Re: [mccode] donator day market for v2
Here is my donator day market which is called donmarket.php. it works fine. but the problem is its not free of sql injection. if anyone can help.... pls cure this problem for me.
<?php
include "globals.php";
print "<h3>Donator Day Market</h3>";
switch($_GET['action'])
{
case "buy":
dday_buy();
break;
case "remove":
dday_remove();
break;
case "add":
dday_add();
break;
default:
dday_index();
break;
}
function dday_index()
{
global $db,$ir,$c,$userid,$h;
print "[url='dmarket.php?action=add']> Add A Listing[/url]
Viewing all listings...
<table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Qty</th> <th>Price each</th> <th>Price total</th> <th>Links</th> </tr>";
$q=$db->query("SELECT cm.*, u.* FROM donatormarket cm LEFT JOIN users u ON u.userid=cm.cmADDER ORDER BY cmPRICE/cmQTY ASC");
while($r=$db->fetch_row($q))
{
if($r['cmADDER'] == $userid) { $link = "[url='dmarket.php?action=remove&ID={$r[']Remove[/url]"; } else { $link = "[url='dmarket.php?action=buy&ID={$r[']Buy[/url]"; }
$each= (int) $r['cmPRICE'] / $r['cmQTY'];
print "\n<tr> <td>[url='viewuser.php?u={$r[']{$r['username']}[/url] [{$r['userid']}]</td> <td>{$r['cmQTY']}</td> <td> \$" . number_format($each)."</td> <td>\$".number_format($r['cmPRICE'])."</td> <td>[$link]</td> </tr>";
}
print "</table>";
}
function dday_remove()
{
global $db,$ir,$c,$userid,$h;
$q=$db->query("SELECT * FROM donatormarket WHERE cmID={$_GET['ID']} AND cmADDER=$userid");
if(!$db->num_rows($q))
{
print "Error, either these days do not exist, or you are not the owner.
[url='dmarket.php']> Back[/url]";
$h->endpage();
exit;
}
$r=$db->fetch_row($q);
$db->query("UPDATE users SET donatordays=donatordays+{$r['cmQTY']} where userid=$userid");
$db->query("DELETE FROM donatormarket WHERE cmID={$_GET['ID']}");
print "days removed from market!
[url='dmarket.php']> Back[/url]";
}
function dday_buy()
{
global $db,$ir,$c,$userid,$h;
$q=$db->query("SELECT * FROM donatormarket cm WHERE cmID='".mysql_real_escape_string($_GET['ID'])."'");
if(!$db->num_rows($q))
{
print "Error, either these days do not exist, or they have already been bought.
[url='dmarket.php']> Back[/url]";
$h->endpage();
exit;
}
$r=$db->fetch_row($q);
if($r['cmPRICE'] > $ir['money'])
{
print "Error, you do not have the funds to buy these days.
[url='dmarket.php']> Back[/url]";
$h->endpage();
exit;
}
$db->query("UPDATE users SET donatordays=donatordays+{$r['cmQTY']} where userid=$userid");
$db->query("DELETE FROM donatormarket WHERE cmID={$_GET['ID']}");
$db->query("UPDATE users SET money=money-{$r['cmPRICE']} where userid=$userid");
$db->query("UPDATE users SET money=money+{$r['cmPRICE']} where userid={$r['cmADDER']}");
event_add($r['cmADDER'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] bought your {$r['cmQTY']} days from the market for \$".number_format($r['cmPRICE']).".",$c);
print "You bought the {$r['cmQTY']} days from the market for \$".number_format($r['cmPRICE']).".";
}
function dday_add()
{
global $db,$ir,$c,$userid,$h;
$_POST['amnt'] = abs((int) $_POST['amnt']);
$_POST['price'] = abs((int) $_POST['price']);
if($_POST['amnt'])
{
if($_POST['amnt'] > $ir['donatordays'])
{
die ("You are trying to add more days to the market than you have.");
}
$tp=$_POST['amnt']*$_POST['price'];
$db->query("INSERT INTO donatormarket VALUES('',{$_POST['amnt']},$userid,$tp)");
$db->query("UPDATE users SET donatordays=donatordays-{$_POST['amnt']} WHERE userid=$userid");
print "days added to market!
[url='dmarket.php']> Back[/url]";
}
else
{
print "[b]Adding a listing...[/b]
You have [b]{$ir['donatordays']}[/b] day(s) that you can add to the market.<form action='dmarket.php?action=add' method='post'><table width=50% border=2><tr>
<td>Days:</td> <td><input type='text' name='amnt' value='{$ir['donatordays']}' /></td></tr><tr>
<td>Price Each:</td> <td><input type='text' name='price' value='200' /></td></tr><tr>
<td colspan=2 align=center><input type='submit' value='Add To Market' /></tr></table></form>";
}
}
$h->endpage();
?>
any help would be appreciated.