query($sql); while ($row = $result->fetch_assoc()) { $i++; $_SESSION['scoreboard'][$i - 1] = array('username' => $row['username'], 'score' => $row['score']); } $sql = " SELECT username FROM active_users ORDER BY username DESC LIMIT 0,5"; $result = $conn->query($sql); while ($row = $result->fetch_assoc()) { $i++; $active_users[$i - 1] = $row['username']; } //print_r($_SESSION['scoreboard']); //mysql_close($conn); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { $name = trim_input($_POST["name"]); if (empty($name) || $name == "") { $_SESSION["index"] = "Vul iets in"; } elseif (in_array($name, $active_users)) { $_SESSION["index"] = "Naam is al gekozen"; } else { $_SESSION['name'] = $name; $sql = "INSERT INTO active_users (username) VALUES ('" . $_SESSION['name'] . "')"; $result = $conn->query($sql); header("Location: hangman.php"); } } function trim_input($data) { //$data = trim($data); //$data = stripslashes($data); //$data = strip_tags($data); //$data = htmlspecialchars($data); //$data = filter_var($data, FILTER_SANITIZE_STRING); $data = preg_replace('/[^\w]/', '', $data); //mysqli_real_escape_string($data); return $data; } /*$a = "VALUES ('siem');UPDATE `scoreboard` SET `id`=[value-1],`username`=[value-2],`score`=[value-3] WHERE 1"; $sanitized_a = filter_var($a, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); echo $sanitized_a;*/ ?> Hangman - Welcome

Hangman

"; } else { echo "
Name:
"; } ?>

Top 5:

Name:

" . $i['username'] . "

"; } ?>

Score:

" . $i['score'] . "

"; } ?>

Active users:

" . $i . "

"; } } else { echo '

No active users

'; } ?>