MySQL and PHP Help?

birdbrain24 · Feb 21, 2008

Ok i have this script for a bank account system with intrest on my current project but when e intrest time is up an the user withdraws their cash the table showing that the time is up stayson the screen and it shows the message that tells them that they withdrew it is also echoed! I think it i because within the same script the mysql updates and then it tries to get the info again!

<?php
session_start();

$username = $_SESSION['username'];

$users_query = mysql_query("SELECT * FROM users WHERE username='$username'") or die(mysql_error());
$users = mysql_fetch_array($users_query);

$lasttime = $users['bank_time'] - time();;

$amount = $users['bank_amount']; 
$days = $users['bank_days']; 

  if($amount < 10000000):
  $rate = '2.15';
  elseif($amount < 25000000):
  $rate = '2.05';
  elseif($amount < 50000000):
  $rate = '1.90';
  elseif($amount < 100000000):
  $rate = '1.80';
  elseif($amount < 250000000):
  $rate = '1.65';
  elseif($amount < 500000000):
  $rate = '1.50';
  elseif($amount < 750000000):
  $rate = '1.35';
  elseif($amount <= 1000000000):
  $rate = '1.20';
  endif;

  $intrest = round( ( ($amount / 100) * ($rate) ) , 0);
  $return = round( ( ( ($amount / 100) * ($rate) ) * ($days) ) + ($amount) , 0);

  if(isset($_POST['deposit'])):

if(empty($_POST['deposit_amount'])):

echo '<b><font color="red">You must enter an amount!</font></b>';

elseif(!ereg('[0-9]', $_POST['deposit_amount'])):

echo '<b><font color="red">Invalid cash amount!</font></b>';

elseif($_POST['deposit_amount'] > 1000000000 || $_POST['deposit_amount'] < 100000):

echo '<b><font color="red">Enter an amount between $100,000 and $1,000,000,000!</font></b>';

elseif($_POST['deposit_amount'] > $users['cash']):

echo '<b><font color="red">You don\'t that amount of cash to deposit!</font></b>';

else:

$newcash = $users['cash'] - $_POST['deposit_amount'];
$newbank = $_POST['deposit_amount'];
$bankwait = time() + ($_POST['days']*86400);

mysql_query("UPDATE `users` SET `cash`='$newcash', `bank_amount`='$newbank', `bank_time`='$bankwait', `bank_days`='".$_POST['days']."' WHERE `username`='$username'");

echo '<meta http-equiv="refresh" content="0" url="index2.php?page=bank" />';

endif;

  endif;
/*
  this is what should be shown and it is but only this should be shown
*/  

  if(isset($_POST['withdraw'])):

if($lasttime > 0):
$newcash = $users['cash'] + $users['bank_amount'];

mysql_query("UPDATE `users` SET `cash`='".$newcash."', `bank_amount`='0', `bank_time`='0', `bank_days`='0' WHERE `username`='$username'"); ?>
<table width="400" border="1" cellpadding="0" cellspacing="0" class="normal">
  <tr class="header">
    <td align="center"><strong>Bank</strong></td>
  </tr>  

  <tr>
    <td align="center">You withdrew $<?php echo number_format($users['bank_amount']); ?> from your bank account and recieved no intrest because you withdrew it before
    <?php if($users['bank_days'] == 0): $echo = 'day'; else: $echo = 'days'; endif; echo $users['bank_days'].' '.$echo; ?> was up!</td>
  </tr>
</table>    

<?php
    else:

$newcash = $users['cash'] + $return;

mysql_query("UPDATE `users` SET `cash`='".$newcash."', `bank_amount`='0', `bank_time`='0', `bank_days`='0' WHERE `username`='$username'"); ?>
<table width="400" border="1" cellpadding="0" cellspacing="0" class="normal">
  <tr class="header">
    <td align="center"><strong>Bank</strong></td>
  </tr>  

  <tr>
    <td align="center">You withdrew $<?php echo number_format($return); ?> from your bank account and recieved <?php echo number_format($intrest); ?> intrest!</td>
  </tr>
</table>    

<?php
	endif;

  endif;

  if($users['bank_amount'] == 0): ?>
<form method="POST" action="index2.php?page=bank">
<table width="400" border="1" cellpadding="0" cellspacing="0" class="normal">
  <tr class="header">
    <td align="center" colspan="2"><strong>Bank</strong></td>
  </tr>  

  <tr>
    <td align="right" width="50%">Amount To Deposit :</td>
    <td align="left" width="50%"><input name="deposit_amount" type="text" value=""></td>
  </tr>
  <tr>
    <td align="right">Days :</td>
    <td align="left"><select name="days">
                     <option value="1">1</option>
                     <option value="2">2</option>
                     <option value="3">3</option>
                     <option value="4">4</option>
                     <option value="5">5</option>
                     <option value="6">6</option>
                     <option value="7">7</option>
                     </select></td>
  </tr>
  <tr>
    <td align="center" colspan="2"><input name="deposit" type="submit" value="Deposit"/></td>
  </tr> 
</table>
<?php
/*
  This is stiLL shown when you withdraw the cash and it should! 
*/
  elseif($usrs['bank_amount'] != 0):
  ?>
<form method="POST" action="index2.php?page=bank">
<table width="400" border="1" cellpadding="0" cellspacing="0" class="normal">
  <tr class="header">
    <td align="center" colspan="2"><strong>Bank</strong></td>
  </tr>  

  <tr>
    <td align="right" width="50%">Amount Deposited:</td>
    <td align="left" width="50%">$<?php echo number_format($users['bank_amount']); ?></td>
  </tr>
  <tr>
    <td align="right">Days Deposited For:</td>
    <td align="left"><?php echo number_format($users['bank_days']); ?></td>
  </tr>
  <tr>
    <td align="right">Time Left:</td>
    <td align="left"><?php if($lasttime > 0): echo time_format($lasttime); else: echo 'Time is up!'; endif; ?></td>
  </tr>
  <tr>
    <td align="right">Intrest Rate:</td>
    <td align="left"><?php echo $rate.'%'; ?></td>
  </tr>
  <tr>
    <td align="right">Amount After Intrest:</td>
    <td align="left"><?php echo '$'.number_format($return); ?></td>
  </tr>
<?php
  if($lasttime > 0):
  ?>
  <tr>
    <td align="center" colspan="2"><strong><font color="red">If you withdraw your cash now you will not get the intrest!</font></strong></td>
  </tr> 
<?php
  endif;
  ?>
  <tr>
    <td align="center" colspan="2"><input name="withdraw" type="submit" value="Withdraw"/></td>
  </tr> 
</table>
<?php
  endif;
  ?>
<br />
</form>

scross · Feb 21, 2008

I didn't have time to go through all your code, but I did notice a couple of things:

This line of code seems odd:

$lasttime = $users['bank_time'] - time();;

For a start, you've got two semi-colons at the end of the line which should create an error Secondly, you're taking the value of time() away from a stored time, so the only way this statement could be position is if the stored time >= the current time. By the looks of it you mean't to put it the other way round, which would give you the amount of time passed since the stored time value, rather than the amount of time until the stored time is reached. However, if my understanding if incorrect then ignore this

There are a number of instances where you're throwing external variables straight into a query without proper validation. The first example is right at the straight where you throw a session variable straight into the initial query which searches for the user's record. It might seem like the $_SESSION variable is safe, however you should never assume this and always use the mysql_real_escape_string() (or the relevant escaping function if you're not using the mysql driver) function to clean up any values you are using in a SQL statement.

Apart from that, I didn't notice anything dreadly wrong that might cause your error when I quickly scanned through it.

birdbrain24 · Feb 21, 2008

Thanks i will take what you said into account!

birdbrain24 · Feb 22, 2008

I figured it out myself i just set a variable equal 'no' and if the withdraw form is submitted it equals 'yes'. So then if the variable is equal to 'no' show the form else don't show it!

Thanks

bradgrafelman · Feb 22, 2008

Don't forget to mark this thread resolved.

scross · Feb 22, 2008

birdbrain24 wrote:
I figured it out myself i just set a variable equal 'no' and if the withdraw form is submitted it equals 'yes'. So then if the variable is equal to 'no' show the form else don't show it!

Thanks

That's great to hear

MySQL and PHP Help?

Bbirdbrain24

Sscross

Bbirdbrain24

Bbirdbrain24

Bbradgrafelman

Sscross