我尝试使用在单独的函数中创建的字符串进行插入,但它似乎无法正常工作。
我知道我应该使用switch语句或其他东西,但它现在纯粹是为了测试。
<?php
function newItem($link){
$itemname = mysqli_real_escape_string($link, $_POST['itemname']);
if (strpos($itemname,'<') || strpos($itemname,'>') || strpos($itemname,'?') || strpos($itemname,'/') || strpos($itemname,'='))
{
echo "<script type='text/javascript'>alert('yeah....no');</script>";
} else {
$sql = "SELECT * FROM items WHERE itemname = '$itemname'";
$result = mysqli_query($link,$sql);
if(mysqli_num_rows($result) !== 1){
$sql = "INSERT INTO items(itemname,itemtype,attack,defence,energy)VALUES('$itemname'".RandomStats($link).")";
mysqli_query($link,$sql);
header("location: index.php");
}else{
echo "<script type='text/javascript'>alert('Item name already exists');</script>";
}
}
}
function RandomStats($link){
$rand = rand ( 1 , 100 );
$itemtype = rand (1,3);
$itemtypeString;
if($itemtype = 1){
$itemtypeString = 'Armour';
}
if($itemtype = 2){
$itemtypeString = 'Sword';
}
if($itemtype = 3){
$itemtypeString = 'Shield';
}
if($rand <= 50){
//common
$attack = rand (1 , 50);
$defence = rand (1 , 50);
$energy = rand (1 , 50);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >50 and $rand <= 80){
//rare
$attack = rand (1 , 100);
$defence = rand (1 , 100);
$energy = rand (1 , 100);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >80 and $rand <= 98){
//exotic
$attack = rand (1 , 150);
$defence = rand (1 , 150);
$energy = rand (1 , 150);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
if ($rand >98 and $rand <= 100){
//ledgendary
$attack = rand (1 , 200);
$defence = rand (1 , 200);
$energy = rand (1 , 200);
$ItemStats = "','".$itemtypeString."','".$attack."','".$defence."','".$energy."'";
}
return $ItemStats;
}
?>
只是因为我创建字符串的方式我使语句不正确或者是其他内容吗?
答案 0 :(得分:0)
我在开始时有一个额外的'在执行u_mulder帮助我的调试后不需要