thebobby Posted January 22, 2011 Share Posted January 22, 2011 <?php /*----------------------------------------------------- -- High Low (Free Source) -- Copyright held 2007-2008 Isomerizer.com -- highlow.php -----------------------------------------------------*/ require "globals.php"; switch($_GET['action']) { default: highlow_index(); break; case 'bet': bet(); break; case 'bet2': bet2(); break; } if ($_GET['action']!="bet" || $_GET['action']!="bet2") { echo 'What are you doing? [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } function highlow_index() { global $ir,$c,$userid,$h; if ($_SESSION['card']!=0 || $_SESSION['bet']!=0) { $recent=$_SESSION['bet']; echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> <input type="hidden" name="amount" value="'.$recent.'" /> <input type="submit" name="submit" value="Continue" /> </form>'; $h->endpage(); exit; } $max=$ir['level']*5; echo '<h3>High Low</h3>Welcome to the casino game of High Low, There are 10 cards, 1 to 10. You must pick either lower or higher to win. [b]State your wager: [i](Your max bet is $'.$max.')[/i][/b] <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> Bet: $<input type="text" name="amount" /> <input type="submit" name="submit" value="Bet!" /> </form> <font color="green">The maximum bet is your current level x $5.</font>'; $h->endpage(); exit; } function bet() { global $ir,$c,$userid,$h; if ($ir['money']<$_POST['amount']) { echo 'Error - You dont have that much money. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_POST['amount']<=0) { echo 'Error - You cant bet under $1. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } $max=$ir['level']*5; if ($_POST['amount']>$max) { echo 'Error - Max Bet Exceeded. [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_SESSION['card']==0) { $card=mt_rand(1,10); $_SESSION['card']=$card; } $card=$_SESSION['card']; 71 $amount=$db->real_escape_string($_POST['amount']); this line...................................................................... $_SESSION['bet']=$amount; echo '<h3>High Low</h3>You lay <font color="green">$'.$amount.'</font> on the table The dealer reveals the card '.$card.'. Will you bet on higher or lower? <form action="'.$_SERVER['PHP_SELF'].'?action=bet2" method="POST" /> <select name="decide"> <option value="higher">Higher</option> <option value="lower">Lower</option> </select> <input type="submit" name="submit" value="Decide!" /> </form>'; $h->endpage(); exit; } function bet2() { global $ir,$c,$userid,$h; $dealercard=$_SESSION['card']; $yourcard=mt_rand(1,10); echo '<h3>High Low</h3>You bet '.$_POST['decide'].' The final result is: [b]Dealers Card:[/b] '.$dealercard.' [b]Your Card:[/b] '.$yourcard.' '; $prize=$db->real_escape_string($_SESSION['bet']); $lose=$ir['money']-$prize; $win=$ir['money']+$prize; $_SESSION['bet']=0; $_SESSION['card']=0; if ($yourcard==$dealercard) { echo '<font color="orange">You drew with the dealer!</font> [url="highlow.php"]Back[/url]'; $h->endpage(); exit; } if ($_POST['decide']=="higher" && $yourcard>$dealercard) { echo '<font color="green">Congratulations you won $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$win WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="higher" && $yourcard<$dealercard) { echo '<font color="red">Sorry, You lost $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$lose WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="lower" && $yourcard<$dealercard) { echo '<font color="green">Congratulations you won $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$win WHERE userid=$userid", $c); $h->endpage(); exit; } if ($_POST['decide']=="lower" && $yourcard>$dealercard) { echo '<font color="red">Sorry, you lost $'.$prize.' !</font> [url="highlow.php"]Back[/url]'; $db->query("UPDATE users SET money=$lose WHERE userid=$userid", $c); $h->endpage(); exit; } } ?> Quote Link to comment Share on other sites More sharing options...
Diesl Posted January 22, 2011 Share Posted January 22, 2011 use $amount=mysql_real_escape_string($_POST['amount']); or $amount=$db->escape($_POST['amount']); what you used doesn't exist. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted January 22, 2011 Share Posted January 22, 2011 Amount is numerical therefore escaping it will do nothing. $amount = abs((int) $_POST['amount']); same with $prize further down or filter_input / filter_validate it. I would also get rid of all those $_SERVER['PHP_SELF'] and replace with the name of the script highlow.php Quote Link to comment Share on other sites More sharing options...
thebobby Posted January 22, 2011 Author Share Posted January 22, 2011 so put highlow.php in place of $_SERVER['PHP_SELF'] echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> old code new code look like this : echo 'You are already in a game of high low. <form action="'.highlow.php.'?action=bet" method="POST" /> also it will not let me bet or even type in amount to bet Quote Link to comment Share on other sites More sharing options...
Danny696 Posted January 22, 2011 Share Posted January 22, 2011 Why are you adding a . after the action=" and before the ?action Thats why its not working.. I suggest you remove all the $_SERVER['PHP-SELF'] and the .'s completey, and leave it as action="?action=bet" Quote Link to comment Share on other sites More sharing options...
Diesl Posted January 22, 2011 Share Posted January 22, 2011 so put highlow.php in place of $_SERVER['PHP_SELF'] echo 'You are already in a game of high low. <form action="'.$_SERVER['PHP_SELF'].'?action=bet" method="POST" /> old code new code look like this : echo 'You are already in a game of high low. <form action="'.highlow.php.'?action=bet" method="POST" /> also it will not let me bet or even type in amount to bet <form action="highlow.php?action=bet" method="POST" > by doing "/>" at the end of that code bit, you are closing the form tag before you even are able to use any inputs. Quote Link to comment Share on other sites More sharing options...
thebobby Posted January 23, 2011 Author Share Posted January 23, 2011 all fixed Thanks guys and blade Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.