ok i not 100% on these especially user input. ok hre is what i have-

PHP Code:
<?
(!defined('')) ? die : '';
session_start();
(!isset(
$_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';
$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$target_userid = (isset($HTTP_GET_VARS['uid'])) ? intval($HTTP_GET_VARS['uid']) : redirect('index.php?mode=members');
$user_id=$_SESSION['user_id'];
$uresult mysql_query("SELECT * FROM users
                       WHERE user_id=$user_id"
);
$user=mysql_fetch_assoc($uresult);
$target mysql_query("SELECT * FROM users
                                                WHERE user_id = '"
.$target_userid."'");
                                                
$target mysql_fetch_assoc($target);
if (
$target_userid == $_SESSION['user_id'])
        {
                echo 
'You cannot attack yourself';
                
timed_redirect('index.php?mode=attack&amp;set=no'2);
                die;
        }
                echo 
'Maximum ammount: <b>15</b>
<form action="index.php?mode=attack&amp;uid='
.$target_userid.'" method="POST">
                Turns: <input type="text" name="turns" size="10" />
                <input type="submit" value="Attack" />'
;
                
$attack_turns = (isset($HTTP_POST_VARS['turns'])) ? intval($HTTP_POST_VARS['turns']) : '';
                if (
$user['user_turns'] >= $attack_turns)
                        {
                                if (
$attack_turns && $attack_turns <= 15)
                                        {
                                                        if (
$user['user_attack_rating'] > $target['user_defence_rating'])
                                                        {
                                                                
$spoils round(((4.3 $target['user_gold']) * $user_turns));
                                                      echo
'!!! '.$user['user_turns'].'<br>';
                echo
'!!'.$attack_turns.'<br>';
                echo 
'!!'.$user_turn.'<br>';
                                                                
$user_result mysql_query("UPDATE users
                                                                        SET user_gold = '"
.$user_gold+$spoils."',user_turns='".$user_turns-$attack_turns."'
                        WHERE user_id = '"
.$_SESSION['user_id']."'");
                                                                
$target_result mysql_query("UPDATE users
                                                                        SET user_gold = '"
.$target_gold-$spoils."'
                                                                        WHERE user_id = '"
.$target_userid."'");
        
//the aboe user_result and target_result, they not working.  not sure if i have set up variables correctly.
                                                                
$victory true;
                                                                
$outcome 'Victory';
                                                                echo 
"Your troops demolish $target' s army, victory is yours" ;
                                                                echo 
'<br>You have gained:<br><b>'.$spoils.' Gold</b><br><b></b>';
                                                         } else {
                                                                
$victory false;
                                                                
$outcome 'Defeat';
                                                                echo 
'!! '.$target.' s army beats back your army in a humiliating defeat!' ;
                       
$user_resultd mysql_query("UPDATE users  
                    SET user_turns='"
.$user_turn-$attack_turns."'
                            WHERE user_id = '"
.$_SESSION['user_id']."'");
                                                        }
                                                
$result mysql_query("INSERT INTO `attack_log` VALUES ('".$_SESSION['username']."', '".$target['username']."', '".$user['user_attack_rating']."', '".$target['user_def_rating']."', '".$outcome."', '".$spoils."')");
                                                 if (
$result)
                                                        {
                                                                echo 
'Attack Log Updated!';
                                                                if(
$user_result)
                                                                        {
                                                                                echo
'user Stats updated';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         } else {
                                                              echo
'user stat update failed';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         }
                 if(
$user_resultd)
                                                                        {
                                                                                echo
'user Stats updated';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         } else {
                                                              echo
'user stat update failed';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         }
                if(
$target_result)
                {
                                     echo
'target Stats updated';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         } else {
                                                              echo
'target stat update failed';
                                                                                 
timed_redirect('index.php?mode=main'10);
                                                                         }
                                                         }  
}                       
                  }else{
            echo 
'You do not have enough turns';
                               
timed_redirect('index.php?mode=attack'3);
    }
?>
i am supposedly getting in $attack_turns from the user. this isdone at the top, is this being done correctly??

You will also see $auser_result and $targe_result, those do not work. what am i doing wrong in them.

Here is a better example of my not being sure on this at all-

PHP Code:
<?
session_start
();
(!
defined('')) ? die : '';
(!isset(
$_SESSION['user_id'])) ? redirect('index.php?mode=login') : '';
$set = (isset($HTTP_GET_VARS['set'])) ? $HTTP_GET_VARS['set'] : '';
$aresult mysql_query("SELECT * FROM armoury
                       WHERE weapon_type='attack"
);
$dresult mysql_query("SELECT * FROM armoury
                       WHERE weapon_type ='defence"
);
$result=mysql_query("SELECT * FROM armoury 
         ORDER BY weapon_type ASC"
);
echo 
'<table width="95%" cellpadding="0" cellspacing="0" border="0">
       <tr>
             <td align="center"><b>Weapon</b></td>
             <td align="center"><b>Type</b></td>
             <td align="center"><b>Cost</b></td>
             <td align="center"><b>Strength</b></td>
       </tr>'
;
while (
$armoury mysql_fetch_array($result))
{
        echo 
'<tr>
             <td align="center">'
.$armoury['weapon_name'].'</td>
             <td align="center">'
.$armoury['weapon_type'].'</td>
             <td align="center">'
.$armoury['weapon_cost'].'</td>
             <td align="center">'
.$armoury['weapon_strength'].'</td>
<td align="center"> <input type="text" name="quantity" size="4" /></td>
            </tr>'
;
}
 
$aquantity = (isset($HTTP_POST_VARS['aquantity'])) ? intval($HTTP_POST_VARS['aquantity']) : '';
 
$dquantity = (isset($HTTP_POST_VARS['dquantity'])) ? intval($HTTP_POST_VARS['dquantity']) : '';
          
$user mysql_query("SELECT * FROM users
                                      WHERE user_id = '"
.$_SESSION['user_id']."'");
               
$user mysql_fetch_assoc($user);
If( 
$aquantity 0)
{
        
$cost=($armoury['weapon_cost']*$armoury['aquantity']);
        if (
$user['user_gold'] >= $cost)
        {
                  
$apurchase mysql_query("INSERT INTO `user_armoury`  VALUES ('".$user_id."','".$user_armoury['weapon_name']."','".$user_armoury['weapon_type']."','".$user_armoury['weapon_strength']."','".$user_armoury['weapon_cost']."' '')");
        if (
$apurchase)
        {
                                
$user_attackmysql_query("UPDATE users
                                             SET user_attack_rating ='"
.$user_attack_rating+$weapon_strength*$aquantity*$user_army_size."'    
                                              WHERE user_id = '"
.$_SESSION['user_id']."'");
            if (
$user_attack)
            {
                echo
'attack updated';
            }else{
                echo
'attack failed';
            }
                   
$user_gold_updatemysql_query(" UPDATE users 
                            SET user_gold='"
.$user_gold-$cost."'
                             WHERE user_id='"
.$_SESSION['user_id']."'");
            if(
$user_gold_update)
            {
                echo
'gold updated';
            }else{
                echo
'gold failed';
            }                
             echo 
'Purchase Successful!';
                                    
timed_redirect('index.php?mode=armoury'5);
        }else {
                    echo 
'purchase failed';
        }
    }else{
        echo
'not enough gold';
    }
}

If( 
$dquantity 0)
{
        
$cost=($armoury['weapon_cost']*$armoury['dquantity']);
        if (
$user['user_gold'] >= $cost)
        {
                  
$dpurchase mysql_query("INSERT INTO `user_armoury`  VALUES ('".$user_id."','".$user_armoury['weapon_name']."','".$user_armoury['weapon_type']."','".$user_armoury['weapon_strength']."','".$user_armoury['weapon_cost']."' '')");
        if (
$dpurchase)
        {
                               
$user_defencemysql_query("UPDATE users
                                              SET user_defence_rating ='"
.$user_defence_rating+$weapon_strength*$dquantity*$user_army_size."';
                                              WHERE user_id = '"
.$_SESSION['user_id']."'");
                    if (
$user_defence)
            {
                echo
'defence updated';
            }else{
                echo
'defence failed';
            }
                    
$user_gold_updatemysql_query"UPDATE users SET user_gold='".$user_gold-$cost."'
                             WHERE user_id='"
.$_SESSION['user_id']."'");
            if(
$user_gold_update)
            {
                echo
'gold updated';
            }else{
                echo
'gold failed';
            }                
             echo 
'Purchase Successful!';
                                    
timed_redirect('index.php?mode=armoury'5);
        }else {
                    echo 
'purchase failed';
        }
    }else{
        echo
'not enough gold';
    }
}
?>
What happens here is i take details of weaponary frm a table, the user is to then input the quantity of weapon he wants to buy. i aint getting the quantity in correctly. then i must have a button "buy" or smething to perform the calculations, using the quantities entered and updating tables based on those quantities.

I totally lost. You guys have been a massive help t me, you have no idea how much i owe you, these 2 things and i should be able to fly solo lol.