PHP Help greatfully appreciated :) (challenging)

Hi guys. Ill cut right to the chase, i trying to develop a simple text based war game in php, for a college project. and i doing good, right up until implementation. Ive got my database set up, and parts of it working, like registration and login, and parts of the code i am going to post work too.

<?
// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';
// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';

$user_id=$_SESSION['user_id'];

$tresult= mysql_query("SELECT * FROM user_training
WHERE user_id = $user_id");

$result = mysql_query("SELECT * FROM users
WHERE user_id = $user_id");
echo '<table width="95%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="center"><b>Rank</b></td>
<td align="center"><b>Username</b></td>
<td align="center"><b>Gold</b></td>
<td align="center"><b>Attack</b></td>
<td align="center"><b>Defence</b></td>
<td align="center"><b>Turns</b></td>
</tr>';
while ($member = mysql_query($result))
{
echo '<tr>
<td align="center">'.$member['user_rank'].'</td>
<td align="center">'.$member['username'].'</td>
<td align="center">'.$member['user_gold'].'</td>
<td align="center">'.$member['user_attack_rating'].'</td>
<td align="center">'.$member['user_defence_rating'].'</td>
<td align="center">'.$member['user_turns'].'</td>
</tr>';
}
echo '</table>';
echo '<table width="90%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left"><b>Unit Production</b></td>
<td align="left"><b>Next Level</b></td>
<td align="left"><b>Cost</b></td>
</tr>';
while ($tmember = mysql_query($tresult))
{
echo '<tr>
<td align="left">'.$tmember['unit_production'].'</td>
<td align="left">'.$tmember['next_lvl'].'</td>
<td align="left">'.$tmember['production_cost'].'</td>

</tr>';
}
echo '</table>';
?>

This is the users home page. once they log in, this should display their stats, taken from the user table and training table. The training table holds the user id, unit production level, the next level of produciton and its cost (think koc lol). It is supposed to reference the users training details via the user_id and display them, along with attack ratings etc. It dont. Can someone please have a look at it please?

<?
// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';
// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';

$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$target_userid = (isset($HTTP_GET_VARS['uid'])) ? intval($HTTP_GET_VARS['uid']) : redirect('index.php?mode=members');

// Do not allow the user to attack him/her self
if ($target_userid == $_SESSION['user_id'])
{
echo 'You cannot attack yourself';
timed_redirect('index.php?mode=attack&amp;set=no', 2);
die;
}

if ($set == 'no')
{
echo 'Maximum ammount: <b>15</b><form action="index.php?mode=attack&amp;uid='.$target_userid.'" method="POST">
Turns: <input type="text" name="turns" size="10" />
<input type="submit" value="Attack" />';
} else {
$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';
if ($user['user_turns'] >= $user_turns)
{
if ($user_turns > 0 && $user_turns <= 15)
{
$target = mysql_query("SELECT * FROM users
WHERE user_id = '".$target_userid."'");
$user = mysql_query("SELECT * FROM users
WHERE user_id = '".$_SESSION['user_id']."'");
$user = mysql_fetch_array($user);
$target = mysql_fetch_array($target);

if ($user['user_attack_rating'] > $target['user_defence_rating'])
{

$spoils = round(((4.3 * $target['user_gold']) * $user_turns));
$target_gold = $target['user_gold'] - ($spoils);

$user_gold = $user['user_gold']+$spoils;

$user_result = mysql_query("UPDATE users
SET user_gold = '".$user_gold."'
WHERE user_id = '".$_SESSION['user_id']."'");
$target_result = mysql_query("UPDATE users
SET user_gold = '".$target_gold."'
WHERE user_id = '".$target_userid."'");
$victory = true;
$outcome = 'Victory';
} else {
$victory = false;
$outcome = 'Defeat';
}
echo ($victory == true) ? 'Your troops demolish '.$target.'\'s army, victory is yours' : $target.' beats back your troops in a humilliating defeat';
echo '<br>You have gained:<br><b>'.$spoils.' Gold</b><br><b></b>';
$result = mysql_query("INSERT INTO `attack_log` VALUES ('".$_SESSION['user_id']."', '".$target."', '".$user['user_attack_rating']."', '".$target['user_def_rating']."', '".$outcome."', '".$spoils."')");
if ($result)
{
echo 'Attack Log Updated!';
timed_redirect('index.php?mode=main', 1);
} else {
echo 'Maximum ammount of turns: 15';
timed_redirect('index.php?mode=attack&amp;uid='.$target_userid, 2);
}
}
}else{
echo 'You do not have '.$user_turns;
}
}
?>

This is the attack screen. It displays a list of the members and uses their names as a link to attack them. The user enters number of attack turns and attacks them, the result is to be stored in an attack log table. Nothing works.

<?
// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';
// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';
$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$result = mysql_query("SELECT * FROM armoury
ORDER BY weapon_type ASC");
echo '<table width="95%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="center"><b>Weapon</b></td>
<td align="center"><b>Type</b></td>
<td align="center"><b>Cost</b></td>
<td align="center"><b>Strength</b></td>
</tr>';
while ($armoury = mysql_fetch_array($result))
{
echo '<tr>
<td align="center">'.$armoury['weapon_name'].'</td>
<td align="center">'.$armoury['weapon_type'].'</td>
<td align="center">'.$armoury['weapon_cost'].'</td>
<td align="center">'.$armoury['weapon_strength'].'</td>
<td align="center">quantity: <input type="text" name="quantity" size="4" /><input type="submit" value="Buy" /></td>
</tr>';



}
$quantity = (isset($HTTP_POST_VARS['quantity'])) ? intval($HTTP_POST_VARS['quantity']) : '';
$user = mysql_query("SELECT * FROM users
WHERE user_id = '".$_SESSION['user_id']."'");
$user = mysql_fetch_array($user);
If( $quantity > 0)
{
$cost=($armoury['weapon_cost']*$armoury['quantity']);
if ($user['user_gold'] >= $cost)
{
$purchase = mysql_query("INSERT INTO `users` VALUES ('".$user_id."', '')");
if ($purchase)
{
if ($weapon_type=='attack')
{
$user_attack_rating= mysql_query("UPDATE users
SET user_attack_rating =$user_attack_rating+$weapon_strength*$quantity*$user_army_size;
WHERE user_id = '".$_SESSION['user_id']."'");
} else {
$user_defence_rating= mysql_query("UPDATE users
SET user_defence_rating =$user_defence_rating+$weapon_strength*$quantity*$user_army_size;
WHERE user_id = '".$_SESSION['user_id']."'");
}
$user_gold= mysql_query("UPDATE users
SET $user_gold=$user_gold-$cost;
WHERE user_id = '".$_SESSION['user_id']."'");
}
echo 'Purchase Successful!';
timed_redirect('index.php?mode=main', 1);
}else {
echo 'Not Enough Gold';
}
}


This is the armoury screen. it displays details of weapons stored in the armoury table, with input boxes next to them to enter the quantity you wish to buy. It does this but it dosent let you do anything else. Once the purchase has been made, the user_armoury table will store the details of the weapons along with the user_id to reference it in future, aswell as updating the user gold and user_attack/defence_ratings. Dont work.

I understand what i am asking is a lot. Please dont think me some lazy noob trying to get the work done for me. I have tried at this. I have fully designed the game, including algorithms. I just cant put it into php, i just not good enough. I will be eternally greatful if any of you could please find the time to help.

edit::
this aint a homework assignment either, its a project, and any help you give should be legit, it not like i claiming any help given as my own, a lot of the code up there was given to me by a friend, which i have tweaked and used parts to make other scripts. i noticed a thread about this sorta thing, i just want to e-itterate its a college project not homework, its legit as all persons who help me will be acknowledged in the project documentation. And it is only the coding part i have had help in lol, ive done all analysis, design myself. Sorry to go on there, just wanted to make that totally clear incase anyone thought i was trying it on.

First, make sure you have a call to session_start() at the top of every page that uses the $_SESSION array, before anything is sent to the browser. If that doesn't fix it, let's take it one non-working page at a time. And please be a little more specific about your problem than just saying it's not doing what it's supposed to. Tell us what is working, if what isn't working is displaying incorrect info, no info, an error message, etc.

First, your my_sql query isn't being very particular.
Try checking out the docs (http://us3.php.net/mysql_query) on that. You should be escaping that user_id param and stuff to make sure everything is cool with the format.

Second, I've never seen results of a query looped through like that.
Maybe you should try something more like the one I linked to above using mysql_fetch_assoc.

Third, you didn't post what happens or what is supposed to happen, so I can't really begin to troubleshoot...
Post more details about errors and stuff so we have a place to start.

Sorry guys, ok the home page. it is to display the users stats frm the user table, along with their stats from the training table, using the user_id field to reference them. it displays nothing. no errors, just displays the headings with no data.

attack page. you arew given a list of the members and you click on the name of the one you wish to attack. you will then enter the number of attack turns you wish to use (part of user table). if you hae enough then it will compare the users attack rating with the target defence rating and if it is greater the result=victory and some gold it taken. if not result =defeat.
if victory then the users gold will be updated with the spoils. regardless of the outcome, the attackers, target, attack action, defence aciton, gold taken and result will be stored in the attack log table.

i can display a list of members, click on them to enter attack turns, but after that nothing happens. nothing what so ever. no error, it just stays blank.

armoury. this reads in data from the armoury table, which works. next there is an input box where the user is to enter the quantity of the weapon they wish to buy. if their gold >=quantity*weapon cost then it is purchased and added to the user armoury table along with the user id for future reference.
then if the weapon type is attack, the users attack rating=user attack rating+weaponstrength*quantity, else if it is defence, the defence rating=defence rating+weapon strength*quantity. when i click the buy button nothing happens. again no errors. just poor logic.

Okay, let's fix one at a time.

We'll start with the home page.

it is to display the users stats frm the user table, along with their stats from the training table, using the user_id field to reference them. it displays nothing. no errors, just displays the headings with no data.

We've got a little code posted on this. I want to see how far it gets. So, stick some output in there and let's see what we get and then we'll go from there. I also changed the loop to use the proper structure (mysql_fetch_assoc).

So change the code you posted to this and let me know what you get.
I'm going to assume this is partial code, since I don't see html tags title, head, and body in there.


<?
echo 'debug: Begin<br>';

// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';

echo 'debug: blank is defined<br>';

// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';

$user_id=$_SESSION['user_id'];

echo 'debug: User ID is ' . $user_id . '<br>';

$tresult= mysql_query("SELECT * FROM user_training
WHERE user_id = $user_id");

$result = mysql_query("SELECT * FROM users
WHERE user_id = $user_id");
echo '<table width="95%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="center"><b>Rank</b></td>
<td align="center"><b>Username</b></td>
<td align="center"><b>Gold</b></td>
<td align="center"><b>Attack</b></td>
<td align="center"><b>Defence</b></td>
<td align="center"><b>Turns</b></td>
</tr>';
while ($member = mysql_fetch_assoc($result))
{
echo '<tr>
<td align="center">'.$member['user_rank'].'</td>
<td align="center">'.$member['username'].'</td>
<td align="center">'.$member['user_gold'].'</td>
<td align="center">'.$member['user_attack_rating'].'</td>
<td align="center">'.$member['user_defence_rating'].'</td>
<td align="center">'.$member['user_turns'].'</td>
</tr>';
}
echo '</table>';
echo '<table width="90%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left"><b>Unit Production</b></td>
<td align="left"><b>Next Level</b></td>
<td align="left"><b>Cost</b></td>
</tr>';
while ($tmember = mysql_fetch_assoc($tresult))
{
echo '<tr>
<td align="left">'.$tmember['unit_production'].'</td>
<td align="left">'.$tmember['next_lvl'].'</td>
<td align="left">'.$tmember['production_cost'].'</td>

</tr>';
}
echo '</table>';
?>

right that worked great mate, cheers. it isnt displaying certain training aspects, but that must be a fualt on my part in my table set up, i should be able to fix that.

Okay, do you still need more help with the other screens?
I didn't see any forms or clickable widgets...if you need help with another piece, post the code for that one piece and tell us what should happen and what actually happens and we'll tackle the next part.

Right this is the attack script.

What happens if a list of the registered users will be displayed. You then click their name, where you will go to a screen to enter the number of attack turns you wish to use (these are stored in user_table).

Ok i could get as far as entering the turns, once i did nothing would happen afterwards, some logic error.

I tweaked some parts and ive got a parse error now, i cannot put my finger on where it is at.

<?
// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';
// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';

$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$target_userid = (isset($HTTP_GET_VARS['uid'])) ? intval($HTTP_GET_VARS['uid']) : redirect('index.php?mode=members');

// Do not allow the user to attack him/her self
if ($target_userid == $_SESSION['user_id'])
{
echo 'You cannot attack yourself';
timed_redirect('index.php?mode=attack&amp;set=no', 2);
die;
}

if ($set == 'no')
{
echo 'Maximum ammount: <b>15</b><form action="index.php?mode=attack&amp;uid='.$target_userid.'" method="POST">
Turns: <input type="text" name="turns" size="10" />
<input type="submit" value="Attack" />';
} else {
$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';
if ($user['user_turns'] >= $attack_turns)
{
if ($attack_turns > 0 && $attack_turns <= 15)
{
$target = mysql_query("SELECT * FROM users
WHERE user_id = '".$target_userid."'");
$user = mysql_query("SELECT * FROM users
WHERE user_id = '".$_SESSION['user_id']."'");
$user = mysql_fetch_array($user);
$target = mysql_fetch_array($target);
if ($user['user_attack_rating'] > $target['user_defence_rating'])
{
$spoils = round(((4.3 * $target['user_gold']) * $user_turns));
$target_gold = $target['user_gold'] - ($spoils);
$user_gold = $user['user_gold']+$spoils;
$user_result = mysql_query("UPDATE users
SET user_gold = '".$user_gold."'
WHERE user_id = '".$_SESSION['user_id']."'");
$target_result = mysql_query("UPDATE users
SET user_gold = '".$target_gold."'
WHERE user_id = '".$target_userid."'");
$victory = true;
$outcome = 'Victory';
echo 'Your troops demolish '.$target.' s army, victory is yours' ;
echo '<br>You have gained:<br><b>'.$spoils.' Gold</b><br><b></b>';
} else {
$victory = false;
$outcome = 'Defeat';
echo '.$target.'' s army beats back your army in a humiliating defeat!' ;
}
$result = mysql_query("INSERT INTO `attack_log` VALUES ('".$_SESSION['user_id']."', '".$target."', '".$user['user_attack_rating']."', '".$target['user_def_rating']."', '".$outcome."', '".$spoils."')");
if ($result)
{
echo 'Attack Log Updated!';
if($user_result&&$target_result)
{
echo'Stats updated';
timed_redirect('index.php?mode=main', 1);
} else {
echo 'Maximum ammount of turns: 15';
timed_redirect('index.php?mode=attack&amp;uid='.$target_userid, 2);
}
}else{
echo 'You do not have '.$user_turns';
}
}

?>

if working properly what should happen-

if user has enough turns
{
if turns>0
{
if user_attack_rating > target_defence_rating
{
victory=true
user_gold=user_gold+4.3% of tatget_gold*number of turns used}}
}else{
victory=false
}
insert into attack_log (attacker (this is the user), target, attack_action, defence_aciton, result, gold taken).

that is what i hoped would happen. If you could first help identify exactly where the parse error is, we could move on to the rest of it. As i say, once you entered the number of turns and clicked "attack" nothing happened what so ever.

If you get a parse error, you should post it here. It helps.

Whete is "set" coming from? It seems to be a GET var, yet this screen was POST. You supply it a default of '', then check it for "no". Was that intended?

Where is the </form> that is required for each <form>?

Where does this control get a value?
<input type="text" name="turns" size="10" />

Where is $user defined for:
$user['user_turns']
(I see it used before it is assigned a value)

For all your logic, do an echo that outputs the value of the thing you're checking to help debug.

Ok i managed to sort the parse error and apparently fix the attack log script, but i had forgot to deduct user_turns. now i am getting a new Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/project6/public_html/actions/attack.php on line 46

here is the updated code for attack.


<?
// if "" (blank) isn't defined, do not let them see page (DIE)
(!defined('')) ? die : '';
// Require to be logged in
(!isset($_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';

$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$target_userid = (isset($HTTP_GET_VARS['uid'])) ? intval($HTTP_GET_VARS['uid']) : redirect('index.php?mode=members');

// Do not allow the user to attack him/her self
$user_id=$_SESSION['user_id'];
$uresult = mysql_query("SELECT * FROM users
WHERE user_id=$user_id");
$user=mysql_fetch_assoc($uresult);
if ($target_userid == $_SESSION['user_id'])
{
echo 'You cannot attack yourself';
timed_redirect('index.php?mode=attack&amp;set=no', 2);
die;
}

echo 'Maximum ammount: <b>15</b><form action="index.php?mode=attack&amp;uid='.$target_userid.'" method="POST">
Turns: <input type="text" name="turns" size="10" />
<input type="submit" value="Attack" />';

$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';
if ($user['user_turns'] >= $attack_turns)
{
if ($attack_turns > 0 && $attack_turns <= 15)
{
$target = mysql_query("SELECT * FROM users
WHERE user_id = '".$target_userid."'");
$user = mysql_query("SELECT * FROM users
WHERE user_id = '".$_SESSION['user_id']."'");
$user = mysql_fetch_assoc($user);
$target = mysql_fetch_assoc($target);
if ($user['user_attack_rating'] > $target['user_defence_rating'])
{
$spoils = round(((4.3 * $target['user_gold']) * $user_turns));
$target_gold = $target['user_gold'] - ($spoils);
$user_gold = $user['user_gold']+($spoils);
$user_turn=$user['user_turns']-($attack_turns);
$user_result = mysql_query("UPDATE users
SET user_gold = '".$user_gold."'
SET user_turns='".$user_turn."'
WHERE user_id = '".$_SESSION['user_id']"'");
$target_result = mysql_query("UPDATE users
SET user_gold = '".$target_gold."'
WHERE user_id = '".$target_userid."'");
$victory = true;
$outcome = 'Victory';
echo 'Your troops demolish '.$target.' s army, victory is yours' ;
echo '<br>You have gained:<br><b>'.$spoils.' Gold</b><br><b></b>';
} else {
$victory = false;
$outcome = 'Defeat';
echo '!! '.$target.' s army beats back your army in a humiliating defeat!' ;
$user_result = mysql_query("UPDATE users
SET user_turns='".$user_turn."'
WHERE user_id = '".$_SESSION['user_id']"'");
}
$result = mysql_query("INSERT INTO `attack_log` VALUES ('".$_SESSION['user_id']."', '".$target."', '".$user['user_attack_rating']."', '".$target['user_def_rating']."', '".$outcome."', '".$spoils."')");
if ($result)
{
echo 'Attack Log Updated!';
if($user_result&&$target_result)
{
echo'Stats updated';
timed_redirect('index.php?mode=main', 1);
} else {
echo 'Maximum ammount of turns: 15';
timed_redirect('index.php?mode=attack&amp;uid='.$target_userid, 2);
}
}
}
}

?>

You forgot your concatenation on line 46. Add a . after $_SESSION['user_id']. I also see you found the backtick lurking in your code too.

cheers man. i got one last problem with that script. when i attack someone, and i use say 15 turns from 45, i should have 30 left. when i go to home to check, i have 0.

$user_turn=$user['user_turns']-($attack_turns);
$user_result = mysql_query("UPDATE users
SET user_gold = '".$user_gold."'
SET user_turns='".$user_turn."'
WHERE user_id = '".$_SESSION['user_id']."'");


am i doing osmething wrong here??

p.s. what is backtick lol, ive never head that one before.

edit- new problem i went to add in a mesage to be displayed if the user dosent haven enough attack turns. i get this error - Parse error: parse error, unexpected $ in /home/project6/public_html/actions/attack.php on line 80

$result = mysql_query("INSERT INTO `attack_log` VALUES ('".$_SESSION['user_id']."', '".$target."', '".$user['user_attack_rating']."', '".$target['user_def_rating']."', '".$outcome."', '".$spoils."')");
if ($result)
{
echo 'Attack Log Updated!';
if($user_result&&$target_result)
{
echo'Stats updated';
timed_redirect('index.php?mode=main', 10);
} else {
echo 'Maximum ammount of turns: 15';
timed_redirect('index.php?mode=attack&amp;uid='.$target_userid.'', 2);
}
}
}else{
echo 'You do not have enough turns';
timed_redirect('index.php?mode=attack', 3);
}

?>

i am guessing it is in there somewhere, i am no good at spotting these parse errors.

Echo out $user_turns and $attack_turns and see what it is subtracting.
Count your brackets. You should have an even number, not odd.

I'd tell you more, but you need to learn how to debug. :D

And a backtick is this thing `

aright lol. i always ignore debugging lol, my college lecturers always at me for it.

it seems all i got now is parse errors. ill post em later, i cant pick out where they coming from.

ok ill post this one for now-

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/project6/public_html/actions/attack_log.php on line 20

this is for my attack log.

edit.

i know what is causing the problem, the $_SESSION['username'] is changing to Array.....lol no idea why it is changing, it is ok when u log in, but when u r rediretced to the index it changes to array.

PHP won't complain if you store an array as a session variable.
Double-check ALL references to that variable in all relevant pages along the way. Do a Find in whatever editor you are using in case a typo is your problem.

If you can't figure it out, post every line you have that has $_SESSION['username'] in it. I bet there is something there that turns it into an array.

i got the name thing fixed, silly error lol. anyhoo


$uusername=$_SESSION['username'];
echo "debug1 $uusername here " ;
$aresult = mysql_query("SELECT * FROM attack_log
WHERE attacker=$uusername ");


this query fails. $_SESSION['username']; is set on log in and in the debug echo it confirms this. Any ideas as to why it fails?

also, my attack script, it isnt updating the stats afterwards-


$user_result = mysql_query("UPDATE users
SET user_gold = '".$user_gold-$spoils."'
SET user_turns='".$user_turns-$attack_turns."'
WHERE user_id = '".$_SESSION['user_id']."'");

here is where attack_turns is being set-

echo 'Maximum ammount: <b>15</b>
<form action="index.php?mode=attack&amp;uid='.$target_userid.'" method="POST">
Turns: <input type="text" name="turns" size="10" />
<input type="submit" value="Attack" />';
$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';


am i doing this correctly??
$spoils = round(((4.3 * $target['user_gold']) * $user_turns));
this is where $spoils gets set.

i get no errors with this, just my debugging confirms that the update fails. any ideas?

In the first query, you need to use quotes around the variable (unless it's an integer I think, though since it's a username I'm guessing it's not an integer value), like so:
$aresult = mysql_query("SELECT * FROM attack_log WHERE attacker='$uusername'");
As for the second query, when you update multiple fields at once, simply enter them as a comma-separated listed, like fieldname1='value1', fieldname2='value2' etc. Should look something like:
$user_result = mysql_query("UPDATE users SET user_gold = '".$user_gold-$spoils."', user_turns='".$user_turns-$attack_turns."' WHERE user_id = '".$_SESSION['user_id']."'");

that attack_log part worked a treat mate, your a f*king saint.

the other bit didnt though. i think...could it be down to my variable names?

this is how i get $attack_turns-
echo 'Maximum ammount: <b>15</b>
<form action="index.php?mode=attack&amp;uid='.$target_userid.'" method="POST">
Turns: <input type="text" name="turns" size="10" />
<input type="submit" value="Attack" />';
$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';

is this being done correctly? coz it aint taking the value $attack_turns away from field $user_turns.