problems with script

Posted on 16th Feb 2014 by admin

I made a small script wich exchanges points in my website:


<?php
session_start();
include_once"config.php";
$username = $_SESSION['username'];
if(isset($_POST['exchange'])){
$spoints = $_POST['spoints'];

switch ($spoints)
{
case 200:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output = "You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+1 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-200 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 1 more referral.";
}
break;
case 400:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output = "You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+2 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-400 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 2 more referrals.";
}
break;
case 600:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+3 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-600 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 3 more referrals.";
}
break;
case 800:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+4 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-800 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 4 more referrals.";
}
break;
case 1000:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+5 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-1000 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 5 more referrals.";
}
break;
case 1200:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+6 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-1200 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 6 more referrals.";
}
break;
case 1400:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+7 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-1400 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 7 more referrals.";
}
break;
case 1600:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+8 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-1600 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 8 more referrals.";
}
break;
case 1800:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+9 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-1800 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 9 more referrals.";
}
break;
case 2000:
$check_if_have_points = mysql_query("SELECT points FROM members WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($check_if_have_points);
if($row['points']< 200){
$error_output="You do not have enough points"; }
else {
$updateuserofferstatus = mysql_query("UPDATE `members` SET `offer_status` = offer_status+10 WHERE `username`= '$username'") or die(mysql_error());
$updateuserpoints = mysql_query("UPDATE members SET points=points-2000 WHERE username='$username'");
$error_output = "Congratulations ".$username.". You now have 10 more referrals.";
}
break;
}
}

?>
<div style="width:60%;vertical-align:top;text-align:left;overflow:visible;" id="exchange">
<form action="" method="post">
<fieldset style="border:none;">
<p>
<label for="username" style="font-weight:normal;width:11%;float:left;display:block;">Points:</label>
<input type="text" name="spoints" class="item" value="" />
<span class="style27">(how many points to exchange)</span></p>
<p><input type="submit" name="exchange" value="Exchange" id="exchange" style="float:left;border:1px solid #999;background:#E4E4E4;margin-top:5px;" /></p>
</fieldset>
</form>

<font color="red"><?php echo $error_output?></font></div>

It works great ... but the problem is after I enter the points and they are exchanged, if i refresh the page they get exchanged again. How can I resolv this. I tried addind some meta refresh but it doesn't resolve the problem

Other forums