-2

PHP Warning: Module 'apcu' already loaded in Unknown on line 0 PHP Notice: Undefined variable: main_content in /var/www/html/system/pages/bounty.php on line 5 PHP Notice: Undefined variable: config in /var/www/html/system/pages/bounty.php on line 44 PHP Notice: Trying to access array offset on value of type null in /var/www/html/system/pages/bounty.php on line 44 PHP Notice: Trying to access array offset on value of type null in /var/www/html/system/pages/bounty.php on line 44

     <?php
@mysqli_connect("localhost","newuser","password");
@mysqli_select_db("ots");

$main_content .= '<P ALIGN=CENTER>
    <br>
    <FONT SIZE=5 COLOR=#CFF00C>
        How to use...
    </FONT>
    <br>
    <br>
    <FONT SIZE=2 COLOR=#CFF00C>
    * !hunt [prize],[nick] :
        <FONT SIZE=1 COLOR=#FCC33F>
            Wysyla ogloszenie o huncie dla postaci. Cena w tysiacach.<br>
            Przyklad: !hunt 100,Infinity
        </FONT><br>
    </FONT>
</P>
<br>
<br>
    <center>
        <h1>
            Bounty Hunters
        </h1>
    </center>
        <TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>
            <TR BGCOLOR="#505050">
                <TD CLASS=white width=30%>
                    <center><B>Zlecil</B></center>
                </TD>
                <TD CLASS=white width=30%>
                    <center><B>Nagroda</B></center>
                </TD>
                <TD CLASS=white width=30%>
                    <center><B>Ofiara</B></center>
                </TD>
                <TD CLASS=white width=10%>
                    <center><B>Zabity przez</B></center>
                </TD>
            </TR>';
 $inv = @mysqli_query("SELECT * FROM `bounty_hunters` ORDER BY `added` DESC");
$num = 0;
$color=$config['site']['darkborder'];
while($tab = @mysqli_fetch_array($inv)){
if($num%2 == 0){$color=$config['site']['darkborder'];}else{$color=$config['site']['lightborder'];}
$pid = $tab['fp_id'];
$sid = $tab['sp_id'];
$kid = $tab['k_id'];
$killed = $tab['killed'];
$prize = $tab['prize']*1000;
if($killed == 0){
$kill = '<font color="red">Nobody!</font>';
}else{
$k = @mysqli_query("SELECT * FROM `players` WHERE `id` = ".$kid."");
$k1 = @mysqli_fetch_array($k);
$kill_name = $k1['name'];
$kill = '<a href="index.php?subtopic=characters&name='.$kill_name.'">'.$kill_name.'</a>';
}
$f = @mysqli_query("SELECT * FROM `players` WHERE `id` = ".$pid."");
$f1 = @mysqli_fetch_array($f);
$s = @mysqli_query("SELECT * FROM `players` WHERE `id` = ".$sid."");
$s1 = @mysqli_fetch_array($s);
$fn = $f1['name'];
$sn = $s1['name'];

$main_content .= '
        <TR BGCOLOR="'.$color.'">
            <TD>
                <center>
                    <b>
                        <a href="index.php?subtopic=characters&name='.$fn.'">'.$fn.'</a>
                    </b>
                </center>
            </TD>
            <TD>
                <center>
                    <b>
                        '.$prize.' gp
                    </b>
                </center>
            </TD>
            <TD>
                <center>
                    <b>
                        <a href="index.php?subtopic=characters&name='.$sn.'">'.$sn.'</a>
                    </b>
                </center>
            </TD>
            <TD>
                <center>
                    <b>
                        '.$kill.'
                    </b>
                </center>
            </TD>
        </TR>';
$num++;
}
if($num == 0){
        $main_content.='<TR BGCOLOR="'.$color.'">
            <TD colspan=4>
                <center>
                    Currently there are not any bounty hunter offer.
                </center>
            </TD>
        </TR>';
}
        $main_content .='</TABLE><div align="right"></a>.</div>';
?>
Król Dominik
  • 1
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 11 '21 at 19:55
  • _Side note:_ I'm guessing that this code use to use `mysql_*` and you now have changed it to `mysqli_*`? Either way, you're using `mysqli_*` completely wrong here. Those two extensions work differently, so you can't use mysqli like that. If you stop suppressing errors with `@`, you'll get some useful error messages that can help you fix the problem instead of hiding it. – M. Eriksson Nov 11 '21 at 21:13
  • _"Undefined variable: main_content"_ come from the fact that you're not defining the variable `$main_content` before trying to append data to it. `$main_content = '';` defines it, but you have `$main_content .= '';` (notice the dot) which tries to _append_ a string, which can only be done if the variable was previously defined. – M. Eriksson Nov 11 '21 at 21:18
  • _"Undefined variable: config"_ come from the fact that you're trying to read from that variable (expecting it to be an array) when it doesn't seem to be defined at all. – M. Eriksson Nov 11 '21 at 21:21
  • [Reference - What does this error mean in PHP?](https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) – M. Eriksson Nov 11 '21 at 21:23

1 Answers1

0

The script works fine, but all it does is display nothing in the table.

Król Dominik
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 11 '21 at 23:09