newttster Posted February 2, 2011 Posted February 2, 2011 I am trying to design my very first mod in php for my game. What it will do is allow a player to choose 3 characters to work with. Each has their own name, type, gender and alignment. Each character is developed independantly from the other. This is what I have so far ... unfortunately I keep getting an error. Parse error: syntax error, unexpected T_STRING in /home/content/84/7099684/html/choices.php on line 64 Any help would be appreciated. Once I get it working I will be putting this in the free mod section. Thanks. <?php include "globals.php"; print " [b]Welcome to the world of ****, {$ir['username']}.[/b] The first thing that you will be doing is choosing your 3 characters, their names, gender, and whether they will be good or evil. [b]There are 4 character types to choose from.[/b] [b]Lycan[/b] - Humanoid like creatures that were once human. These beings were bitten by other infected lycans thus transforming them. [b]Vampire[/b] - Beings that were once human that have been turned into the undead. They now survive on the blood of other beings. [b]Angels[/b] - Beings that have chosen to leave Nirvana in order to defend mankind. [b]Demons[/b] - Beings originally created to do Dante's work that have since evolved to become a force in their own right and serve only themselves now. [b]Choose your characters.[/b]"; switch($_GET['action']) { case 'characterone': character_one(); break; case 'charactertwo': character_two(); break; case 'characterthree': character_three(); break; } { print "<a href='choices.php?action=characterone')Your first character.</a>"; } { print "<a href='choices.php?action=charactertwo')Your second character.</a>"; } { print "<a href='choices.php?action=characterthree')Your third character.</a>"; } function character_one() { global $db,$ir,$userid,$h; //$name='charname'; //$type='type'; //$gender='gender'; //$alignment='alignemnt'; { print " <form action='choices.php?action=characterone' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select> } { <option value='Male'>Male</option> <option value='Female'>Female</option> </select> } { <option value='Good'>Good</option> <option value='Evil'>Evil</option> </select> } Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character One'/> </form>; $db->query("INSERT INTO charone VALUES ('$name','$type','$gender','$alignment')"); } function character_two() { global $db,$ir,$userid,$h; $name='charname'; $type='type'; $gender='gender'; $alignment='alignment'; { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select> } { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Male'>Male</option> <option value='Female'>Female</option> </select> } { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Good'>Good</option> <option value='Evil'>Evil</option> </select> } Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character Two'/> </form>; $db->query("INSERT INTO chartwo VALUES('$name','$type','$gender','$alignment')"); } function character_three() { global $db,$ir,$userid,$h; $name='charname'; $type='type'; $gender='gender'; $alignment='alignment'; } { print " <form action='choices.php?action=characterthree' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select> } { print " <form action='choices.php?action=characterthree' method='post'> <option value='Male'>Male</option> <option value='Female'>Female</option> </select> } { print " <form action='choices.php?action=characterthree' method='post'> <option value='Good'>Good</option> <option value='Evil'>Evil</option> </select> } Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character Three'/> </form>; $db->query("INSERT INTO charthree VALUES('$name','$type','$gender','$alignment')"); } $h->endpage(); ?> Quote
NationGamer Posted February 2, 2011 Posted February 2, 2011 some feed back there was about 20 errors REMEMBER 1) never mix html and php 2)always open and close print e.g print "hello"; 3) it is spose to be closed like <a href='hello'>Hello just some feedback that might help you in future when making your mods try this tested and working: <?php include "globals.php"; print " [b]Welcome to the world of ****, {$ir['username']}.[/b] The first thing that you will be doing is choosing your 3 characters, their names, gender, and whether they will be good or evil. [b]There are 4 character types to choose from.[/b] [b]Lycan[/b] - Humanoid like creatures that were once human. These beings were bitten by other infected lycans thus transforming them. [b]Vampire[/b] - Beings that were once human that have been turned into the undead. They now survive on the blood of other beings. [b]Angels[/b] - Beings that have chosen to leave Nirvana in order to defend mankind. [b]Demons[/b] - Beings originally created to do Dante's work that have since evolved to become a force in their own right and serve only themselves now. [b]Choose your characters.[/b]"; switch($_GET['action']) { case 'characterone': character_one(); break; case 'charactertwo': character_two(); break; case 'characterthree': character_three(); break; } { print "[url='choices.php?action=characterone']Your first character.[/url]"; } { print "[url='choices.php?action=charactertwo']Your second character.[/url]"; } { print "[url='choices.php?action=characterthree']Your third character.[/url]"; } function character_one() { global $db,$ir,$userid,$h; //$name='charname'; //$type='type'; //$gender='gender'; //$alignment='alignemnt'; { print " <form action='choices.php?action=characterone' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select>"; } { print "<option value='Male'>Male</option> <option value='Female'>Female</option> </select>"; } { print "<option value='Good'>Good</option> <option value='Evil'>Evil</option> </select>"; } print "Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character One'/> </form>"; $db->query("INSERT INTO charone VALUES ('$name','$type','$gender','$alignment')"); } function character_two() { global $db,$ir,$userid,$h; $name='charname'; $type='type'; $gender='gender'; $alignment='alignment'; { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select>"; } { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Male'>Male</option> <option value='Female'>Female</option> </select>"; } { print " <form action='choices.php?action=charactertwo' method='post'> <option value='Good'>Good</option> <option value='Evil'>Evil</option> </select>"; } print "Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character Two'/> </form>"; $db->query("INSERT INTO chartwo VALUES('$name','$type','$gender','$alignment')"); } function character_three() { global $db,$ir,$userid,$h; $name='charname'; $type='type'; $gender='gender'; $alignment='alignment'; } { print " <form action='choices.php?action=characterthree' method='post'> <option value='Lycan'>Lycan</option> <option value='Vampire'>Vampire</option> <option value='Angel'>Angel</option> <option value='Demon'>Demon</option> </select>"; } { print " <form action='choices.php?action=characterthree' method='post'> <option value='Male'>Male</option> <option value='Female'>Female</option> </select>"; { print " <form action='choices.php?action=characterthree' method='post'> <option value='Good'>Good</option> <option value='Evil'>Evil</option> </select>"; } print "Name this character:<input type='text' name='charname' size='20'/> <input type='submit' value='Submit Character Three'/> </form>"; $db->query("INSERT INTO charthree VALUES('$name','$type','$gender','$alignment')"); } $h->endpage(); ?> Quote
Diesl Posted February 2, 2011 Posted February 2, 2011 @nationgamer my mistake, you are correct. Quote
NationGamer Posted February 2, 2011 Posted February 2, 2011 WRONG you dont have to declare what fields aslong as they are in the correct order and you are inserting all the values into that table mccodes uses that query all over you never have to declare every field name Quote
rulerofzu Posted February 2, 2011 Posted February 2, 2011 Diesl is correct that you need to specify unless the table you are entering the data into only has those fields in that order. For example ID, ID2, ID3, ID4 insert into 4 id's fine no problem ID,ID2,ID3,ID4 insert into only two ID, ID4 and you dont specify which then what? do you expect the code and database to have a quick chat and discuss which are the correct fields? Quote
newttster Posted February 2, 2011 Author Posted February 2, 2011 [align=justify]Thank you, NationGamer for the help on the tags.[/align] [align=justify]I understand what you have said about specifying the fields that the data has to go into on the tables. The three tables that I have created are charone, chartwo and charthree and each table has 4 fields ... charname, type, gender and alignment. The field names are in that order on all three tables. I do not have a primary key set though. [/align] [align=justify]When I'm declaring the variables .. do I have to state the table name with it. IE. $name={charone['charname']} or is declaring as $name='charname' sufficient when within a function. [/align] Quote
newttster Posted February 23, 2011 Author Posted February 23, 2011 Okay .. I have made some changes to the way I am trying to get this to work. I would like to say thanks to Dayo for his assistance in regards to getting the userid portion of this to work. <?php include_once "globals.php"; global $db, $ir, $c, $userid, $h; $type=$_POST['type1']; $name=$_POST['charname1']; $gender=$_POST['gender1']; $alignment=$_POST['alignment1']; $lycan_status='unchecked'; $vampire_status='unchecked'; $angel_status='unchecked'; $demon_status='unchecked'; $male_status='unchecked'; $female_status='unchecked'; $good_status='unchecked'; $evil_status='unchecked'; print " <u>[b]<form action='characterone.php' method='post'> Type in your first characters name.</u>[/b] <input type='test' size='10' maxlength='40' name='charname1'> </form>"; if(isset($_POST['submit1'])){ $selected_radio=$_POST['type1']; if($selected_radio=='lycan'){ $lycan_status='checked'; } else if($selected_radio=='vampire'){ $vampire_status='checked'; } else if($selected_radio=='angel'){ $angel_status='checked'; } else if($selected_radio=='demon'){ $demon_status='checked'; } } print "<u>[b]Choose your first characters type.</u>[/b] <form action='characterone.php' method='post'> Lycan<input type='radio' name='type' value='lycan' /> Vampire<input type='radio' name='type' value='vampire' /> Angel<input type='radio' name='type' value='angel' /> Demon<input type='radio' name='type' value='demon' /> </form>"; if(isset($_POST['submit1']));{ $selected_radioa=$_POST['gender1']; if($selected_radioa=='male'){ $male_status='checked'; } else if($selected_radioa=='female'){ $female_status='checked'; } } print "<u>[b]Choose your first characters gender.</u>[/b] <form action='characterone.php' method='post'> Male<input type='radio' name='gender' value='male' /> Female<input type='radio' name='gender' value='female' /> </form>"; if(isset($_POST['submit1']));{ $selected_radiob=$_POST['alignment1']; if($selected_radiob=='good'){ $good_status='checked'; } else if($selected_radiob=='evil'){ $evil_status='checked'; } } print "<u>[b]Choose your first characters alignment.</u>[/b] <form action='characterone.php' method='post'> Good<input type='radio' name='alignment' value='good' /> Evil<input type='radio' name='alignment' value='evil' /> <input type='submit' name='submit1' value='Submit your first character.'> </form> "; $db->query("INSERT INTO charone VALUES('".$ir['userid']."','$name','$type','$gender','$alignment')"); $h->endpage(); ?> So the problem I am having is that it will not wirte to the table. Equinox explained it this way ...""It's because you're posting the data, and then requiring the data to be posted again, so the first post has now expired."" And he suggested adding this to the code ...""<input type = 'hidden' name = 'submit1' /> "". He told me that I needed to add it to the new forms. I have tried this and so far have not been able to get it to work ... any suggestions where I would put this so that all data is written to the fields. Thanks a bunch, folks. Quote
a_bertrand Posted February 23, 2011 Posted February 23, 2011 I didn't dig much into your code, but I can tell you already that it is un-secure: $db->query("INSERT INTO charone VALUES('".$ir['userid']."','$name','$type','$gender','$alignment')"); NEVER, and I repeat myself NEVER let any $_POST, $_COOKIE, $_GET variables / parameters directly go into the database! As anyone can send whatever they want and hack your game. So first things is to at least to use mysql_real_escape_string for all the string values, and intval for all the integers (I personally don't use intval instead do something like ($val+0) which will validate floats and ints in your case: $db->query("INSERT INTO charone VALUES('".$ir['userid']."','".mysql_real_escape_string($name)."','".mysql_real_escape_string($type)."','".mysql_real_escape_string($gender)."','".mysql_real_escape_string($alignment)."')"); second thing, doing an insert into a table without specifying the columns is dangerous, as if you modify your table structure it will not work anymore, therefore it is a good habit to always define which columns you will use for the insert statement: [mysql] INSERT INTO charone(id,name,gender,alignement) VALUES(...) [/mysql] Quote
Equinox Posted February 23, 2011 Posted February 23, 2011 Well, you're posting the data that's been input by the user, and then have another form that needs to be submitted before the database entry is made. So you send the data and then send new data without re-sending the old. I know this sounds weird and I've probably explained it wrong. But I'm tired and my fingers hurt. Quote
newttster Posted February 24, 2011 Author Posted February 24, 2011 @ a_bertrand ~ Thank you for that information. I will certainly use that in future when trying to create mods. I understand why I would need to secure the text input for the character name ... but why would I need to secure a radio button, unless there is something about radio buttons that I am missing??? @ Equinox ~ I understand what it is you are saying ... what I don't understand is why it is resending the data when I only have one submit button for all the information that needs to be sent to the table on line 69. I am trying to understand what the mistake is that I am making in regards to this so that it doesn't happen again. From the way I am reading my code, I have the user enter the character name they would like, then they would use the radio buttons to choose type, gender and alignment and it all gets submitted with the one submit button at the end. I guess what is hanging me up on this is I don't see where I am sending the data more than once as you suggested Equinox. (pulls hair out) What am I not seeing? Quote
a_bertrand Posted February 24, 2011 Posted February 24, 2011 Because you never know if it is really a radio button, users can change ANY field data and feed it to your PHP, therefore you cannot trust anything coming back from the browser. Quote
newttster Posted February 24, 2011 Author Posted February 24, 2011 Okay ... thank you for that a_bertrand. I was not aware that checkboxes, radio buttons etc could be hacked. But then ... I suppose anything given enough time and patience could be. I understand that people will always try and beat the system ... no matter what the system ... so I greatly appreciate your help and suggestions in regards to this. Thank you. Quote
Paul Evans Posted February 26, 2011 Posted February 26, 2011 im very confused about what someone said earlier about never mixing html and php... what exactly do you mean by that? Quote
Joshua Posted February 26, 2011 Posted February 26, 2011 Radio Buttons/Submit buttons and the like can be altered using Firebug Install it on your firefox browser and have a play around with it. It's almost scary ;) Quote
newttster Posted February 26, 2011 Author Posted February 26, 2011 @ Joshua ... so I have learned. I am definately going to be following a_betrand's advice in regards to security in regards to any type of submission to the db. @ Paul ... I'm not sure but I think he is referring to his point 3) in his post, though I could be wrong. Quote
Paul Evans Posted February 26, 2011 Posted February 26, 2011 @ joshua actually firebug is just a easier way of doing it i used to do it with html files... lol did it on MD when it first came out to actually post announcements when i wasn't staff... @newttster maybe i just found it rather confusing advice lol Quote
newttster Posted February 26, 2011 Author Posted February 26, 2011 Well, Paul ... I certainly did that's for sure. *shrugs* But then as I am just learning ... there is a great deal that I am finding confusing. :P Quote
Paul Evans Posted February 26, 2011 Posted February 26, 2011 i would start off slowly and review other peoples work and maybe take a look at any function you don't understand on php.net It's impossible to know it all even i don't know it all and i've been messing with it since i was 13 lol I can show you a nicely secure file if you want ill post one up sometime or just PM me on here. Quote
newttster Posted February 26, 2011 Author Posted February 26, 2011 Thank you, Paul. I appreciate that. I have been doing just that actually. I have been playing with some of the free mods and using some lines of the code and integrating it into other mods to see if I can get them to work ... so far I've been having good results with that. My problems arise when I try and create my own. My goal right now is to create one that works first and then I will go about securing it. I know it will be a long process, any type of coding/programming always is. I'm stubborn ... so I just cross my fingers and keep on trying. :D Quote
Djkanna Posted February 27, 2011 Posted February 27, 2011 im very confused about what someone said earlier about never mixing html and php... what exactly do you mean by that? Take note of function blah () { echo 'KIKIK } <input> <etc> That was just looking at the original code. I always thought that statement referred to something like <?php $var = 'lol'; echo ' Something is '.$var.'</p>'; ?> Could be done a little better <?php $var = 'lol'; ?> Something is <?php echo $var; ?></p> Which is true, and also why MVC makes the above much easier to do, separating logic from markup. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.