Ok so i have a text based game and we are having some problems with this.
Heres the basic idea of the code
<?
if($_POST['submit']){
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;
$error = "No";
if($username == $postedname){
echo"<div align='center'>You can not send money to your self!</div>";
$error = "Yes";
}
if($error == 'No'){
echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");
echo"
<form action='' mthod='POST'>
<table>
<tr>
<td colspan='2' align='center'>Money Transfer</td></tr>
<tr>
<td align='right'>Username</td>
<td align='center'><input type='text' name='postedname'></td>
</tr>
<tr>
<td align='right'>Amount</td>
<td align='center'><input type='text' name='amount'></td>
</tr>
<tr>
<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
</tr>
Thats the basics of it. Of course theres stuff stopping it from sending negative amounts and to fake accounts. But they can type there username with a space at the end and send money to there self and there money will double. I tried fixing it with the strip_tags thing, i tried adding the usernames to a database when they are first submited and then checking if the usernames are the same in the database but it still doesnt work.
