if($username == $postedname) help with this
Posted: Mon Jun 30, 2008 10:05 am
Ok so i have a text based game and we are having some problems with this.
Heres the basic idea of the code
Thats the basics of it. Of course theres stuff stopping it from sending negative amounts and to fake accounts. But they can type there username with a space at the end and send money to there self and there money will double. I tried fixing it with the strip_tags thing, i tried adding the usernames to a database when they are first submited and then checking if the usernames are the same in the database but it still doesnt work.
Heres the basic idea of the code
Code: Select all
<?
if($_POST['submit']){
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;
$error = "No";
if($username == $postedname){
echo"<div align='center'>You can not send money to your self!</div>";
$error = "Yes";
}
if($error == 'No'){
echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");
echo"
<form action='' mthod='POST'>
<table>
<tr>
<td colspan='2' align='center'>Money Transfer</td></tr>
<tr>
<td align='right'>Username</td>
<td align='center'><input type='text' name='postedname'></td>
</tr>
<tr>
<td align='right'>Amount</td>
<td align='center'><input type='text' name='amount'></td>
</tr>
<tr>
<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
</tr>