I'm gonna launch a website like THIS, and I've been searching for a script for it since I don't know too much PHP myself. I found some guy posting this script on another forum for another one searching the same type of script: "First, set up a table in your mysql database" <?php mysql_connect("localhost", "root", "password"); mysql_select_db("database1"); mysql_query("CREATE TABLE eat_users(id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), username VARCHAR(30), hits INT(5))"); ?> Code (markup): "then the brain.php.." <?php mysql_connect("localhost", "root", "password"); mysql_select_db("database1"); if(isset($_GET[user])){ $result = mysql_query("SELECT * FROM eat_users WHERE username='$_GET[user]'"); $data = mysql_fetch_array($result); $totalhits = $data[hits]++; mysql_query("UPDATE eat_users SET hits='$totalhits' WHERE username='$_GET[user]'"); echo "$_GET[user] has" . $totalhits . " hits"; }elseif($_GET[action] == "newuser" && isset($_GET[username])){ mysql_query("INSERT INTO eat_users (username, hits) VALUES ('$_GET[username]', '0')"); echo "Your URL: brain.php?user=" . $_GET[username]; } ?> Get your own! <form method="GET" action="brain.php?action=newuser"><input type="text" value="your name" name="username"><input type="submit" value="Create!"></form> Code (markup): THE PROBLEM is that the hits in the database will not be saved. Please help me with this one! Thanks
$_GET[username] and $_GET[user] >> what's the difference? .. and, instead of using these variables over and over .. just create a new variable and assign the values of them to the new variable ..
username is for user creation, the other is for thieving. I gotta say, that code is generally pretty bad ($_GET[user] instead of $_GET['user'], not just making a +1 update, not using LIMIT 1, SQL injections, XSS, not checking if a user already exists before inserting). I'm sure there are better alternatives out there. anyway, try this here: I didn't test it, I just cleaned up the code a bit <?php mysql_connect("localhost", "root", "password"); mysql_select_db("database1"); if(isset($_GET['user'])){ $result = mysql_query("SELECT * FROM eat_users WHERE username='".mysql_real_escape_string($_GET['user'])."' LIMIT 1"); $data = mysql_fetch_array($result); $totalhits = $data['hits'] + 1; mysql_query("UPDATE eat_users SET hits= hits + 1 WHERE username='".mysql_real_escape_string($_GET['user'])."' LIMIT 1"); echo htmlspecialchars($_GET['user'])." has" . $totalhits . " hits"; }elseif($_GET['action'] == "newuser" && isset($_GET['user'])){ if(!mysql_fetch_array(mysql_query("SELECT 1 FROM eat_users WHERE username='".mysql_real_escape_string($_GET['user'])."' LIMIT 1"))) mysql_query("INSERT INTO eat_users (username, hits) VALUES ('".mysql_real_escape_string($_GET['user'])."', '0')"); echo "Your URL: brain.php?user=" .htmlspecialchars( $_GET['user']); } ?> Get your own! <form method="GET" action="brain.php?action=newuser"><input type="text" value="your name" name="user"><input type="submit" value="Create!"></form> Code (markup):
first of all you confirm an exact $_GET data whether it is user or username.. if it is user then $_GET['user'] else $_GET['username'] tell me if you still have problem.
Problem is here: mysql_query("SELECT * FROM eat_users WHERE username='$_GET[user]'"); PHP: You can either use mysql_query("SELECT * FROM eat_users WHERE username='{$_GET[user]}'"); PHP: or better one: mysql_query("SELECT * FROM eat_users WHERE username='".mysql_real_escape_string($_GET[user])."'"); PHP:
Yeah. I did fix that in my version, I figured it was that. But anyway yeah, don't use the original code. Use my version if anything, but I still wouldn't. I just made it functional and less buggy and exploitable, the script itself is still bad
@Kyosys Yeah but I think I have too, because I can't find any other scripts and I don't know how to code PHP myself.