thebobby Posted January 22, 2011 Posted January 22, 2011 <?php /*----------------------------------------------------- -- High Low (Free Source) -- Copyright held 2007-2008 Isomerizer.com -- highlow.php -----------------------------------------------------*/ require "globals.php"; switch($_GET['action']) { default: highlow_index(); break; case 'bet': bet(); break; case 'bet2': bet2(); break; } if ($_GET['action']!="bet" || $_GET['action']!="bet2") { echo 'What are you doing? [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } function highlow_index() { global $ir,$c,$userid,$h; if ($_SESSION['card']!=0 || $_SESSION['bet']!=0) { $recent=$_SESSION['bet']; echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> <input type="hidden" name="amount" value="'.$recent.'" /> <input type="submit" name="submit" value="Continue" /> </form>'; $h->endpage(); exit; } $max=$ir['level']*5; echo '<h3>High Low</h3>Welcome to the casino game of High Low, There are 10 cards, 1 to 10. You must pick either lower or higher to win. [b]State your wager: [i](Your max bet is $'.$max.')[/i][/b] <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> Bet: $<input type="text" name="amount" /> <input type="submit" name="submit" value="Bet!" /> </form> <font color="green">The maximum bet is your current level x $5.</font>'; $h->endpage(); exit; } function bet() { global $ir,$c,$userid,$h; if ($ir['money']<$_POST['amount']) { echo 'Error - You dont have that much money. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_POST['amount']<=0) { echo 'Error - You cant bet under $1. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } $max=$ir['level']*5; if ($_POST['amount']>$max) { echo 'Error - Max Bet Exceeded. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_SESSION['card']==0) { $card=mt_rand(1,10); $_SESSION['card']=$card; } $card=$_SESSION['card']; 71 $amount=$db->real_escape_string($_POST['amount']); this line...................................................................... $_SESSION['bet']=$amount; echo '<h3>High Low</h3>You lay <font color="green">$'.$amount.'</font> on the table The dealer reveals the card '.$card.'. Will you bet on higher or lower? <form action="'.$_SERVER['PHP_SELF'].'?action=bet2" method="POST" /> <select name="decide"> <option value="higher">Higher</option> <option value="lower">Lower</option> </select> <input type="submit" name="submit" value="Decide!" /> </form>'; $h->endpage(); exit; } function bet2() { global $ir,$c,$userid,$h; $dealercard=$_SESSION['card']; $yourcard=mt_rand(1,10); echo '<h3>High Low</h3>You bet '.$_POST['decide'].' The final result is: [b]Dealers Card:[/b] '.$dealercard.' [b]Your Card:[/b] '.$yourcard.' '; $prize=$db->real_escape_string($_SESSION['bet']); $lose=$ir['money']-$prize; $win=$ir['money']+$prize; $_SESSION['bet']=0; $_SESSION['card']=0; if ($yourcard==$dealercard) { echo '<font color="orange">You drew with the dealer!</font> [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_POST['decide']=="higher" && $yourcard>$dealercard) { echo '<font color="green">Congratulations you won $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$win WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="higher" && $yourcard<$dealercard) { echo '<font color="red">Sorry, You lost $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$lose WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="lower" && $yourcard<$dealercard) { echo '<font color="green">Congratulations you won $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$win WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="lower" && $yourcard>$dealercard) { echo '<font color="red">Sorry, you lost $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$lose WHERE userid=$userid", $c); $h->endpage(); exit; } } ?> Quote
Diesl Posted January 22, 2011 Posted January 22, 2011 use $amount=mysql_real_escape_string($_POST['amount']); or $amount=$db->escape($_POST['amount']); what you used doesn't exist. Quote
rulerofzu Posted January 22, 2011 Posted January 22, 2011 Amount is numerical therefore escaping it will do nothing. $amount = abs((int) $_POST['amount']); same with $prize further down or filter_input / filter_validate it. I would also get rid of all those $_SERVER['PHP_SELF'] and replace with the name of the script highlow.php Quote
thebobby Posted January 22, 2011 Author Posted January 22, 2011 so put highlow.php in place of $_SERVER['PHP_SELF'] echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> old code new code look like this : echo 'You are already in a game of high low. <form action="'.highlow.php.'?action=bet" method="POST" /> also it will not let me bet or even type in amount to bet Quote
Danny696 Posted January 22, 2011 Posted January 22, 2011 Why are you adding a . after the action=" and before the ?action Thats why its not working.. I suggest you remove all the $_SERVER['PHP-SELF'] and the .'s completey, and leave it as action="?action=bet" Quote
Diesl Posted January 22, 2011 Posted January 22, 2011 so put highlow.php in place of $_SERVER['PHP_SELF'] echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> old code new code look like this : echo 'You are already in a game of high low. <form action="'.highlow.php.'?action=bet" method="POST" /> also it will not let me bet or even type in amount to bet <form action="highlow.php?action=bet" method="POST" > by doing "/>" at the end of that code bit, you are closing the form tag before you even are able to use any inputs. Quote
thebobby Posted January 23, 2011 Author Posted January 23, 2011 all fixed Thanks guys and blade Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.