[Req] Send Credits To another account
- Thread starter kontris21
- Start date
May not work, I wrote it here and has not been tested but I do not see a reason why it should not 
. SQL injection is not possible since we compare the given string with an array and do not execute query directly so no additional filters are necessary. Probably not the best solution but good for MuOnline.
. SQL injection is not possible since we compare the given string with an array and do not execute query directly so no additional filters are necessary. Probably not the best solution but good for MuOnline.
HTML:
<form method="post">
<input type= " text" name="character">
<input type= " number" name="credits">
<input type= " submit" value="send">
</form>
PHP:
<?php
function check_char($char){
$array = array()
$all_chars = mssql_query("Select * from Character");
while($result = mssql_fetch_array($all_chars)){
$array[] = $result['Name'];
}
if(in_array($char, $array)){
$check_acc = mssql_fetch_array(mssql_query("Select * from Character where Name='".$char."'"));
return($check_acc['AccountID']);
}
else{
return false;
}
}
if (isset($_POST['credits']) && isset($_POST['character']) ){
$credits = int($_POST['credits']);
$my_credits = mssql_fetch_array(mssql_query("Select * from memb_credits where memb___id = '".$_SESSION['mysession']."'"));
if($my_credits['credits'] > 0 && $mycredits['credits'] >= $credits && $credits > 0 && check_char($_POST['character']) && check_char($_POST['character']) !=$_SESSION['mysession'] ){
mssql_query("Update Memb_Credits set credits = credits + $credits where memb___id='".check_char($_POST['character'])."'");
mssql_query("Update Memb_Credits set credits = credits - $credits where memb___id='".$_SESSION['mysession'].."'");
echo"Well done ";
}
else{
echo "Fill the fields properly";
}
}
Last edited:
Speedy
Dorin
- Joined
- Mar 12, 2014
- Messages
- 124
- Reaction score
- 44
where is the query to delete the credits from the senders account? im blindMay not work, I wrote it here and has not been tested but I do not see a reason why it should not
HTML:<form method="post"> <input type= " text" name="character"> <input type= " number" name="credits"> <input type= " submit" value="send"> </form>PHP:<?php function check_char($char){ $all_chars = mssql_query("Select * from Character"); while($result = mssql_fetch_array($all_chars)){ $array = array() $array[] = $result['Name']; } if(in_array($char, $array)){ return($result['AccountID']); } else{ return false; } } if (isset($_POST['credits']) && isset($_POST['character']) ){ $credits = int($_POST['credits']); $my_credits = mssql_fetch_array(mssql_query("Select * from memb_credits where memb___id = '".$_SESSION['mysession']."'")); if($my_credits['credits'] > 0 && $mycredits['credits'] <= $credits && $credits > 0 && check_char($_POST['character'])){ mssql_query("Update Memb_Credits set credits = credits + $credits where memb___id='".check_char($_POST['character'])."'"); echo"Well done "; } else{ echo "Fill the fields properly"; } }
)where is the query to delete the credits from the senders account? im blind
[/QUOTE
Good question! I have just added it.
Thanks r00tme, you are the best
I am far far far away from good and will never ever be the best, but thanks anyway.
Regarding this script, just forget about it as it does not do anything. I gave you a working one that just needs to be adjusted for your needs.
