#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    16
    Rep Power
    0

    If X is larger than Y issue.


    Alrighty. I'm working on a game store for my project and i've run into an issue where a 'player' can put themselves into debt upto a million dollars when purchases some of the items in the store.

    The function in question is purchaseItem(). I turn the price into a negative, the whole thing functions correctly save for the fact that the player can still purchase an item despite the fact they are broke as a joke.

    Code:
    <?php
    class bank extends user
    {
    	public $uid;
    	public $balance;
    	protected $db;
    	
    	function __construct($uid, $db)
    	{
    		$this->uid = $uid;
    		$this->db = $db;	
    	}
    	function getBal($uid)
    	{
    		$sql = "SELECT balance FROM bank_accounts WHERE uid = '{$uid}'";
    		$que = $this->db->query($sql);
    		$row = $que->fetch_array();
    		return $row[0];
    	}
    
    Code:
    function purchaseItem($uid, $iid)
    	{
    		$sql = "SELECT item_price FROM store WHERE iid = '{$iid}';";
    		$que = $this->db->query($sql);
    		if(!$que)
    		{
    			return false;	
    		}
    		else
    		{
    			$row = $que->fetch_array();
    			$price = 0 - $row[0];
    			$chkbal = $this->getBal($uid);
    			if($price >= $chkbal)
    			{
    				echo "you do not have enough money for this";
    			}
    			else
    			{
    				$balance = $this->update_Balance($uid, $price);
    				if($balance == true)
    				{
    					if($this->addItemToInv($uid, $iid) == true)
    					{
    						return true;
    					}
    					else
    					{
    						return false;	
    					}
    				}
    				else
    				{
    					echo 'could not give you item';
    				}
    			}
    		}
    	}
    function addItemToInv($uid, $iid) { $sql = "SELECT count(*) FROM player_inv WHERE uid = '{$uid}' AND iid = '{$iid}';"; $que = $this->db->query($sql); if(!$que) { return false; } else { $row = $que->fetch_array(); if($row[0] == 0) { $sql = "INSERT INTO player_inv(IID, UID, AMOUNT) VALUES ('{$iid}}', '{$uid}', '1');"; $inv = $this->db->query($sql); if(!$inv) { return false; } else { return true; } } else { $sql = "UPDATE player_inv SET amount = amount + 1 WHERE uid = '{$uid}' AND iid = '{$iid}';"; $que = $this->db->query($sql); if(!$que) { return false; } else { return true; } } } } function update_Balance($uid, $update) { $balance = $this->getBal($uid); $balance = $balance + $update; //* Update the Bank Account $sql = "UPDATE bank_accounts SET balance = '{$balance}' WHERE uid = '{$uid}'"; $que = $this->db->query($sql); if(!$que) { return false; } else { return true; } } //* Beta Functions function curse($uid) { $balance = $this->getBal($uid); $balance = $balance - 99999999; //* Increase Balance $sql = "UPDATE bank_accounts SET balance = '{$balance}' WHERE uid = '{$uid}'"; $que = $this->db->query($sql); if(!$que) { return false; } else { return true; } } function special_gift($uid) { $balance = $this->getBal($uid); $balance = $balance + 999999999; //* Increase Balance $sql = "UPDATE bank_accounts SET balance = '{$balance}' WHERE uid = '{$uid}'"; $que = $this->db->query($sql); if(!$que) { return false; } else { return true; } } }
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    The first two lines of that function both look bogus to my eyes. You have an extra semi in the sql statement which I would think would error out. Then the second line seems odd since you have a var ($this) pointing to a constant(?) pointing to a function. Don't know what that all is, but I'd say your function is returning immediately. try putting a die and display (or return) MySQL_error to see what's happening.
  4. #3
  5. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    PHP Code:
                $price $row[0];
                
    $chkbal $this->getBal($uid);
                if(
    $price >= $chkbal)
                {
                    echo 
    "you do not have enough money for this";
                } 
    Can you clarify your reasoning behind making the price negative?

    If I have $0 in my wallet and I see a $5 hamburger, -5 is NOT greater than or equal to 0, so according to your logic I would have enough money to buy it.

    A more logical approach is to subtract the price from the current balance and see whether or not that is greater than 0.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    1
    Rep Power
    0
    Should it be this?

    PHP Code:
    $price $row['item_price']; 
    Also, he probably thought the

    PHP Code:
    $price $row[0]; 
    that his $row variable was negative. So he may of attempted to subtract a negative from zero which in turn would be positive.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    16
    Rep Power
    0
    *facepalm*

    Alright, I now feel like a moron. The problem with the code is what E-Oreo said. (though the reason the >= was present in the code i posted here was I was messing around with that line of code to see what WOULD work)... The actual problem was the fact that I suck at math apparently.

    the code is working now as this:
    Code:
    function purchaseItem($uid, $iid)
    	{
    		$sql = "SELECT item_price FROM store WHERE iid = '{$iid}';";
    		$que = $this->db->query($sql);
    		if(!$que)
    		{
    			return false;	
    		}
    		else
    		{
    			$row = $que->fetch_array();
    			$price = -$row[0];
    			$chkbal = $this->getBal($uid);
    			$bal = $chkbal + $price;
    			if($bal <= 0)
    			{
    				return false;
    			}
    			else
    			{
    				$balance = $this->update_Balance($uid, $price);
    				if($balance == true)
    				{
    					if($this->addItemToInv($uid, $iid) == true)
    					{
    						return true;
    					}
    					else
    					{
    						return false;	
    					}
    				}
    				else
    				{
    					return false;
    				}
    			}
    		}
    	}
    	function addItemToInv($uid, $iid)
    	{
    		$sql = "SELECT count(*) FROM player_inv WHERE uid = '{$uid}' AND iid = '{$iid}';";
    		$que = $this->db->query($sql);
    		if(!$que)
    		{
    			return false;
    		}
    		else
    		{
    			$row = $que->fetch_array();
    
    			if($row[0] == 0)
    			{
    				$sql = "INSERT INTO player_inv(IID, UID, AMOUNT) VALUES ('{$iid}}', '{$uid}', '1');";	
    				$inv = $this->db->query($sql);
    				if(!$inv)
    				{
    					return false;
    				}
    				else
    				{
    					return true;
    				}	
    			}
    			else
    			{
    				$sql = "UPDATE player_inv SET amount = amount + 1 WHERE uid = '{$uid}' AND iid = '{$iid}';";	
    				$que = $this->db->query($sql);
    				if(!$que)
    				{
    					return false;
    				}
    				else
    				{
    					return true;
    				}
    			}
    	}
    	}
    I think this whole problem could've been resolved quicker, if i'd know that just adding a '-' in front of a number made it negative... (it didn't back in the day when i tried to get it to work that way, and hell, i feel like its only working by fluke right now)
  10. #6
  11. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    Originally Posted by lieoften
    I think this whole problem could've been resolved quicker, if i'd know that just adding a '-' in front of a number made it negative...
    On paper, yes....in a programming language...sort of. PHP is loosely typed so you can have a number, add a '-' to the beginning using string functions and you get a string. Then you can use this string as a number again. PHP handles this almost 100% transparently and probably won't cause you too much of an issue with simple stuff

    A more mathematically correct way (and more programatically correct) would be to just multiply by -1;

    For example:

    PHP Code:
    $a 5;

    $a '-'.$a;

    var_dump($a);

    $b 5;

    $b $b * -1;

    var_dump($b); 
    Code:
    string '-5' (length=2)
    
    int -5
    Last edited by Northie; July 15th, 2013 at 02:47 AM.
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo