Jump to content
MakeWebGames

Stock Market. Working + Secured

Haunted Dawg

By Haunted Dawg
in Free Modifications

 Share

Recommended Posts

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

rulerofzu Newbie

rulerofzu

Posted
Posted

Attached is an updated fixed version of the stocks.php and staff_stocks.php

Fixed security issue by removing PHP_SELF

Cleaned up the code slightly and changed to use the $db class as that is what the class is there for. No point in having the class if you aint gonna use it.

I tested this as far as adding stock and it being displayed and buy/selling etc. Didnt add the cron information but I did check over that code and it looks reasonable.

stocks.zip

Dominion Newbie

Dominion

Posted
Posted

Only thing i would say is there is no point in having –

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

In staff stocks.php. The class does the “or die(mysql_error()) for you (unless its changed?).

In any case thanks for taking the time to repost, and even update it.

rulerofzu Newbie

rulerofzu

Posted
Posted

I didnt take that much notice Dom. For any mysql_query , num_rows, fetch_assoc I did a find and replace to turn them into $db->

Wasnt going to put a lot of time into it just got it working and then noticed the PHP_SELF so removed those. But yes you are correct there is no need for or die(mysql_error());

  • 2 months later...
ChrisRowe Newbie

ChrisRowe

Posted
Posted
Attached is an updated fixed version of the stocks.php and staff_stocks.php

Fixed security issue by removing PHP_SELF

Cleaned up the code slightly and changed to use the $db class as that is what the class is there for. No point in having the class if you aint gonna use it.

I tested this as far as adding stock and it being displayed and buy/selling etc. Didnt add the cron information but I did check over that code and it looks reasonable.

 

 

Just to let you know, your missing a ; on the end of line 114

Nickson Newbie

Nickson

Posted
Posted

If it's an informative post with some useful content, then there is nothing wrong with it. If it's just a bump/spam, well that might be a bit annoying though..

  • 3 weeks later...
S.Cosmin Newbie

S.Cosmin

Posted
Posted

After i installed the mod, i got a error.

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

On line 109 is just this.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

How can i fix that guys? Please...

sniko Apprentice

sniko

Posted
Posted
After i installed the mod, i got a error.

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

On line 109 is just this.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

How can i fix that guys? Please...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Try that

  • 3 weeks later...
Lithium Apprentice

Lithium

Posted
Posted
sorry i got an error im rubbish at coding so sorry if its just basic

 

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/morgan95/public_html/stocks.php on line 109

If you have read the damn thread the answer would be right in front of your eyes!

morgan1122 Newbie

morgan1122

Posted
Posted (edited)

oh sorry the updated one now the error is Parse error: syntax error, unexpected '}' in /home/morgan95/public_html/stocks.php on line 115

echo 'You do not have enough money for this amount of stocks.';

return;

}

111 $stock_holds = $db->query("SELECT holdingID FROM `stock_holdings` WHERE `holdingUSER` = ".$ir['userid']." AND `holdingSTOCK` = ".$stock['stockID']);

112 if($db->num_rows($stock_holds)) {

113 $db->query("UPDATE `stock_holdings` SET `holdingQTY` = (`holdingQTY` + ".$amnt.") WHERE `holdingUSER` = ".$ir['userid']." AND `holdingSTOCK` = 114".$stock['stockID'])

115 }

116 else {

$db->query("INSERT INTO `stock_holdings` (`holdingUSER`,`holdingSTOCK`,`holdingQTY`) VALUES (".$ir['userid'].",".$stock['stockID'].",".$amnt.")");

}

Edited by morgan1122
morgan1122 Newbie

morgan1122

Posted
Posted (edited)

Thanks dom its loading now but a bit of an error to my template on on that page it dont show the template heres the script

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Edited by morgan1122
  • 2 weeks later...
  • 2 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...