<?php /** * Created by PhpStorm. * User: Yu * Date: 2015/4/8 * Time: 14:42 */ require_once 'store.php'; $conn = dbConnect(); echo "User(id = 1) Storage left:" . get_user_storage_left($conn, 1); echo "</br>User(id = 1) Goods(id = 1) Count:" . get_user_goods_count($conn, 1, 1); echo "</br>User(id = 1) Goods(id = 2) Count:" . get_user_goods_count($conn, 1, 2);
}
if (!empty($_COOKIE)) {
$uid = $_COOKIE['uid'];
}
if (!empty($_GET)) {
$gid = $_GET['gid'];
$n = $_GET['n'];
}
//arguments identification
if ($_GET && $gid && $n) {
//PREVENT SQL INJECTION
if (is_int((int) $uid) && is_int((int) $gid) && is_int((int) $n)) {
$conn = dbConnect();
//selling
if ($n < 0) {
$count = get_user_goods_count($conn, $uid, $gid);
//check whether the user has enough goods
if ($count >= $n * -1) {
if ($count == $n * -1) {
$sql = "DELETE FROM `storage` WHERE user_id = {$uid} AND goods_id = {$gid}";
// echo $sql."</br>";
mysqli_query($conn, $sql);
} else {
$goods_left = $count + $n;
$sql = "UPDATE `storage` SET goods_num={$goods_left} WHERE user_id = {$uid} AND goods_id = {$gid}";
// echo $sql."</br>";
mysqli_query($conn, $sql);
}
} else {
//no enough goods to sell
}
