I ran across this piece of code in a program I am updating. The original author is a great game designer, but only a fair programmer. He also seems to have very limited experience with SQL.

PHP:
  1. if ( $grab == 'Ammo' ) {
  2.     $check = mysql_query("SELECT * FROM BF WHERE owner= 'None' AND country='$fetch->location'");
  3.     $num_rows = mysql_num_rows($check);
  4.  
  5.     if ( $num_rows != 0 ) {
  6.         if ( $fetch->location == $location ) {
  7.             mysql_query("UPDATE BF SET owner='$username', profit='0' WHERE country='$fetch->location' LIMIT 1");
  8.             $this->content .= "You got the Bullet Factory!";
  9.         }
  10.     }
  11. }

When writing database applications, you need to be as good at writing queries as you are at writing code. Here's a rewrite:

(more...)