-1

I wrote a function to get data from db users but i recive this error message:

24-Nov-2018 15:06:58 UTC] PHP Notice: MySQL error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

SELECT credits, 0 AS day_winnings, lifetime_winnings FROM 5fa_users WHERE id = ;

in /home3/jcodedes/public_html/slots/db.php on line 95 [24-Nov-2018 15:06:59 UTC] PHP Notice: MySQL error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

SELECT credits, 0 AS day_winnings, lifetime_winnings FROM 5fa_users WHERE id = ;

in /home3/jcodedes/public_html/slots/db.php on line 95

This is the code:

<?php

class Users {

    // This function gets called *a lot*, so it must be very quick to run. Cache stuff if necessary.
    public static function LoggedUserID() {
        return isset($_SESSION['ID']) ? $_SESSION['ID'] : null;
    }

    // Must return credits, day_winnings and lifetine_winnings
    // Day_winnings may be implemented in multiple different ways. The server doesn't implement them as-is
    public static function GetUserData($ID) {
        return DB::SingleRow("SELECT credits, 0 AS day_winnings, lifetime_winnings FROM 5fa_users WHERE id = " . DB::DQ($ID) . ";");
    }

    public static function IncrementSlotMachineSpins($ID) {
        DB::Execute("UPDATE 5fa_users SET spins = spins + 1 WHERE id = " . DB::DQ($ID) . ";");
    }

    public static function DeductCredits($ID, $bet) {
        DB::Execute("UPDATE 5fa_users SET credits = credits - " . DB::DQ($bet) . " WHERE id = " . DB::DQ($ID) . ";");
        // If you have any sort of audit for your user's credits, you want to log into that
    }
    public static function IncreaseCredits($ID, $payout) {
        DB::Execute("UPDATE 5fa_users SET credits = credits + " . DB::DQ($payout) . " WHERE id = " . DB::DQ($ID) . ";");
        // If you have any sort of audit for your user's credits, you want to log into that
    }
    public static function IncreaseWinnings($ID, $payout) {
        DB::Execute("UPDATE 5fa_users SET lifetime_winnings = lifetime_winnings + " . DB::DQ($payout) . " WHERE id = " . DB::DQ($ID) . ";");
        // If you have any sort of audit for your user's credits, you want to log into that
        // If you keep track of day_winnings, you probably want to update them here too
    }

    public static function HasEnoughCredits($ID, $bet){
        $userData = self::GetUserData($ID);
        return ($userData['credits'] >= $bet);
    }

}

What i can do to solve it?

jonnyf
  • 21
  • 6
  • 3
    It means that the value for `DB::DQ($ID)` is either blank or missing. – Nigel Ren Nov 24 '18 at 15:19
  • I have an user in db but i don't understand if is a db connection problem or what. Becouse other db funcion works good – jonnyf Nov 24 '18 at 15:21
  • When you call `Users::GetUserData()`, does the argument you are passing have a value? – Kevin van Zyl Nov 24 '18 at 15:26
  • Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Progman Nov 24 '18 at 16:46

1 Answers1

1

Are you sure that the DB::DQ($ID) is returning the id?

You can notice in the error message, the SQL executed is:

SELECT credits, 0 AS day_winnings, lifetime_winnings FROM 5fa_users WHERE id = ;

The id is empty. Wich could mean that either the function is not returning the id or the function is not receiving the id.

Pedro Jannotti
  • 71
  • 4