1

I'm new to PHP and HTML so go easy if you will :)

So I have this problem where when a user enters their steam trade-link into the field, it saves it as a tlink, which then converts it into a php variable (i think) called $link. So then I have a href so when they click on it, it starts a new tradeoffer with them.

mysql_query("UPDATE users SET `tlink`='$link' WHERE `steamid`='$steam'");



<a class="btn btn-primary btn-lg" style="text-decoration: none;" href="<?php echo $link;?>" target="_blank" >DEPOSIT </a>;

When you logon to my website I make you enter in your steamtrade URL and it saves that, which you can see below, but what happens is that you then click on a button called 'DEPOSIT', and it links you to mywebsitename/Resource%20id%20#4, and instead I want it to link to the steam trade url they previously set. What should I do?

-EDIT FOR BARMAR This is the code that I believes gets 'tlink', unless I'm reading it wrong.

<label for="link" style="color: #678098; font-size: 17pt;font-family: roboto;">Your Steam Trade URL: </label> <input type="text" name="link" class="form-control trade-url-input"style="" id="link" value="<?php echo fetchinfo("tlink","users","steamid",$_SESSION["steamid"]); ?>" placeholder="Link exchange">

is the code that gets 'tlink' and then (I think) 

mysql_query("UPDATE users SET tlink='$link' WHERE steamid='$steam'");

makes it so tlink is equal to $link (unless again im wrong)

Heres my code of me inputting the $link

a class="btn btn-primary btn-lg" style="text-decoration: none;" href="<?php echo $link ?>" target="_blank" >DEPOSIT </a>
fivecentz
  • 11
  • 3
  • 3
    Stop using the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky Apr 14 '17 at 22:31
  • 2
    Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 14 '17 at 22:31
  • @AlexHowansky I appreciate the feedback, I will begin working on that, however how do I fix the issue? – fivecentz Apr 14 '17 at 22:37
  • You'd first have to clarify what the issues is!? Any Errors? What does not work as expected (and what would you expect)? – Jeff Apr 14 '17 at 22:41
  • I guess you're just missing the 'http://' in front of the link. – Jeff Apr 14 '17 at 23:07
  • `$link` appears to contain a resource, not a URL You need to show the code that sets `$link`. – Barmar Apr 14 '17 at 23:17
  • @Barmar " placeholder="Link exchange"> is the code that gets 'tlink' and then (I think) mysql_query("UPDATE users SET `tlink`='$link' WHERE `steamid`='$steam'"); makes it so tlink is equal to $link (unless im wrong.) – fivecentz Apr 15 '17 at 01:56
  • Don't try to put code in comments, there's no formatting. Edit the question to clarify. – Barmar Apr 15 '17 at 15:08
  • @Jeff I tried that, with no luck I don't think $link is the trade-link, but I'm almost positive tlink is. How would I incorporate TLINK into the href? – fivecentz Apr 15 '17 at 19:25
  • I still don't see where you're setting `$link`. It should be a line that begins with `$link =` – Barmar Apr 16 '17 at 20:55
  • From the error you're getting, it looks like you've done something like `$link = mysql_open(...);` You can't put that into a URL. – Barmar Apr 16 '17 at 20:56
  • No I didn't try to do that, I edited the post for you. – fivecentz Apr 17 '17 at 19:03
  • It's a button they click so I put it inside of a href not mysql_open @Barmar – fivecentz Apr 17 '17 at 19:08
  • That's the code that USES the variable. We need to see the code that SETS the variable. Something that begins with `$link =`. – Barmar Apr 17 '17 at 19:10
  • @Barmar I thought the mysqlquery tlink="$link' sets it? I pretty confident that the button saves it as TLINK, and the mysqlquery made it so tlink is equal to $link because I'm unsure how to put the TLINK in the href. – fivecentz Apr 17 '17 at 19:39
  • How would that set the variable? It copies the value of the variable into the SQL. Something has to set it first, e.g. `$link = $_POST['link']` – Barmar Apr 17 '17 at 19:50
  • So if TLINK is the person's steam link, how could I put that into the href i showed – fivecentz Apr 17 '17 at 20:09
  • because unless I'm mistaken _again_ the button saves the input as TLINK which would make sense as tlink would stand for trade-link. – fivecentz Apr 17 '17 at 20:18
  • @Barmar any idea? – fivecentz Apr 21 '17 at 19:21
  • The error message says that the value of `$link` is `Resource id #4`. A resource is what functions like `mysql_open()` or `fopen()` returns, so I think you're reusing the `$link` variable after you do `$link = $_POST['link'];`. But I can't be sure what you're doing wrong unless you post the full script, not just selected lines from it. – Barmar Apr 21 '17 at 19:53
  • Alright forget $link, I know for like a 90% chance that the code above sets TLINK to the tradeurl that the user entered. So what can I do with tlink inside of a href, and what type of variable is tlink? @Barmar – fivecentz Apr 21 '17 at 21:18
  • The problem isn't TLINK, the problem is $link, which you're putting into the URL with `href=""`. You're getting a bogus URL there because `$link` isn't set correctly. – Barmar Apr 21 '17 at 21:22
  • Yes you're right but I believe I've been completely wrong the whole time, if you read the code where the user puts in their trade-url, there's an attribute in there fetchinfo("tlink") so I think that tlink stands for trade-url which can be used to set the href. I don't think link has anything to do with the trade-url at all. I had originally thought that because of the id="link" and because of "set tlink='link''". I might of been wrong this whole time. @Barmar – fivecentz Apr 21 '17 at 21:32
  • @Barmar I'm hoping to fix the website soon, any ideas what is causing the trade url not being inputted when they click on the DEPOSIT button – fivecentz Apr 24 '17 at 21:02
  • I've given up on trying to understand this problem. Sorry I couldn't help you. – Barmar Apr 24 '17 at 21:04
  • Thanks for all your help, but this was just a dumb noobie's mistake. – fivecentz Apr 24 '17 at 21:41

2 Answers2

0

I'm not sure, but I think you should take a look at the urlencode() function.

riandutra
  • 11
  • 3
  • I looked at it for a while and I couldn't really figure out what to do with it, do you have any suggestions for what is currently happening? I need to figure out how to incorporate 'tlink' in the HREF? – fivecentz Apr 15 '17 at 19:25
  • Sorry, I think I didn`t understand your issue. – riandutra Apr 15 '17 at 23:37
  • It's okay, do you have any idea of what to do? – fivecentz Apr 16 '17 at 01:30
  • I still don't know what is the issue. I were not clear to me. Please, rewrite this setence: "What happens is that you click on the 'DEPOSIT' button, and it links you to mywebsitename/Resource%20id%20#4, and instead I want it to link to the steam trade url they previously set. What should I do?". So I can help you. – riandutra Apr 16 '17 at 12:46
  • any ideas on what to do @riandutra – fivecentz Apr 22 '17 at 00:48
  • I still don't know what you exactly want. Do you want to retrieve "link" from MySql related to the logged user? If it is that, so you just do something like this: $retdata = mysql_query("SELECT * FROM users WHERE YOUR CONDITIONS"); $user = mysql_fetch_array($retdata); ">Your tlink However, for security reasons, it is better you user mysqli instead the old mysql. – riandutra Apr 23 '17 at 20:47
  • My href isnt working I need to get the user's tradeURL in the href, but I don't know if $LINK is the tradelink that the user set, or the tlink is the tradelink that the user set. And I dont know how to include either one. – fivecentz Apr 23 '17 at 20:59
0

I'm an actual idiot. The trade link was supposed to be MY TRADE LINK.

Sorry for wasteing all of your times.

fivecentz
  • 11
  • 3