[英]This mysql_query just work some times
I don't know why but this mysql_query is just working some times. 我不知道为什么,但是这个mysql_query只是工作了一段时间。 i don't know why becasue everything is working fine this one here:
我不知道为什么因为这里的一切都工作正常:
mysql_query("UPDATE users SET `profit`=profit+$profit, `won`=won+$jackpotcost, `gameswon`=gameswon+1, `games`=games+1 WHERE `steamid`='$winnerid'") or die(mysql_error());
But this one does not work: 但这不起作用:
while($row = mysql_fetch_array($rs))
{
if($row["userid"] == $winnerid)
{
$time=time();
$time=$time+10;
mysql_query("UPDATE users SET `profit`=profit+$profit, `won`=won+$jackpotcost, `gameswon`=gameswon+1, `games`=games+1 WHERE `steamid`='$winnerid'") or die(mysql_error());
mysql_query("INSERT INTO `messages` (`type`,`app`,`userid`,`title`,`msg`,`time`,`active`,`delay`) VALUES ('success','0','$winnerid','Congratulations!','You won $$jackpotcost in Game #$cg with a $wonpercent% chance!','10',1,$time)");
}
else
{
$loserid = $row["userid"];
$rs = mysql_query("SELECT * FROM ".$p2t."game".$cg." WHERE `userid`=".$loserid."");
$losercost=0;
while($lrow = mysql_fetch_array($rs))
{
$losercost+=$lrow['value'];
}
$time=time();
$time=$time+10;
mysql_query("UPDATE users SET `profit`=profit-$losercost, `games`=games+1 WHERE `steamid`='$loserid'") or die(mysql_error());
mysql_query("INSERT INTO `messages` (`type`,`app`,`userid`,`title`,`msg`,`time`,`active`,`delay`) VALUES ('error','0','$loserid','GL Next Game!','$winnername won $$jackpotcost in Game #$cg with a $wonpercent% chance!','10',1,$time)");
}
}
If someone can help me and explain what is wrong with it 如果有人可以帮助我并解释问题所在
You're overwriting the $rs
variable on the inner loop. 您正在覆盖内部循环上的
$rs
变量。 Change the name and it should be fine. 更改名称,应该没问题。
If it is working sometimes, I suspect that you are not using mysql_real_escape_string($variable)
. 如果有时可以正常工作,我怀疑您没有使用
mysql_real_escape_string($variable)
。
You'll want to do: 您需要执行以下操作:
$variable = ""; // content goes here
// then for readying the input
mysql_real_escape($variable);
$query = ""; // your query goes here.
mysql_query($query);
mysql_real_escape_string()
Is going to escape quotes that are entered into the variable or user input. mysql_real_escape_string()
将转义输入变量或用户输入中的引号。 It will ready your varable/input for queries. 它将为您的变量/输入做好查询准备。
NOTE: You might want to move to MySQLi
(AKA: MySQL improved
) or move to PDO. 注意:您可能想移至
MySQLi
(又称: MySQL improved
)或移至PDO。 It will improve your code majorly with security issues. 它将主要在安全性方面改善代码。
Hoped this helped. 希望这会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.