PHP Coding Help For A Text Based Game

CTBD2H · September 23, 2023, 3:41pm

Hi im having trouble making it so when a player attacks another the certain unit with subtract the attacking players units but im stuck ive tried several thing but it just wont go through and I dont know php too well but know even if a comma is missing then things wont work right. here is the code where it updates the players info. any help would be greatly appreciated.

        //Query
        if ($winner_id == $player_id) {
            
            $log_fight       = mysqli_query($mysqli, "INSERT INTO `fights` (playera_id, playerb_id, winner_id, date, time)
VALUES ('$player_id', '$opponent_id', '$winner_id', '$date', '$time')");
            $player_update   = mysqli_query($mysqli, "UPDATE `players` SET money=money+500, gold=gold+2, energy=energy-10, health=health-5, respect=respect+325 WHERE id='$player_id'");
            $opponent_update = mysqli_query($mysqli, "UPDATE `players` SET money=money-250, health=health-10 WHERE id='$opponent_id'");
            
            $content = '' . $rowu['username'] . ' challenged you to fight and you lost the fight. You lost $250.';
            $message = mysqli_query($mysqli, "INSERT INTO `messages` (fromid, toid, date, time, content)
VALUES ('$player_id', '$opponent_id', '$date', '$time', '$content')");
            
            echo '
<div class="alert alert-success">
  <center><strong><i class="fa fa-trophy"></i> You won the fight against this player. <br />Reward: <span class="badge bg-success">$ 500</span> and <span class="badge bg-warning">2 Gold</span></strong></center>
</div>';
        } else {
            
            $log_fight       = mysqli_query($mysqli, "INSERT INTO `fights` (playera_id, playerb_id, winner_id, date, time)
VALUES ('$player_id', '$opponent_id', '$winner_id', '$date', '$time')");
            $player_update   = mysqli_query($mysqli, "UPDATE `players` SET money=money-250, energy=energy-10, health=health-10 WHERE id='$player_id'");
            $opponent_update = mysqli_query($mysqli, "UPDATE `players` SET money=money+500, gold=gold+2, health=health-5, respect=respect+325 WHERE id='$opponent_id'");
            
            $content = '' . $rowu['username'] . ' challenged you to fight and you won the fight. You earned $500 and 2 gold.';
            $message = mysqli_query($mysqli, "INSERT INTO `messages` (fromid, toid, date, time, content)
VALUES ('$player_id', '$opponent_id', '$date', '$time', '$content')");
            
            echo '
<div class="alert alert-danger">
  <center><strong><i class="fa fa-trophy"></i> You lost the fight against this player</strong></center>
</div>';
        }
        
    }
}
?>

CTBD2H · September 23, 2023, 4:03pm

If you need more info i can provide the whole page too if that would make things easier.

phdr · September 23, 2023, 5:16pm

To get php/sql to help you -

Set php’s error_reporting to E_ALL and display_errors to ON, preferably in the php.ini on your development system, so that php will help you by reporting and displaying all the errors it detects.
Use exceptions for database statement errors (this is the default setting now in php8+) and in most cases let php catch and handle the database exceptions, where php will use its error related settings (see item #1 on this list) to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.)

As to the posted code -

You should NOT update values in columns to record the results. You should instead insert a row of data for every transaction that affects a user’s account. This will provide an audit trail so that you can detect if a programming mistake, accidental duplicate submission, or nefarious activity altered a value. To get the current account total(s) at any point in time you would execute a query to SUM() the +/- amounts.
Don’t put external, unknown, dynamic values directly into sql query statements, where sql special characters in a value can break the sql query syntax, which is how sql injection is accomplished. Use prepared queries instead. This would be a good time to switch to the much simpler and more modern PDO database extension.
You should build the sql query statement in a php variable. This will make development and debugging easier, since you can echo the sql query statement and run it directly against your database, using a tool like phpmyadmin. It will also help prevent typo mistakes by separating the sql query syntax from the php syntax. This also lets you see the common code needed for each different type of query, so that you can create functions/class methods to eliminate duplicate logic.
You should use a data-driven design, where you have a data structure (array, database table) that defines the ‘dynamic’ values that the code will use, such as the money, gold, health, and respect values. This will allow you to modify these values at a single point, without needing to go through all the code. It will also allow you to define different amounts for different user levels.
Related to using a data-driven design, Don’t Repeat Yourself (DRY). Most of the logic between the if and the else logic is the same. Only which player (player/opponent) receives/looses the amounts and the wording of the messages.
Don’t create variables that aren’t being used.
Use a single datetime column.
You can put php variables directly into a double-quoted string, simplifying the code.
Any dynamic value you output in a html context should have htmlentities() applied to it to help prevent cross site scripting.
You need to validate the resulting web pages as validator.w3.org This will help with the out of date markup.
The code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document.