<?php /** * Created by PhpStorm. * User: Yu * Date: 2015/4/8 * Time: 14:42 */ require_once 'store.php'; $conn = dbConnect(); echo "User(id = 1) Storage left:" . get_user_storage_left($conn, 1); echo "</br>User(id = 1) Goods(id = 1) Count:" . get_user_goods_count($conn, 1, 1); echo "</br>User(id = 1) Goods(id = 2) Count:" . get_user_goods_count($conn, 1, 2);
} if (!empty($_COOKIE)) { $uid = $_COOKIE['uid']; } if (!empty($_GET)) { $gid = $_GET['gid']; $n = $_GET['n']; } //arguments identification if ($_GET && $gid && $n) { //PREVENT SQL INJECTION if (is_int((int) $uid) && is_int((int) $gid) && is_int((int) $n)) { $conn = dbConnect(); //selling if ($n < 0) { $count = get_user_goods_count($conn, $uid, $gid); //check whether the user has enough goods if ($count >= $n * -1) { if ($count == $n * -1) { $sql = "DELETE FROM `storage` WHERE user_id = {$uid} AND goods_id = {$gid}"; // echo $sql."</br>"; mysqli_query($conn, $sql); } else { $goods_left = $count + $n; $sql = "UPDATE `storage` SET goods_num={$goods_left} WHERE user_id = {$uid} AND goods_id = {$gid}"; // echo $sql."</br>"; mysqli_query($conn, $sql); } } else { //no enough goods to sell }