Guest User

Untitled

a guest
Jan 13th, 2012
167
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3.  
  4. include('mysql.php');
  5. include('functions.php');
  6.  
  7. if ($_POST['winner'] == $_POST['first'])
  8. {
  9.     $looserId = $_POST['second'];
  10.     $winnerId = $_POST['first'];
  11. }
  12. else
  13. {
  14.     $looserId = $_POST['first'];
  15.     $winnerId = $_POST['second'];
  16. }
  17.  
  18.     // POST the winner
  19.     // Так делать не стоит, есть потенциальная SQL INJECTION.
  20.     $result = mysql_query("SELECT * FROM images WHERE image_id = ".$winnerId." ");
  21.     $winner = mysql_fetch_object($result);
  22.  
  23.  
  24.     // POST the looser
  25.     // Опятьже SQL INJECTION. Все полседующие запросы в базу также не безопастны.
  26.     $result = mysql_query("SELECT * FROM images WHERE image_id = ".$looserId." ");
  27.     $looser = mysql_fetch_object($result);
  28.  
  29.  
  30.     // Update the winner score
  31.     $winner_expected = expected($looser->score, $winner->score);
  32.     $winner_new_score = win($winner->score, $winner_expected);
  33.         //test print "Winner: ".$winner->score." - ".$winner_new_score." - ".$winner_expected."<br>";
  34.     mysql_query("UPDATE images SET score = ".$winner_new_score.", wins = wins+1 WHERE image_id = ".$winnerId);
  35.  
  36.  
  37.     // Update the looser score
  38.     $looser_expected = expected($winner->score, $looser->score);
  39.     $looser_new_score = loss($looser->score, $looser_expected);
  40.         //test print "looser: ".$looser->score." - ".$looser_new_score." - ".$looser_expected."<br>";
  41.     mysql_query("UPDATE images SET score = ".$looser_new_score.", losses = losses+1  WHERE image_id = ".$looserId);
  42.  
  43.  
  44.     // Insert battle
  45.     mysql_query("INSERT INTO battles SET winner = ".$winnerId.", looser = ".$looserId." ");
  46.  
  47.  
  48.     // Back to the frontpage
  49.     header('location: /');
  50.  
  51.  
  52. ?>
RAW Paste Data