boionfire81 Posted April 25, 2016 Share Posted April 25, 2016 (edited) So I'm working on a backpack system. The idea is members will buy more space for their backpack with crystals (or my case credits). And when traveling they will only be able to access the items they have in their backpack. But getting the items transferred to the backpack is an issue. Here's the form that I have for the transfer <?php require_once('globals.php'); global $db, $userid, $ir; $_GET['ID'] = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(intval($_GET['ID'])) : ''; $_GET['user'] = (isset($_GET['user']) && is_numeric($_GET['user'])) ? abs(intval($_GET['user'])) : ''; $_POST['qty'] = (isset($_POST['qty']) && is_numeric($_POST['qty'])) ? abs(intval($_POST['qty'])) : ''; if (!empty($_POST['qty']) && !empty($_GET['user'])) { $id = $db->query( "SELECT `inv_qty`, `inv_itemid`, `itmname`, `itmid` FROM `inventory` AS `iv` INNER JOIN `backpack` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = {$_GET['ID']} AND iv.`inv_userid` = {$_GET['user']} LIMIT 1"); if ($db->num_rows($id) == 0) { echo 'Invalid item ID'; } else { $r = $db->fetch_row($id); $space = ($ir['maxbackpack'] - $ir['backpack']); $m = $db->query( "SELECT `lastip`,`username` FROM `users` WHERE `userid` = {$_POST['user']} LIMIT 1"); if (!isset($_POST['verf']) || !verify_csrf_code("senditem_{$_GET['ID']}", stripslashes($_POST['verf']))) { echo '<h3>Error</h3><hr /> This transaction has been blocked for your security.<br /> Please send items quickly after you open the form - do not leave it open in tabs.<br /> > <a href="itemsend.php?ID=' . $_GET['ID'] . '">Try Again</a>'; die($h->endpage()); } else if ($_POST['qty'] > $r['inv_qty']) { echo 'You are trying to pack more than you have!'; } else if ($_POST['qty'] > $space) { echo 'You do not have that much room in your backpack'; } else { $rm = $db->fetch_row($m); item_remove($userid, $r['inv_itemid'], $_POST['qty']); $db->query("INSERT INTO `backpack`(`inv_id`, `inv_itemid`, `inv_userid`, `inv_qty`, `inv_lent`, `equip_helmet`, `equip_boots`, `equip_amulet`, `equip_braclet`, `equip_ring`, `equip_special`) VALUES ('',{$_POST['itemid']},{$_POST['userid']},{$_POST['qty']},'','','','','','','')"); echo 'You packed ' . $_POST['qty'] . ' ' . $r['itmname'] . '(s)'; } $db->free_result($m); } $db->free_result($id); } else if (!empty($_GET['ID'])) { $id = $db->query( "SELECT `inv_qty`, `itmname` FROM `inventory` iv INNER JOIN `items` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = {$_GET['ID']} AND `iv`.`inv_userid` = $userid LIMIT 1"); if ($db->num_rows($id) == 0) { echo 'Invalid item ID'; } else { $r = $db->fetch_row($id); $code = request_csrf_code("senditem_{$_GET['ID']}"); $space = ($ir['maxbackpack'] - $ir['backpack']); echo " <b>Enter how many {$r['itmname']} you want to pack. You have {$r['inv_qty']} and $space spaces available.</b> <br /> <form action='packit.php' method='post'> Quantity: <input type='text' name='qty' value='' /> <br /> <input type='hidden' name='userid' value='{$_GET['user']}' /> <input type='hidden' name='ID' value='{$_GET['ID']}'> <input type='hidden' name='verf' value='{$code}' /> <input type='submit' value='Pack' /> </form> "; } $db->free_result($id); } else { echo 'Invalid use of file.'; } $h->endpage(); with the inventory page having this link <a href='packit.php?user={$ir['userid']}&ID={$i['inv_id']}' class='button'>Pack</a> but every submit is a invalid use. btw this is my code, mixed with a multitracker, and the itemsend. Thus the reason, I'm confused here. Edited April 25, 2016 by boionfire81 Quote Link to comment Share on other sites More sharing options...
Zettieee Posted April 25, 2016 Share Posted April 25, 2016 You don't need to get the user's ID... Quote Link to comment Share on other sites More sharing options...
TheMasterGeneral Posted April 25, 2016 Share Posted April 25, 2016 (edited) Yeah, get rid of the user={$ir['userid']}. You can call the user's ID using {$userid} inside the code itself. Basic troubleshooting tells me that you should first echo out the variables you're testing for at the top of the page after they're sanitized. echo $_GET['ID']; echo $_GET['user']; If any of those return nothing, that means you need to recheck your link you setup. I do believe its 100% how you have your conditional setup. Change: if (!empty($_POST['qty']) && !empty($_GET['user'])) To: if ((!empty($_POST['qty'])) && (!empty($_GET['user']))) Let me know the results. Edited April 25, 2016 by TheMasterGeneral Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 26, 2016 Author Share Posted April 26, 2016 yeah, it's in the link structure. {$i['inv_id']} produces the inventory item id. Not the general item id. But, on submit it echos invalid use, maybe because it needs to go to backpack.php afterwards instead of reloading the same page? Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 26, 2016 Author Share Posted April 26, 2016 Ok, UPDATE else { item_remove($userid, $_GET['ID'], $_POST['qty']); $db->query("INSERT INTO `backpack`(`inv_id`, `inv_itemid`, `inv_userid`, `inv_qty`, `inv_lent`, `equip_helmet`, `equip_boots`, `equip_amulet`, `equip_braclet`, `equip_ring`, `equip_special`) VALUES ('{$_POST['ID']}',{$_POST['ID']},{$userid},{$_POST['qty']},'','','','','','','')"); echo 'You packed ' . $_POST['qty'] . ' ' . $r['itmname'] . '(s)'; } A critical error has occurred, and page execution has stopped. Below are the details: 1052: Column 'inv_qty' in field list is ambiguous Action taken: Attempted to execute query: SELECT `inv_qty`, `inv_itemid`, `itmname`, `itmid`, `inv_id` FROM `inventory` AS `iv` INNER JOIN `backpack` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = 156 AND iv.`inv_userid` = 1 LIMIT 1 Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 26, 2016 Share Posted April 26, 2016 do you have inv_qty in your backpack and inventory table? If so, it may not know which one you are talking about so you need to prefix your column names in your select with the table alias'. Much like: select iv.inv_qty, etc, etc Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 26, 2016 Author Share Posted April 26, 2016 ok changed all instances of inv_ to bp_ in phpmyadmin modified the item insert to $db->query("INSERT INTO `backpack`(`bp_id`, `bp_itemid`, `bp_userid`, `bp_qty`, `bp_lent`, `bp_helmet`, `bp_boots`, `bp_amulet`, `bp_braclet`, `bp_ring`, `bp_special`) VALUES ('',{$_POST['ID']},{$userid},{$_POST['qty']},'','','','','','','')"); but not sure about how to mod this part $id = $db->query( "SELECT `inv_qty`, `itmname` FROM `inventory` iv INNER JOIN `items` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = {$_GET['ID']} AND `iv`.`inv_userid` = $userid LIMIT 1"); as is it gives this error: A critical error has occurred, and page execution has stopped. Below are the details: 1054: Unknown column 'itmname' in 'field list' Action taken: Attempted to execute query: SELECT `inv_qty`, `inv_itemid`, `itmname`, `itmid`, `inv_id` FROM `inventory` AS `iv` INNER JOIN `backpack` AS `bp` ON `iv`.`inv_itemid` = `bp`.`itmid` WHERE `iv`.`inv_id` = 156 AND iv.`inv_userid` = 1 LIMIT 1 Quote Link to comment Share on other sites More sharing options...
Coly010 Posted April 26, 2016 Share Posted April 26, 2016 unless itmname is a field in your backpack you are trying to access a field that doesn't exist. Consider joining the items table Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 26, 2016 Author Share Posted April 26, 2016 (edited) Yeah, I'm not good with Inner joins. So here is the new pack it file. <?php /********* Created by: Boi Fixed By: MWG Community This is a FREE mod for McCodes V2 Distribution is ok BUT It is NOT to be sold **********/ require_once('globals.php'); global $db, $userid, $ir; $_GET['ID'] = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(intval($_GET['ID'])) : ''; $_POST['qty'] = (isset($_POST['qty']) && is_numeric($_POST['qty'])) ? abs(intval($_POST['qty'])) : ''; if (!empty($_POST['qty']) && !empty($_POST['ID'])) { $id = $db->query( "SELECT `inv_qty`, `inv_itemid`, `itmname`, `itmid`, `inv_id`, `bp_qty`, `bp_itemid`, `bp_id` FROM `inventory` AS `iv` INNER JOIN `items` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` INNER JOIN `backpack` AS `bp` ON `iv`.`inv_itemid` = `bp`.`bp_itemid` WHERE `iv`.`inv_id` = {$_POST['ID']} AND `bp`.`bp_id` = {$_POST['ID']} AND iv.`inv_userid` = {$userid} LIMIT 1"); if ($db->num_rows($id) == 0) { echo 'Invalid item ID'; } else { $r = $db->fetch_row($id); $space = ($ir['maxbackpack'] - $ir['backpack']); if ($_POST['qty'] > $r['inv_qty']) { echo 'You are trying to pack more than you have!'; } else if ($_POST['qty'] > $space) { echo 'You do not have that much room in your backpack!'; } else { item_remove($userid, $_GET['ID'], $_POST['qty']); $db->query("INSERT INTO `backpack`(`bp_id`, `bp_itemid`, `bp_userid`, `bp_qty`, `bp_lent`, `bp_helmet`, `bp_boots`, `bp_amulet`, `bp_braclet`, `bp_ring`, `bp_special`) VALUES ('',{$_POST['ID']},{$userid},{$_POST['qty']},'','','','','','','')"); echo 'You packed ' . $_POST['qty'] . ' ' . $r['itmname'] . '(s)'; } } $db->free_result($id); } else if (!empty($_GET['ID'])) { $id = $db->query( "SELECT `inv_qty`, `itmname` FROM `inventory` iv INNER JOIN `items` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = {$_GET['ID']} AND `iv`.`inv_userid` = $userid LIMIT 1"); if ($db->num_rows($id) == 0) { echo 'Invalid item ID'; } else { $r = $db->fetch_row($id); $space = ($ir['maxbackpack'] - $ir['backpack']); echo " <b>Enter how many {$r['itmname']} you want to pack. You have {$r['inv_qty']} and $space spaces available.</b> <br /> <form action='packit.php' method='post'> Quantity: <input type='text' name='qty' value='' /> <br /> <input type='hidden' name='userid' value='{$userid}' /> <input type='hidden' name='ID' value='{$_GET['ID']}'> <input type='submit' value='Pack' /> </form>"; } echo $_GET['ID']; $db->free_result($id); } else { echo 'Invalid use of file.'; } $h->endpage(); now it is Invalid item ID Edited April 26, 2016 by boionfire81 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.