Pages: [1]

Author Topic: How to add points elsewhere?  (Read 2351 times)

Offline chadk

How to add points elsewhere?
« on: September 30, 2006, 09:10:13 am »
What is the function called to add points?  I'd like to place point accumulators elsewhere on the site for other things like web links, giving karma, calendar events and whatever else I cank think of.
Logged

Offline Daniel15

Re: How to add points elsewhere?
« Reply #1 on: September 30, 2006, 03:10:19 pm »
There's no function to add points, it's an SQL query. The query
Code: [Select]
UPDATE {$db_prefix}members SET money = money + 10 WHERE ID_MEMBER = {$ID_MEMBER}Will add 10 credits to the current member.

If you want to add credits to someone in a script, use something like:
Code: [Select]
$result = db_query("UPDATE {$db_prefix}members
                       SET money = money + 10
                       WHERE ID_MEMBER = {$ID_MEMBER}",
                    __FILE__, __LINE__);
In a SMF source file, where ever you want.

If you're making your own script, do something like:
Code: [Select]
<?php
require "SSI.php";

$result db_query("UPDATE {$db_prefix}members
                       SET money = money + 10
                       WHERE ID_MEMBER = {$ID_MEMBER}",
                    __FILE____LINE__);
?>
Logged

Offline chadk

Re: How to add points elsewhere?
« Reply #2 on: October 14, 2006, 12:18:42 am »
Dan, I'm wondering why you use {$db_prefix} instead of .$db_prefix. like this:
Code: [Select]
      $sql = "INSERT INTO " . $db_prefix . "sbox_content (ID_MEMBER, content, time) VALUES ('" . $context['user']['id'] . "', '" . $content . "', '$date')";
      db_query($sql, __FILE__, __LINE__);
From the Shoutbox.  Should I be concerned with that type of code being vulnerable to sql injection?  He does slashes before he runs the sql but I'm not sure which method is proper?
Logged

Offline Daniel15

Re: How to add points elsewhere?
« Reply #3 on: October 14, 2006, 09:19:08 am »
Quote
Dan, I'm wondering why you use {$db_prefix} instead of .$db_prefix. like this:
It's the exact same thing... And since you're not taking any user input, it's not vulnerable to SQL injection. The code:

$result db_query("UPDATE {$db_prefix}members
                       SET money = money + 10
                       WHERE ID_MEMBER = {$ID_MEMBER}",
                    __FILE____LINE__);


Is equivelant to:

$result db_query("UPDATE ".$db_prefix."members
                       SET money = money + 10
                       WHERE ID_MEMBER = ".$ID_MEMBER,
                    __FILE____LINE__);


Logged
Pages: [1]