ddg2sailor wrote:
Hi People
My real problem is that I dont know code. I can sort of edit it in a sloppy
more or less works fashion. Any help would be great.
This is the code Im having problems with:
//Example//
$id = 0 + $_GET["id"];
$md5 = $_GET["secret"];
$gig = 1;
$giveupload = $gig*1024*1024*1024;
$res = mysql_query("SELECT passhash, editsecret, status FROM users WHERE id
= $id");
$row = mysql_fetch_array($res);
$res = mysql_query("SELECT passhash, editsecret, status FROM users WHERE id
= $id");
$row = mysql_fetch_array($res);
I hope this is a copy/paste error or are you running the same thing twice?
mysql_query("UPDATE users SET status='confirmed', uploaded = $giveupload ");
This updates *every* user to have a confirmed status. Probably not what
you want.
Add a
WHERE id='X';
clause
//send pm to new user
{
$msg = sqlesc("Hello and welcome to Cyber Drive In you have been
given a 1gb head start to help your ratio. .we are a strict but fair site
and our warning are based on the torrent ratio not the global just because
you have a good ratio dont mean you can hit and run if you do hit and run
your downloads maybe disabled even if your global ratio is fine..so enjoy
our free 1gb gift rules are seed what you take or for 72 hours..plz read the
rules and facts now you have joined our friendly community");
$added = sqlesc(get_date_time());
$subject = sqlesc("Welcome to Cyber Drive In");
mysql_query("INSERT INTO messages (sender, receiver, subject, msg,
added) VALUES (0, $id, $subject, $msg, $added)");
What is the sqlesc function?
You need quotes around your values:
$sql = "insert into table(f1, f2, f3) values ('" .
mysql_real_escape_string($value_1) . "', '" .
mysql_real_escape_string($value_2) . "')";
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php