Purchase Script Mishaps

Li1M0ST3Rz · May 13, 2016

PHP:

if(isset($_GET['buy']))
        {
            $re = "SELECT * FROM info_sell WHERE id='".$_GET['buy']."' AND added='".$row['username']."'";
            $res = mysql_query($re) or die(mysql_error());
            $buy = mysql_fetch_array($res);
                $b = $row['credit'];
                $s = $buy['price'];
                        if($b < $s)
                            {
                                echo '<font color="red">Cannot buy with '.$row["price"].'</font>';
                            }
                        if($b > $s)
                            {
                                echo '<h1>this work!</h1>';
                            }
        }

so let me explain, the method $_GET['buy'] will listen for a url display like this: localhost/cart.php?buy=1 so we can know where they buying from and if the user added it. Afterwards, $row is a user data that isnt shown cause its in the function and its not the problem. But the if greater than or less than is a problem and i dont know how to continue from this mishaps. It doesnt show result if it works or cannot buy help?

BIOS · May 13, 2016

You should use prepared statement or atleast escape your data before executing queries.

What happens with the current script, any errors? Also from the preview I can see that $b is using $row whereas $s is using $buy, can you provide the code which isn't present in your post?

Li1M0ST3Rz · May 13, 2016

BIOS said:
You should use prepared statement or atleast escape your data before executing queries.

What happens with the current script, any errors? Also from the preview I can see that $b is using $row whereas $s is using $buy, can you provide the code which isn't present in your post?

the $row is a user data script thats in the function section thats isnt the issue and the $buy is there if you pay attention

BIOS · May 13, 2016

Li1M0ST3Rz said:
the $row is a user data script thats in the function section thats isnt the issue and the $buy is there if you pay attention

What happens with the script, do you have any errors? What is the result of printing the credit & price? Also there's a typo in the error message: $row["price"]?

Li1M0ST3Rz · May 13, 2016

BIOS said:
What happens with the script, do you have any errors? What is the result of printing the credit & price? Also there's a typo in the error message: $row["price"]?

it doesnt show nothing no error no results it like its not working

BIOS · May 13, 2016

Li1M0ST3Rz said:
it doesnt show nothing no error no results it like its not working

So what, there's a white page? If it wasn't working, there'd usually be errors.

Try adding error_reporting(E_ALL); at the top of your page then see if there's any errors outputted on the page or find your PHP error log file (you can find it's location with echo phpinfo(); then search for error_log).

Li1M0ST3Rz · May 13, 2016

BIOS said:
So what, there's a white page? If it wasn't working, there'd usually be errors.

Try adding error_reporting(E_ALL); at the top of your page then see if there's any errors outputted on the page or find your PHP error log file (you can find it's location with echo phpinfo(); then search for error_log).

theres no error you want to do teamviewer?

Ecko · May 13, 2016

var_dump() exists for a reason

BIOS · May 13, 2016

Li1M0ST3Rz said:
theres no error you want to do teamviewer?

Did you even look? What happens on the page then, is it white or what?

Li1M0ST3Rz · May 13, 2016

BIOS said:
Did you even look? What happens on the page then, is it white or what?

I look its white

BIOS · May 13, 2016

Li1M0ST3Rz said:
I look its white

Look in your PHP error log

Li1M0ST3Rz · May 13, 2016

there was no file created

BIOS said:
Look in your PHP error log

BIOS · May 13, 2016

Li1M0ST3Rz said:
there was no file created

What do you mean there was no file created?

Add this to the top of your page:

PHP:

ini_set('error_reporting', E_ALL);
ini_set('display_errors', '1');

JayC · May 14, 2016

Code:

if(isset($_GET['buy'])){
    $buyAmount = filter($_GET['buy']);
   
    $infoSell = mysql_query("SELECT * FROM info_sell WHERE id = '".$buyAmount."' AND added = '".$row['username']."'";
   
    if(mysql_num_rows($infoSell) > 0){
    $buyQuery = mysql_fetch_assoc($infoSell);
   
    $buyCredit = $row['credit'];
    $buyPrice = $buyQuery['price'];
   
    if($buyCredit < $buyPrice){
        echo "<font color="red">Cannot buy with $row['price'] </font>";
    }else{
        echo "Thank you for your purchase";
    }
   
    }else{
        echo "You are not found in our database";
    }


}

Now, Where the fuck is $row coming from because if your posting to a new page to use the GET and you do not declare $row in that page then it's not going to magically work. So please, where is $row coming from

BIOS · May 14, 2016

JayCustom said:

Code:

if(isset($_GET['buy'])){
    $buyAmount = filter($_GET['buy']);
  
    $infoSell = mysql_query("SELECT * FROM info_sell WHERE id = '".$buyAmount."' AND added = '".$row['username']."'";
  
    if(mysql_num_rows($infoSell) > 0){
    $buyQuery = mysql_fetch_assoc($infoSell);
  
    $buyCredit = $row['credit'];
    $buyPrice = $buyQuery['price'];
  
    if($buyCredit < $buyPrice){
        echo "<font color="red">Cannot buy with $row['price'] </font>";
    }else{
        echo "Thank you for your purchase";
    }
  
    }else{
        echo "You are not found in our database";
    }


}

Now, Where the fuck is $row coming from because if your posting to a new page to use the GET and you do not declare $row in that page then it's not going to magically work. So please, where is $row coming from

His reply is going to be "the $row is a user data script thats in the function section thats isnt the issue and the $buy is there if you pay attention", I already asked him.

JayC · May 14, 2016

BIOS said:
His reply is going to be "the $row is a user data script thats in the function section thats isnt the issue and the $buy is there if you pay attention", I already asked him.

I seen that but I want him to correctly answer the question. I want to know EXACTLY where that is coming from, and I would like to see the whole page of code so I know what you're doing exactly (At least all the php part). "thats isnt the issue" You don't know what the issue is, that's why you're asking for help. Assume nothing and give us what we tell you we need to see

Li1M0ST3Rz · May 14, 2016

BIOS said:
His reply is going to be "the $row is a user data script thats in the function section thats isnt the issue and the $buy is there if you pay attention", I already asked him.

JayCustom said:
I seen that but I want him to correctly answer the question. I want to know EXACTLY where that is coming from, and I would like to see the whole page of code so I know what you're doing exactly (At least all the php part). "thats isnt the issue" You don't know what the issue is, that's why you're asking for help. Assume nothing and give us what we tell you we need to see

PHP:

$re = "SELECT * FROM `product_sell` WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
            $res = mysql_query($re) or die(mysql_error());
            while($buy = mysql_fetch_assoc($res))
                {
                    $b = $row['credits'];
                    $s = $buy['price'];
                            if($b < $s)
                                {
                                    echo '<br><br><div class="msgError"><b>Cannot buy with</b> <img src="./images/dollar.png" title="dollar" style="height: 16px; width: 16px;" />'.$b.'</div>';
                                }
                            if($b > $s)
                                {
                                    $rs = "UPDATE `ccinfo_sell` SET `bought`='".$row['username']."',`ccstatus`='0', `added`='' WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
                                    $ss = mysql_query($rs);
                                    if(!$ss)
                                        {
                                            echo '<br><br><div class="msgError"><b>Error abort!!</b> Code: '.mysql_error().'</div>';
                                        }
                                    else
                                        {
                                            $sd = $buy['price'] - $row['credits'];
                                            $change = "UPDATE `users` SET `credits`= - '".$sd."' WHERE `username`='".$row['username']."'";
                                            $quick = mysql_query($change);
                                            if(!$quick)
                                                {
                                                    echo '<br><br><div class="msgError"><b>Cannot proceed!</b> Code: '.mysql_error().'</div>';
                                                }
                                            else
                                                {
                                                    echo '<br><br><div class="msgOk"><b>Purchased!</b> check your <a href="./stocks?mine">stocks here</a></div>';
                                                }
                                        }
                                }
                }

i fixed it

JayC · May 15, 2016

Li1M0ST3Rz said:

PHP:

$re = "SELECT * FROM `product_sell` WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
            $res = mysql_query($re) or die(mysql_error());
            while($buy = mysql_fetch_assoc($res))
                {
                    $b = $row['credits'];
                    $s = $buy['price'];
                            if($b < $s)
                                {
                                    echo '<br><br><div class="msgError"><b>Cannot buy with</b> <img src="./images/dollar.png" title="dollar" style="height: 16px; width: 16px;" />'.$b.'</div>';
                                }
                            if($b > $s)
                                {
                                    $rs = "UPDATE `ccinfo_sell` SET `bought`='".$row['username']."',`ccstatus`='0', `added`='' WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
                                    $ss = mysql_query($rs);
                                    if(!$ss)
                                        {
                                            echo '<br><br><div class="msgError"><b>Error abort!!</b> Code: '.mysql_error().'</div>';
                                        }
                                    else
                                        {
                                            $sd = $buy['price'] - $row['credits'];
                                            $change = "UPDATE `users` SET `credits`= - '".$sd."' WHERE `username`='".$row['username']."'";
                                            $quick = mysql_query($change);
                                            if(!$quick)
                                                {
                                                    echo '<br><br><div class="msgError"><b>Cannot proceed!</b> Code: '.mysql_error().'</div>';
                                                }
                                            else
                                                {
                                                    echo '<br><br><div class="msgOk"><b>Purchased!</b> check your <a href="./stocks?mine">stocks here</a></div>';
                                                }
                                        }
                                }
                }

i fixed it

Well I'm pretty sure this is your problem from your original code

echo '<font color="red">Cannot buy with '.$row["price"].'</font>';

BIOS · May 15, 2016

Li1M0ST3Rz said:

PHP:

$re = "SELECT * FROM `product_sell` WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
            $res = mysql_query($re) or die(mysql_error());
            while($buy = mysql_fetch_assoc($res))
                {
                    $b = $row['credits'];
                    $s = $buy['price'];
                            if($b < $s)
                                {
                                    echo '<br><br><div class="msgError"><b>Cannot buy with</b> <img src="./images/dollar.png" title="dollar" style="height: 16px; width: 16px;" />'.$b.'</div>';
                                }
                            if($b > $s)
                                {
                                    $rs = "UPDATE `ccinfo_sell` SET `bought`='".$row['username']."',`ccstatus`='0', `added`='' WHERE `id`='".$_GET['id']."' AND `added`='".$row['username']."'";
                                    $ss = mysql_query($rs);
                                    if(!$ss)
                                        {
                                            echo '<br><br><div class="msgError"><b>Error abort!!</b> Code: '.mysql_error().'</div>';
                                        }
                                    else
                                        {
                                            $sd = $buy['price'] - $row['credits'];
                                            $change = "UPDATE `users` SET `credits`= - '".$sd."' WHERE `username`='".$row['username']."'";
                                            $quick = mysql_query($change);
                                            if(!$quick)
                                                {
                                                    echo '<br><br><div class="msgError"><b>Cannot proceed!</b> Code: '.mysql_error().'</div>';
                                                }
                                            else
                                                {
                                                    echo '<br><br><div class="msgOk"><b>Purchased!</b> check your <a href="./stocks?mine">stocks here</a></div>';
                                                }
                                        }
                                }
                }

i fixed it

So it was just a typo on $b = $row['credits'];? If you'd have provided the whole code from the function then we'd be able to see as you previously were using $b = $row['credit'].

Li1M0ST3Rz · May 15, 2016

BIOS said:
So it was just a typo on $b = $row['credits'];? If you'd have provided the whole code from the function then we'd be able to see as you previously were using $b = $row['credit'].

my bad sir, my function file is big and wouldnt be able to put it on display

Purchase Script Mishaps

I <3 Bianca

ಠ‿ಠ

I <3 Bianca

ಠ‿ಠ

I <3 Bianca

ಠ‿ಠ

I <3 Bianca

23:37 [autobots] -!- eckostylez [[email protected]]

ಠ‿ಠ

I <3 Bianca

ಠ‿ಠ

I <3 Bianca

ಠ‿ಠ

Always Learning

ಠ‿ಠ

Always Learning

I <3 Bianca

Always Learning

ಠ‿ಠ

I <3 Bianca

Users who are viewing this thread