aburdet Posted December 2, 2009 Posted December 2, 2009 I'm trying to make it so users cannot exploit the system and add more items to the market than they actually have. I put this at the top of the page but it only works on some items. $qty=$db->query("SELECT inv_qty FROM inventory WHERE inv_userid=$userid and inv_id={$_GET['ID']}"); if($_GET['qty']>$qty) { die ("You are trying to add more items to the market than you have."); } Other times, it will work when it shouldn't (when you actually DO have that many items). Can anyone please tell this n00b what I'm doing wrong? ?( Quote
jon182 Posted December 2, 2009 Posted December 2, 2009 $qty=$db->query("SELECT * FROM inventory WHERE inv_userid=$userid and inv_id={$_GET['ID']}"); $qty2=mysql_fetch_array($qty) if($_GET['qty']>$qty2['inv_qty']) { die ("You are trying to add more items to the market than you have."); } try that Quote
aburdet Posted December 2, 2009 Author Posted December 2, 2009 $qty=$db->query("SELECT * FROM inventory WHERE inv_userid=$userid and inv_id={$_GET['ID']}"); $qty2=mysql_fetch_array($qty) if($_GET['qty']>$qty2['inv_qty']) { die ("You are trying to add more items to the market than you have."); } try that Worked like a charm, thanks! It only required one tiny little fix that I only point out in case other n00bs have the same issue.... It needs ; after $qty2=mysql_fetch_array($qty) Here's the correct version, to save from others posting repeat questions: $qty=$db->query("SELECT * FROM inventory WHERE inv_userid=$userid and inv_id={$_GET['ID']}"); $qty2=mysql_fetch_array($qty); if($_GET['qty']>$qty2['inv_qty']) { die ("You are trying to add more items to the market than you have."); } Quote
Danny696 Posted December 2, 2009 Posted December 2, 2009 replace mysql_fetch_array with $db->fetch_row for V2 Quote
Zero-Affect Posted December 2, 2009 Posted December 2, 2009 Hope this will help it is abit old but i believe it could help. <?php include_once (DIRNAME(__FILE__) . "/globals.php"); $_GET['ID'] = (ctype_digit($_GET['ID']) AND !empty($_GET['ID'])) ? abs((int) $_GET['ID']) : '' ; $_GET['price'] = (ctype_digit($_GET['price']) AND !empty($_GET['price'])) ? abs((int) $_GET['price']) : '' ; $_GET['QTY'] = (ctype_digit($_GET['QTY']) AND !empty($_GET['QTY'])) ? abs((int) $_GET['QTY']) : '' ; if($_GET['price']) { $q=$db->query("SELECT iv.`inv_qty`, `inv_itemid`, `inv_id`, i.`itmname` FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid WHERE inv_id={$_GET['ID']} and inv_userid=$userid"); if($db->num_rows($q) == 0) { echo "Invalid Item ID"; } else { $r = $db->fetch_row($q); if($r['inv_qty'] < $_GET['QTY']): echo ' You do not have enough of this item. '; $h->endpage(); exit; endif; $checkq = sprintf('SELECT `imID` FROM `itemmarket` WHERE imITEM = %u AND imPRICE = "%.0f" AND imADDER = %u', $r['inv_itemid'], $_GET['price'], $userid); $checkq = $db->query($checkq); if($db->num_rows($checkq)): $cqty = $db->fetch_row($checkq); $query = sprintf('UPDATE `itemmarket` SET imQTY = imQTY + %u WHERE imID = %u', $_GET['QTY'], $cqty['imID']); $db->query($query); else: $db->query("INSERT INTO itemmarket VALUES ('','{$r['inv_itemid']}',$userid,{$_GET['price']}, '{$_GET['currency']}', '{$_GET['QTY']}')"); endif; item_remove($userid, $r['inv_itemid'], $_GET['QTY']); $db->query("INSERT INTO imarketaddlogs VALUES ( '', {$r['inv_itemid']}, {$_GET['price']}, {$r['inv_id']}, $userid, unix_timestamp(), '{$ir['username']} added {$r['itmname']} x{$_GET['QTY']} to the itemmarket for {$_GET['price']} {$_GET['currency']}')"); echo "Item added to market."; } } else { $q = $db->query("SELECT COUNT(`inv_id`) AS `inv_count` FROM `inventory` WHERE `inv_id` = {$_GET['ID']} AND `inv_userid` = $userid"); $r=$db->fetch_row($q); if($r['inv_count']==0) { echo "Invalid Item ID"; } else { print "Adding an item to the item market... <form action='imadd.php' method='get'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Quantity: <input type='text' name='QTY' value=''> Price: <input type='text' name='price' value='0' /> <select name='currency' type='dropdown'><option value='money'>Money</option><option value='crystals'>Crystals</option></select> <input type='submit' value='Add' /></form>"; } } $h->endpage(); ?> Quote
aburdet Posted December 2, 2009 Author Posted December 2, 2009 replace mysql_fetch_array with $db->fetch_row for V2I didn't even notice that....and it worked fine on my V2 without changing it. Is that normal?? lol Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.