0

I've been working on a mafia game, in PHP. And I'm on to the Crimes page. I want it to be done by the database, so I can add crimes etc whenever. I've managed to make it echo the Crime names and payouts to the page, but I'm having trouble when pressing the commit button.

I hope this makes sense.

$getCrimes = mysql_query("SELECT * FROM crimes ORDER BY crimeid ASC");
$thepost = $_POST['crimeid'];

if ($_POST['commit']) {
    $crimethingy = $_POST['crimeid'];
    $getArray = mysql_fetch_array(mysql_query("SELECT * FROM crimes WHERE crimeid = '$thepost'"));
    $theID = $getArray['crimeid'];
    $theName = $getArray['crimename'];
    if ($crimethingy > 0) {
        echo $theName;
    }
}

while ($crimeRows = mysql_fetch_array($getCrimes)) {
    $crime_id = $_POST['crimeid'];
    $crimeID = $crimeRows['crimeid'];
    $crimeName = $crimeRows['crimename'];
    $lowestPayout = $crimeRows['payoutlow'];
    $highestPayout = $crimeRows['payouthigh'];

    echo
    "
      <table cellpadding='2' cellspacing='1' width='75%' class='content-cell' align='center' style='margin-top: 5px; margin-bottom: 5px;'>
        <tr><td class='header'>Avaliability</td></tr>
        <tr><td class='content' style='height: 50px;'>
          <i style='font-size: 13px;'><center>$crimeName</center></i>
          <br>
          <i style='font-size: 11px;'><center>&pound;$lowestPayout - &pound;$highestPayout</center></i>
        </td></tr>
        <tr><td class='header'><input type='hidden' name='crimeid' value='$crimeID'>
        <input type='submit' name='commit' value='Commit' style='width: 100%' class='submit'></td></tr>
      </table>
    ";
}

This is my code. The top part only echos out one of the crime names, not the other.

fusion3k
  • 11,568
  • 4
  • 25
  • 47
Jack Davies
  • 3
  • 3
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 12 '16 at 21:14
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 12 '16 at 21:14
  • 1
    Could you try to explain a bit what you expect to get and what you do get? – MortenSickel Feb 12 '16 at 21:14
  • What trouble are you having when you press the commit button? – Jay Blanchard Feb 12 '16 at 21:14
  • It's hard to explain, when I press commit: i want it to choose the ID from the database and then get the data (like payouts and things) – Jack Davies Feb 12 '16 at 21:15
  • When I click the commit button - it chooses the crime with ID 2, not 1. – Jack Davies Feb 12 '16 at 21:16
  • Sorry, edited because I saw your latest comment. You are putting everything into a single form with multiple submit buttons. As the crimeid is duplicated multiple times, only a single value is taken. You need separate forms for each id. – fully stacked geek Feb 12 '16 at 21:16

0 Answers0