I'm trying to use a function to make all my variables for an SQL statement im making in order to reduce code length. Unfortunately, this isn't working at all.
The result I get is that $sql ends up with the value -45. I'm not sure what I'm doing wrong, but I believe there is an issue with the declaration of variables. However, the echo statement that you can see inside the function prints the variables exactly how they are supposed to be printed. Maybe I need to return something?
/*
/ Get Variables
*/
function get($fname,$disp)
{
$NAME = $fname;
$$NAME = $_GET[$NAME];
echo $disp . ' : <font color="00ff00">' . $$NAME . '</font><br>';
}
get("User-ID","User-ID");
get("toon","Name");
get("C_Select","Class");
get("P-Level","P-Level");
get("Sex","Gender");
get("Race","Race");
get("P-Gs","Gearscore");
get("Str-Input","Strength");
get("Int-Input","Intelligence");
get("Con-Input","Constitution");
get("Wis-Input","Wisdom");
get("Dex-Input","Dexterity");
get("Chr-Input","Charisma");
get("HP","Health");
get("AC","Armor Class");
get("Power-S","Power");
get("Def","Defense");
get("Prof-1","Alchemy");
get("Prof-2","Artificing");
get("Prof-3","Jewelcrafting");
get("Prof-4","Leadership");
get("Prof-5","Leatherworking");
get("Prof-6","Medium Armoring");
get("Prof-7","Heavy Armoring");
get("Prof-8","Tailoring");
get("Prof-9","Weaponsmithing");
get("Crit","Critical Strike Rating");
get("Recov","Recovery");
get("AP","Armor Penetration");
get("Regen","Regeneration");
get("HS","Life Steal");
get("Defl","Deflection");
get("Move","Movement");
$sql = 'INSERT INTO def_nwgr_chars (user_id,name,race,level,sex,str,con,dex,int,wis,char,hit_points,ac,power,defense,crit,recovery,ap,regen,life_steal,deflection,movement,alchemy,artificing,jewelcrafting,leadership,leatherworking,mailsmithing,platesmithing,tailoring,weaponsmithing) VALUES (' . $User-ID . ',' . $toon . ',' . $Race . ',' . $P-Level . ',' . $Sex . ',' . $Str-Input . ',' . $Con-Input . ',' . $Dex-Input . ',' . $Int-Input . ',' . $Wis-Input . ',' . $Chr-Input . ',' . $HP . ',' . $AC . ',' . $Power-S . ',' . $Def . ',' . $Crit . ',' . $Recov . ',' . $AP . ',' . $Regen . ',' . $HS . ',' . $Defl . ',' . $Move . ',' . $Prof-1 . ',' . $Prof-2 . ',' . $Prof-3 . ',' . $Prof-4 . ',' . $Prof-5 . ',' . $Prof-6 . ',' . $Prof-7 . ',' . $Prof-8 . ',' . $Prof-9 . ');';
From what I gather, there are a few issues:
First of all, the variables that you make with $$NAME are only in scope for the length of the function, so you cannot reference them outside of it without somehow returning them.
Second, you are trying to use variable names with operators in them. Namely, the "-" sign. This (to my best knowledge) is invalid.
Third, you should not be putting variables directly into your SQL without in some way ensuring that someone cannot arbitrarily insert data into them.
Lastly, do not use $$ whenever possible. It is very hard to debug, and can cause some sneaky errors and programming mistakes.