当我将用户名手册设置为Admin时,我的脚本有效,但现在我需要将用户名设置为“。$ _ SESSION ['Username']。”,这对我的代码造成了一些麻烦。
我尝试过以不同的方式设置它,现在我无法弄清楚是否存在更多问题,或者它是否仅仅是用户名不起作用。
我的代码是:
<?php
include "connect.php";
include "head.php";
?>
<?php
$action = $_GET['action'];
if($action == "fight"){
$checkfight = @mysql_fetch_array(@mysql_query("SELECT * FROM fights WHERE User=".$_SESSION['Username']."")); //Check if fight exist
$monstername = $checkfight['monstername'];
$monsterlevel = $checkfight['monsterlevel'];
$monsterdice = $checkfight['monsterdice'];
$monsterhp = $checkfight['monsterhp'];
$monstermana = $checkfight['monstermana'];
$monsterarmor = $checkfight['monsterarmor'];
$monstermindmg = $checkfight['monstermindmg'];
$monstermaxdmg = $checkfight['monstermaxdmg'];
if($checkfight['User'] == 'Admin') {
$selectuser = @mysql_fetch_array(@mysql_query("SELECT * FROM members WHERE Username=".$_SESSION['Username']."")); //loading the user
$currently = $selectuser['Quest'];
$userhp = $selectuser['Life'];
$usermana = $selectuser['Mana'];
$usermindmg = $selectuser['mindmg'];
$usermaxdmg = $selectuser['maxdmg'];
$userdice = $selectuser['dice'];
$fightMonster = @mysql_fetch_array(@mysql_query("UPDATE fights SET Player1hp='$userhp', Player1mana='$usermana', Player1min='$usermindmg', Player1max='$usermaxdmg' WHERE User=".$_SESSION['Username'].""));
} else {
$selectuser = @mysql_fetch_array(@mysql_query("SELECT * FROM members WHERE Username=".$_SESSION['Username'].""));
$currently = $selectuser['Quest'];
$userhp = $selectuser['Life'];
$usermana = $selectuser['Mana'];
$usermindmg = $selectuser['mindmg'];
$usermaxdmg = $selectuser['maxdmg'];
$userdice = $selectuser['dice'];
$MonsterID = $_GET['monster'];
$selectMonster = @mysql_fetch_array(@mysql_query("SELECT * FROM monsters WHERE monsterID='$MonsterID'"));
$monstername = $selectMonster['monstername'];
$monsterlevel = $selectMonster['monsterlevel'];
$monsterdice = $selectMonster['monsterdice'];
$monsterhp = $selectMonster['monsterhp'];
$monstermana = $selectMonster['monstermana'];
$monsterarmor = $selectMonster['monsterarmor'];
$monstermindmg = $selectMonster['monstermindmg'];
$monstermaxdmg = $selectMonster['monstermaxdmg'];
$savefight = @mysql_fetch_array(@mysql_query("INSERT INTO fights SET User=".$_SESSION['Username'].", Player1hp='$userhp', Player1mana='$usermana', Player1min='$usermindmg', Player1max='$usermaxdmg', monstername='$monstername', monsterlevel='$monsterlevel', monsterdice='$monsterdice', monsterhp='$monsterhp', monstermana='$monstermana', monsterarmor='$monsterarmor', monstermindmg='$monstermindmg', monstermaxdmg='$monstermaxdmg'"));
}
?>
<div id="fightcontent">
<div id="fight1">
Health: <?php echo $userhp; ?> <br>
Mana: <?php echo $selectuser['Mana'];?><br>
Damage: <?php echo $selectuser['mindmg']; echo "-"; echo $selectuser['maxdmg'];?>
<br>
<br>
Dice: <?php echo $userdice; ?>
<br>
Quick Slots (3)
</div>
<div id="fight2">
Health: <?php echo $monsterhp; ?>
<br>
<?php
if($monstermana == "1") {
echo "Mana: $monstermana";
} else {}
?>
<?php
if($monsterarmor == "0") {
} else { echo "Armor: $monsterarmor"; }
?>
Damage: <?php echo $monstermindmg; echo "-"; echo $monstermaxdmg;?>
<br>
<br>
Dice: <?php echo $monsterdice; ?>
<br>
Spells / Quickslots
</div>
<div id="dice">
<?php
if($_POST['submit']) {
$selectuser = @mysql_fetch_array(@mysql_query("SELECT * FROM members WHERE Username=".$_SESSION['Username'].""));
$userdice = $selectuser['dice'];
$usermindmg = $selectuser['mindmg'];
$usermaxdmg = $selectuser['maxdmg'];
$MonsterID = $_GET['monster'];
$selectMonster = @mysql_fetch_array(@mysql_query("SELECT * FROM monsters WHERE monsterID='$MonsterID'"));
$monsterdice = $selectMonster['monsterdice'];
?>
<?php
if($userdice == 1){
$player1roll1 = rand(1,6);
$player1roll2 = 0;
$player1roll3 = 0;
}elseif($userdice == 2){
$player1roll1 = rand(1,6);
$player1roll2 = rand(1,6);
$player1roll3 = 0;
}elseif($userdice == 3){
$player1roll1 = rand(1,6);
$player1roll2 = rand(1,6);
$player1roll3 = rand(1,6);
}
?>
<?php
if($monsterdice == 1){
$player2roll1 = rand(1,6);
$player2roll2 = 0;
$player2roll3 = 0;
} elseif($monsterdice == 2){
$player2roll1 = rand(1,6);
$player2roll2 = rand(1,6);
$player2roll3 = 0;
}elseif($monsterdice == 3){
$player2roll1 = rand(1,6);
$player2roll2 = rand(1,6);
$player2roll3 = rand(1,6);
}
?>
<?php
$player1sum = $player1roll1 + $player1roll2 + $player1roll3;
$player2sum = $player2roll1 + $player2roll2 + $player2roll3;
if($player1sum > $player2sum) {
$playerdmg = rand($usermindmg,$usermaxdmg);
$monsterhpnew = $monsterhp - $playerdmg;
$fightMonster2 = @mysql_fetch_array(@mysql_query("UPDATE fights SET Player1hp='$userhp', Player1mana='$usermana', Player1min='$usermindmg', Player1max='$usermaxdmg', monsterdice='$monsterdice', monsterhp='$monsterhpnew', monstermana='$monstermana', monsterarmor='$monsterarmor' WHERE User=".$_SESSION['Username'].""));
echo "You hit ";
echo $monstername ;
echo ", with" ;
echo $playerdmg ;
echo "damage. remaining health:";
echo $monsterhpnew;
echo "<br>";
if($monsterhpnew < 1){
$updatefight = @mysql_fetch_array(@mysql_query("UPDATE members SET Fight=0 WHERE Username='$user'"));
$deletefight = @mysql_fetch_array(@mysql_query("DELETE FROM fights WHERE User='$user'"));
header("Location: quest.php?action=victory&ID=$currently");
echo "You killed him...";
}
}elseif($player2sum > $player1sum) {
echo "Player 2 won";
echo $player1sum ;
echo $player2sum ;
}else{
echo "Draw";
}
echo '<img src="images/dice/'.$player1roll1.'.gif" />'; //echo the image for roll 1 of player 1
echo '<img src="images/dice/'.$player1roll2.'.gif" />'; //echo the image for roll 2 of player 1
echo '<img src="images/dice/'.$player1roll3.'.gif" />'; //echo the image for roll 2 of player 1
echo " VS. ";
echo '<img src="images/dice/'.$player2roll1.'.gif" />'; //echo the image for roll 1 of player 2
echo '<img src="images/dice/'.$player2roll2.'.gif" />'; //echo the image for roll 2 of player 2
}else{
?>
<?php } ?>
<form method="post">
<input type="submit" name="submit" value="Roll dice" />
</form>
<?php } ?>
</div></div>
答案 0 :(得分:1)
在使用$ _SESSION变量之前,您必须调用session_start();
在任何会话代码之前调用此方法。虽然我可能会建议您更多地阅读OO PHP和一些框架。
http://net.tutsplus.com/tutorials/php/object-oriented-php-for-beginners/
这可能是您开始帮助未来编程生涯的良好开端。
答案 1 :(得分:0)
我看不到session_start()
如果您想要访问$ _SESSION
答案 2 :(得分:0)
您可能还希望在您尝试传递或收集的SQL查询中添加引号:Username='".$_SESSION."'"以及上述所有注释。 :)
答案 3 :(得分:0)
您需要start the session才能使用会话变量。只需将session_start()放在脚本的第一行。
避免使用mysql,它是deprecated。
您不需要连接"string" . $var . "string",而是可以使用"string {$var} string",甚至更好,prepared statements。使用PDO就像
$query = $db->prepare("SELECT column FROM table WHERE row1 = ?, row2 = ?");
$query->execute(array($var1, $var2));
这可以避免sql injection并使您的代码更清晰。