shares; $comission_paid = $trade_value * $comission; if($type == "buy") { $paid = $trade_value + $comission_paid; if($shares <= 0) { echo "<font color=red><strong>Error | You did not enter an amount of stock shares to purchase.</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center>"; exit; } if($stats_array['cash'] < $paid) { echo "<font color=red><strong>Error | You need at least $" . number_format($trade_value) . " in cash to complete this trade.</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center>"; exit; } mysql_query("UPDATE `user_characters` SET `cash` = `cash` - " . $paid . " WHERE (`uid` = " . $player->uid . ")") or exit(mysql_error()); $sql = (!mysql_num_rows($sql_shares)) ? "INSERT INTO `stocks_shares` (`uid`, `company`, `shares`, `total`) VALUES (" . $player->uid . "', " . $company . ", " . $shares . ", " . $trade_value . ")" : "UPDATE `stocks_shares` SET `shares` = `shares` + " . $shares . ", `total` = `total` + " . $trade_value . " WHERE ((`uid` = " . $player->uid . ") AND (`company` = " . $company . "))"; mysql_query($sql) or exit(mysql_error()); echo "<font color=green><strong>Ciao | You have purchased ", number_format($shares), " share", (($shares == 1) ? '' : 's'), " of ", stripslashes(htmlentities($name)), " for $", number_format($paid), ". The broker took a ", $commisiondisplay, " fee of $", number_format($comission_paid, 2), ".</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center><meta http-equiv='refresh' content='5;url=driver.php?x=stockmarket'>"; } else if($type == "sell") { $payout = $trade_value - $comission_paid; if($shares <= 0) { echo "<font color=red><strong>Error | You did not enter an amount of stock shares to sell.</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center>"; exit; } if($port_shares < $shares) { echo "<font color=red><strong>Error | You do not have ", number_format($shares), " Share", (($shares == 1) ? '' : 's'), " of ", stripslashes(htmlentities($name)), ".</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center>"; exit; } $sql = ($port_shares == $shares) ? "DELETE FROM `stocks_shares` WHERE ((`uid` = " . $player->uid . ") AND (`company` = " . $company . "))" : "UPDATE `stocks_shares` SET `shares` = `shares` - " . $shares . ", `total` = `total` - " . $trade_value . " WHERE ((`uid` = " . $player->uid . ") AND (`company` = " . $company . "))"; mysql_query($sql) or exit(mysql_error()); } mysql_query("UPDATE `user_characters` SET `cash` = `cash` + " . $payout . " WHERE (`uid` = " . $player->uid . ")") or exit(mysql_error()); echo "<font color=green><strong>Ciao | You have sold ", number_format($shares), " Share", (($shares == 1) ? '' : 's'), " of ", stripslashes(htmlentities($name)), " for $", number_format($payout), ". The broker took a ", $commisiondisplay, " fee of $", number_format($comission_paid, 2), ".</strong></font><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center><meta http-equiv='refresh' CONTENT='5;url=driver.php?x=stockmarket'>"; } ?><table width=100% align='center'><tr valign=top><td align='center' colspan=2> <table width='600' cellpadding='1' cellspacing='3' border='2' bordercolor='black' style='margin:0 auto;background-image: url(/beta/layout_images/bg_2.gif);'> <tr> <td bgcolor='#111111' align='center'><font color='silver'><strong>Company</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>Sector</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>Price</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>Change Today</strong></font></td> </tr><?php $color = 1; $sql = mysql_query("SELECT `ticker`, `company`, `industry`, `price`, `change` FROM `stocks_companies` ORDER BY `industry`") or exit(mysql_error()); if(!mysql_num_rows($sql)) { ?><tr><td colspan='4' style='text-align:center;'>There are no companies</td></tr><?php } else { $stocks_company = array(); $stocks_ticker = array(); $stocks_price = array(); while($row = mysql_fetch_assoc($sql)) { $stocks_company[$row['ticker']] = $row['company']; $stocks_ticker[$row['company']] = $row['ticker']; $stocks_price[$row['ticker']] = $row['price']; switch($color) { case 1: $rowcolor = '#111111'; $color = 2; break; case 2: $rowcolor = '#111111'; $color = 1; break; } echo "<tr bgcolor='$rowcolor'> <td align='center'><a href=http://finance.yahoo.com/q?s=" . $row['ticker'] . " target='new'><font color=#FFFFFF><strong>" . $row['company'] . "</strong></></a></td> <td align='center'><font color=#FFFFFF>" . $row['industry'] . "</font></td> <td align='center'><font color=#FFFFFF>$" . $row['price'] . "</td> <td align='center'><span style='color:", (($row['change'] < 0) ? 'red' : 'lime'), ";'>", $row['change'], "</span></td></tr>"; } } ?></table><center><img src='/beta/layout_images/headertop.gif' width='100%' height='4' /></center> </td><tr><td align='center' valign='top'> <font size=4 color='silver'><center><strong>Portfolio</strong></center></font> <table width='80%' cellpadding='1' cellspacing='3' border='2' bordercolor='black' style='margin:0 auto;background-image: url(/beta/layout_images/bg_2.gif);'> <tr> <td bgcolor='#111111' align='center'><font color='silver'><strong>COMPANY</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>SHARES</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>VALUE</strong></font></td> <td bgcolor='#111111' align='center'><font color='silver'><strong>GAIN/LOSS</strong></font></td> </tr><?php $sql = mysql_query("SELECT `company`, `shares`, `total` FROM `stocks_shares` WHERE (`uid` = " . $player->uid . ")") or exit(mysql_error()); if(!mysql_num_rows($sql)) { ?><tr><td colspan='4' style='text-align:center;'>You have no stocks</td></tr><?php } else { while($row = mysql_fetch_assoc($sql)) { switch($color) { case 1: $rowcolor = '#111'; $color = 2; break; case 2: $rowcolor = '#000'; $color = 1; break; } $ticker = $row['company']; $value = $row['shares'] * $stocks_price[$ticker]; $gainorloss = $value - $row['total']; echo "<tr bgcolor=$rowcolor> <td align='center'><a href=http://finance.yahoo.com/q?s=", $row['company'], " target=_href><font color=#FFFFFF><strong>", $stocks_company[$ticker], "</strong></font></a></td> <td align='center'><font color=#FFFFFF>", number_format($row['shares']), "</font></td> <td align='center'><font color=#FFFFFF>$", number_format($value, 2), "</font></td> <td align='center'><span style='color:", (($gainorloss < 0) ? 'red' : 'lime'), ";'>$", number_format($gainorloss, 2), "</span></td> </tr>"; } } ?></table></td><td valign=top> <font size=4 color='silver'><center><strong>Trading Floor</strong></center></font> <form action=?x=stockmarket&action=trade method=post> <table width='360' cellpadding='1' cellspacing='3' border='2' bordercolor='black' style='margin:0 auto;background-image: url(/beta/layout_images/bg_2.gif);'> <tr bgcolor='#111111'> <td> <font face=verdana size=2 color=#FFFFFF><strong>Company:</strong></font> <td> <select name=company style=\"FONT-WEIGHT: none; FONT-SIZE: 8pt; COLOR: #FFFFFF; FONT-FAMILY: Arial; BACKGROUND-COLOR: #000000; border-color: #FFFFFF\"><?php foreach($stocks_ticker as $tick) { printf("<option value='%u'>%s</option>", $tick, $stocks_company[$tick]); } ?></select> </td> </tr> <tr bgcolor='#111111'> <td> <font face=verdana size=2 color=#FFFFFF><strong># of Shares:</strong></font> </td> <td> <input type=text name=shares maxlength=15 value=\"$victim\" size=15 style=\"FONT-WEIGHT: none; FONT-SIZE: 8pt; COLOR: #FFFFFF; FONT-FAMILY: Arial; BACKGROUND-COLOR: #000000; border-color: #FFFFFF\"> </td> </tr> <tr bgcolor='#111111'> <td> <font face=verdana size=2 color=#FFFFFF><strong>Action:</strong></font> </td> <td> <select name=type style=\"FONT-WEIGHT: none; FONT-SIZE: 8pt; COLOR: #FFFFFF; FONT-FAMILY: Arial; BACKGROUND-COLOR: #000000; border-color: #FFFFFF\"> <option value=buy>BUY</option> <option value=sell>SELL</option> </select> </td> </tr> <tr> <td align='center' colspan=2> <font color=#888888>Broker Fee: <?php echo $comissiondisplay; ?> per trade</font> <input type=submit name=Submit value=\"Complete Trade\"> </td> </tr> </table></form> </td></tr></table> If you receive any errors, either fix 'em yourself or post here

Fix that undefined index of "action"!

*sigh* Query starting on line 4 (from the snippet posted above) $db->query("SELECT `mi`.*, `i`.* FROM `inventory` AS `mi` LEFT JOIN `items`AS `i` ON `mi`.`inv_itemid` = `i`.`itmid` WHERE `mi`.`inv_userid` = ".$ir['userid']);

Guest? Marry me? That response was wonderful!! +1!

bank.php Note: This code has been tested for parse errors only. I have not tested its functionality. The code is provided as is with no warranty or guarantee that it will work <?php include(__DIR__ . "/globals.php"); ?><h4><span style='text-decoration:underline;font-weight:bold;color:red;'><a href='robbank.php'>>Rob the bank!</a></span></h4> <h3>Bank</h3><?php $q = $db->query("SELECT robbery FROM bank"); $var = $db->fetch_row($q); if($var['robbery'] > 0) { ?><span style='text-decoration:underline;font-weight:bold;color:red;'><h4>The bank is closed for maintenance due to a robbery!</h4><br /><a href='explore.php'>Go back!</a></span><?php $h->endpage(); exit; } if($ir['bankmoney'] > -1) { switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } } else { if(isset($_GET['buy'])) { if($ir['money'] > 49999) { $db->query(sprintf("UPDATE `users` SET `money` = `money` - 50000, `bankmoney` = 0 WHERE (`userid` = %u)", $ir['userid'])); ?>Congratulations, you bought a bank account for \$50,000!<br /><a href='bank.php'>Start using my account</a><?php } else { ?>You do not have enough money to open an account.<br /><a href='explore.php'>Back to town...</a><?php } } else { ?>Open a bank account today, just \$50,000!<br /><a href='bank.php?buy'>> Yes, sign me up!</a><?php } } function index() { global $ir; ?><strong>You currently have $<?php echo number_format($ir['bankmoney']); ?> in the bank.</strong> At the end of each day, your bank balance will go up by 2%. <table width='75%' cellspacing='1' class='table'> <tr> <td width='50%'><strong>Deposit Money</strong> It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000. <form action='bank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='<?php echo number_format($ir['money']); ?>' /> <input type='submit' value='Deposit' /> </form></td> <td width='50%'><strong>Withdraw Money</strong> There is no fee on withdrawals. <form action='bank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='<?php echo number_format($ir['bankmoney']); ?>' /> <input type='submit' value='Withdraw' /> </form></td> </tr> </table><?php } function deposit() { global $db, $ir, $h; $_POST['deposit'] = isset($_POST['deposit']) && is_string($_POST['deposit']) ? abs(@intval(str_replace(',', '', $_POST['deposit']))) : null; if(empty($_POST['deposit'])) { ?>You didn't enter a valid amount to deposit<?php $h->endpage(); exit; } if($_POST['deposit'] > $ir['money']) { ?>You don't have enough money to deposit this amount.<?php $h->endpage(); exit; } $fee = ceil($_POST['deposit'] * 15 / 100); if($fee > 3000) $fee = 3000; $gain = $_POST['deposit'] - $fee; $ir['bankmoney'] += $gain; $db->query(sprintf("UPDATE `users` SET `bankmoney` = `bankmoney` + %u, `money` = `money` - %u WHERE (`userid` = %u)", $gain, $_POST['deposit'], $ir['userid'])); ?>You hand over $<?php echo number_format($_POST['deposit']); ?> to be deposited,<br />after the fee is taken ($<?php echo number_format($fee); ?>), $<?php echo number_format($gain); ?> is added to your account. <strong>You now have $<?php echo number_format($ir['bankmoney']); ?> in the bank.</strong><br /><a href='bank.php'>> Back</a><?php } function withdraw() { global $db, $ir, $h; $_POST['withdraw'] = isset($_POST['withdraw']) && is_string($_POST['withdraw']) ? abs(@intval(str_replace(',', '', $_POST['withdraw']))) : null; if(empty($_POST['withdraw'])) { ?>You didn't enter a valid amount to withdraw<?php $h->endpage(); exit; } if($_POST['withdraw'] > $ir['bankmoney']) { ?>You don't have enough money banked to withdraw this amount.<?php $h->endpage(); exit; } $ir['bankmoney'] -= $_POST['withdraw']; $db->query(sprintf("UPDATE `users` SET `bankmoney` = `bankmoney` - %u, `money` = `money` + %u WHERE (`userid` = %u)", $_POST['withdraw'], $_POST['withdraw'], $ir['userid'])); ?>You ask to withdraw $<?php echo number_format($gain); ?>,<br />the banking lady grudgingly hands it over.<br /><strong>You now have $<?php echo number_format($ir['bankmoney']); ?> in the bank.</strong><br /><a href='bank.php'>> Back</a><?php } $h->endpage(); ?>