会话变量未设置

时间:2011-12-29 11:51:53

标签: php mysql sql

大家好,我已经建立了一个战斗脚本,但现在我注意到当我尝试添加一个新的sql更新时,它没有将健身房领导者存储在会话变量中。 所以用户去了battle.php?gymleader = nick

然后我抓住昵称并将其存储在一个会话变量中,之后我将其用于sql注入等。然后我搜索数据库以找出怪物“昵称”然后显示怪物然后主战斗脚本来了当他们去健身房时会带他们去战斗.php?gymleader = nick然后一旦他们进入战斗就会把他们带到battle.php所以我认为它存储了“缺口”然后用户选择然后它将它们重定向到只有battle.php然后它再次存储可用的任何东西?

它的战斗方面运作完美似乎没有存储$ _SESSION ['gymleader']我已经说过我认为它存储了两次。当用户第一次来到他的页面时,它设置正确,然后他们选择一个移动并将它们重定向到battle.php而不是battle.php?gymleader = nick然后它设置了gymleader什么都没猜测?

这是战斗剧本

<?php
include 'config.php'; 

print_r ($_SESSION);
/// Here we unset the win / lost status
unset($_SESSION['battle_won']); 
unset($_SESSION['battle_lost']); 



$_SESSION['gymleader'] = mysql_escape_string($_GET['gymleader']);


//// here we get the users first monster
$sql = "SELECT * FROM user_pokemon WHERE belongsto='".$_SESSION['username']."' AND slot=1";
$result = mysql_query($sql) or die(mysql_error());
$battle_get = mysql_fetch_array($result);

$sql23 = "SELECT * FROM gyms WHERE leader='".$_SESSION['gymleader']."'";
$result23 = mysql_query($sql23) or die(mysql_error());
$battle_get23 = mysql_fetch_array($result23);




/// Here we get the image of the pokemon and any other info we need
$sql2 = "SELECT * FROM `pokemon` WHERE `name` = '" . $battle_get['pokemon'] . "'";
    $result = mysql_query($sql2) or die(mysql_error());
    $values = mysql_fetch_array($result);




////// Now we make there hp up from there level
$a = $battle_get['level'] ;
$b = 5;
$hpofuserpokemon = ($a * $B) ;
///// We make a random number up to take the hp down by
srand ((double) microtime( )*1000000);
$random_number = rand(0,10);

srand ((double) microtime( )*1000000);
$random_number2 = rand(0,13);
?>
  <?php
unset($_SESSION['battle_won']); 
unset($_SESSION['battle_lost']); 
///// now we check to see if user is all ready in  a battle we don't want to fill up database with fake battles

$sql12 = "SELECT * FROM battle WHERE username='".$_SESSION['username']."'";
$result12 = mysql_query($sql12) or die(mysql_error());
$battle_get12 = mysql_fetch_array($result12);

/// Here we do if there is a result we echo out nothing. Else if there is no battles stored we make one for them seen has were nice
if  ($battle_get12['win'] == 1 )
  echo " ";
else

mysql_query("INSERT INTO battle 
(username, hp, win, pokemon1name, pokemon_pic, gympokemon1, gympokemon1hp, gympokemon1pic, levelofgym) VALUES('".$_SESSION['username']."','".$hpofuserpokemon."', 1,'".$battle_get['pokemon']."','http://www.pokemontoxic.net/Geodude.png' ,'".$battle_get23['gympokemon1']."','".$battle_get23['gympokemon1hp']."','".$battle_get23['gympokemon1pic']."','".$battle_get23['level']."' )
 ") or die(mysql_error());  

 $_SESSION['gymlevel'] = mysql_escape_string($battle_get23['level']);

?>
  <?php
//// Here we check if users hp is under 0 or 0 meaning there dead
if  ($battle_get12['hp']  < 0)
 {
   echo "You Lost the battle !!";


   mysql_query("DELETE FROM battle WHERE username='".$_SESSION['username']."'")
or die(mysql_error());  
$_SESSION["battle_lost"] = 1 ;
 echo '<META HTTP-EQUIV="Refresh" Content="0; URL=battle_select.php?type=gym">';   

   die();

}
else {
print ("");
}
?>
  <?php
/// Here is the most inport thing if the gyms pokemon has less than 0hp we give them the money etc....
if  ($battle_get12['gympokemon1hp'] < 0)
 {
  $result3123123 = mysql_query("UPDATE users SET money=money+60 WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());

$result3132131321 = mysql_query("UPDATE user_pokemon SET level=level+1 WHERE belongsto = '".$_SESSION['username']."' AND slot=1 AND pokemon = '".$battle_get['pokemon']."'");

  $result31231236 = mysql_query("UPDATE battle SET onpokemon=onpokemon+1 WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());



$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());  



echo"You have won the battle. Please go back to the gym list to battle again.";
$_SESSION["battle_won"] = 1 ;
 echo '<META HTTP-EQUIV="Refresh" Content="0; URL=battle_select.php?type=gym">';   

    exit;    


   die();

}
else
  echo ""; 
?>
  <?php
//// Now we wanna check to see if user has pressed the button to attack i wonder if they have ?

if(isset($_POST["action"]))
{
   /// we take hp from the player
  $hpdown = mysql_query("UPDATE battle SET hp=hp-".$random_number." WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
   /// at the same time we take hp from the enermy

   $enermy = mysql_query("UPDATE battle SET gympokemon1hp=gympokemon1hp-".$random_number2." WHERE username = '{$_SESSION['username']}'")
or die(mysql_error());



    }

?>

您是否可以看到我在页面顶部设置了体育领导者会话

$_SESSION['gymleader'] = mysql_escape_string($_GET['gymleader']);

但是当他们正在战斗时,它会刷新所见的页面并将其全部放在1页并重新设置它?

我在添加

的代码的新位上出错了 
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());

但我猜这是因为会议期间没有任何东西可以参加健身领导者?

使用sql connect

在config.php中启动

会话

2 个答案:

答案 0 :(得分:0)

您必须先启动会话才能将数据保存到会话中。使用php session_start

答案 1 :(得分:0)

session_start();   //Insert this here.

print_r ($_SESSION);
/// Here we unset the win / lost status
unset($_SESSION['battle_won']); 
unset($_SESSION['battle_lost']);

您需要先使用会话,然后再使用它,销毁或取消设置。

相关问题
最新问题