0

I create a player's inventory system in PHP and jQuery. Everything works fine, but when the player removes two items from the inventory at once, the last item is transferred to the backpack, duplicated as many times as the items were removed. I hope I have made myself clear enough. I am sending part of the code below.

Javascript:

var bri = $(this).data('id');
const unequipBtn = document.getElementById("unequipBtn_"+bri);

     $(unequipBtn).on('click', function() {
        $(unequipBtn).attr("disabled", "disabled");
        var bri = $(this).data('bri');
        var itemid = $(this).data('itemid');
        var itemcat = $(this).data('itemcat');
        var playerid = $(this).data('pid');
        if(bri!="" && itemcat!="" && itemcat!="" && playerid!=""){
            $.ajax({
                url: "back/actions/unequipItem.action.php",
                type: "POST",
                data: {
                    bri: bri,
                    itemid: itemid,
                    itemcat: itemcat,   
                    playerid: playerid      
                },
                cache: false,
                success: function(dataResult){
                    console.log('GIT'); 
                }
            });

            //window.location.reload(true);
            //$('#main').load('includes/overview.include.php');
            location.replace(location.href.split('#')[0]);
        }
        else{
            alert('Error');
        }
    });

PHP:

$itemID = $_POST['itemid'];
$backpackRowID = $_POST['bri'];

$itemCat = $_POST['itemcat'];
$playerID = $_POST['playerid'];

if($itemCat == 'swords'){
    //usun przedmiot z ekwipunku gracza
    $query1 = "
    UPDATE inventory
    SET invSwordID = '0'
    WHERE invPlayerID = '$playerID';
    ";

    if (mysqli_query($db, $query1)) {
        echo "Pomyślnie zdjęto przedmiot z ekwipunku.<br/>";

        //dodaj przedmiot do plecaka gracza
        $query2 = "
        INSERT INTO backpack (backpackItemID, backpackPlayerID) 
        VALUES ('$itemID', '$playerID')
        ";

        if(mysqli_query($db, $query2)){
            echo "Pomyślnie dodano przedmiot do plecaka.";
        }
        else{
            echo "Nie udało się dodać przedmiotu do placaka.<br/>";
            print_r($query2);
        }

    } 
    else {
        echo "Nie udało się zdjąć przedmiotu z ekwipunku.";
    }
}

Thank you for the replies.

houy
  • 11
  • 1
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Apr 28 '22 at 22:27
  • 1
    Is the JavaScript code inside an event handler? You shouldn't add event handlers inside other event handlers, because every time the first event occurs you duplicate the handler for the second event. So when you click on the unequip button, the handler runs multiple times. – Barmar Apr 28 '22 at 22:50
  • Use event delegation to define the click handler just once for all unequip buttons, not inside the first handler. – Barmar Apr 28 '22 at 22:52
  • Okay, then how can I solve the problem of catching each button with a unique identifier? Below I am sending you practically the full function of js. – houy Apr 29 '22 at 06:27
  • https://pastebin.com/x6QQTpHL – houy Apr 29 '22 at 06:27

0 Answers0