Ok, this is a follow up of a post from about a month ago. I have finally managed to create the perfect login and now im back to the heal_user_hp script. this used to work before.. but i never used it with the session data.
I keep on getting this error :
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ' G = WHERE username = Hitoshi' at line 1 '
Can anyone help?
<?php
session_start();
$user = $_SERVER['PHP_AUTH_USER'];
$page_title = 'PSO Revolution.com';
include ('./header.inc');
require_once ('mysql_connect.php');
$sql = "SELECT * FROM users WHERE username = '$user'";
$res = mysql_query($sql) or die("Please <a href='login.php'>LogIn</a>".mysql_error());
$data = mysql_fetch_array($res) or die("Fetch Error: ".mysql_error());
$query = "UPDATE users SET HP = $hptotal, G = $gtotal WHERE username = $user";
$hp = $data[HP];
$g = $data[G];
$heal = 20;
$cost = 50;
$gtotal = $g - $cost;
$hptotal = $hp + $heal;
if($data['G'] < 50)
{
echo 'You have insufficient Gold to do this.';
exit;
}
$result_up = mysql_query( $query ) or die( mysql_error() );
echo 'HP increased by 20 - At the cost of 50Gold';
mysql_close();
?>
<script language="JavaScript">
<!--
alert( 'RECOVERED 20HP!' );
alert( 'You may now hit <--Back' );
//-->
</script>
<html>
<a href="shop.php"><--Back</a>
</html>
