OK, I think this is working in stopping them from buying anything from shops they don't belong too.
$query = $db->execute("select `id`, `name`, `price`, `Item_Image` from `blueprint_items` inner join Shops on Shops.Shop_ID = blueprint_items.BP_Shop_ID where Shops.Shop_City_ID = $player->City_ID and `id`=?", array($_GET['id']));
But it still allows users to manually type in the URL shops, and view all the items.
I should be able to use this query to stop that right?
Currently I have this to display the items, so I know I need to change the query $getstuff.
I've been playing around with trying to use a query similar to what we used in the 'buy' area, but so far everything I try results in it displaying no items for the shops.
if ($_GET['act'] == go)
{
$shopid = $_GET['id'];
$getstuff = $db->execute("SELECT * FROM blueprint_items Where $shopid = BP_Shop_ID");
while ($item = $getstuff->fetchrow())
echo "<fieldset>\n";
echo "<legend><b>" . $item['name'] . "</b></legend>\n";
echo "<table width=\"100%\">\n";
echo "<tr><td width=\"17%\"><image src='$item[Item_Image]' alt='item' /></td>\n";
echo "<td width=\"59%\">";
echo $item['description'] . "\n<br /><br />";
echo "<b>Effectiveness:</b> " . $item['effectiveness'] . "\n";
echo "</td><td width=\"24%\">";
echo "<b>Price:</b> " . $item['price'] . "<br />";
echo "<a href=\"shop3.php?act=buy&id=" . $item['id'] . "\">Buy</a><br />";
echo "</td></tr>\n";
echo "</table>";
echo "</fieldset>\n<br />";
}
