Prevent user from using more than the funds in his accoun

Question

mexabet 49 Good Learner

10 Years Ago

I'm trying to prevent the user from purchasing any share, if the cash in his/her account is less than the desired stock cost (price * shares). However, I'm getting the following error:

Warning: mysql_query() expects parameter 1 to be string, array given in /home/jharvard/vhosts/pset7/public/buy.php on line 39

Here is the script:

<?php

    // include configuration file
    require("../includes/config.php");

    // check if form is submitted
    if ($_SERVER["REQUEST_METHOD"] == "POST")
    {
        // check if symbol or share is empty
        if (empty($_POST["symbol"]) || empty($_POST["shares"]))
        {
            // display error message
            apologize("Symbol and Stock must not be empty.");
        }

        // check if symbol is valid
        if (lookup($_POST["symbol"]) === false)
        {
            // display error message
            apologize("Invalid stock symbol.");
        }

        // ensure that shares are only positive integers
        if (preg_match("/^\d+$/", $_POST["shares"]) == false)
        {
            // display error message
            apologize("Only a whole number is allowed.");
        }

        // set the transaction type to display in history
        $transaction = 'Bought';

        if ($stock = lookup($_POST["symbol"]))
        {
            // calculate total cost (ie shares * price)
            $cost = $_POST["shares"] * $stock["price"];

            $cash = query("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]);
            $viewchk = mysql_query($cash);
            $arrchk = $viewchk;

            if ($arrchk["cash"] < $cost)
            {
                // display error message
                apologize("You don't have enough funds to buy this share.");
            }
            // if user's cash >= cost of share, allow purchase
            else
            {
                // ensure symbols are saved in DB in uppercase
                $_POST["symbol"] = strtoupper($_POST["symbol"]);

                query("INSERT INTO portfolios (id, symbol, shares) VALUES (?, ?, ?)
                 ON DUPLICATE KEY UPDATE shares = shares + VALUES(shares)", $_SESSION["id"], $_POST["symbol"], $_POST["shares"]);

                query("UPDATE users SET cash = cash - ? WHERE id = ?", $cost, $_SESSION["id"]);

                query("INSERT INTO history (id, transaction, symbol, shares, price) VALUES (?, ?, ?, ?, ?)", $_SESSION["id"], $transaction, $_POST["symbol"], $_POST["shares"], $stock["price"]);

                // redirect to homepage
                redirect("/");
            }
        }
    }
    else
    {
        render("buy_form.php", ["title" => "Buy Stock"]);
    }

?>

finance mysql php

Edited 10 Years Ago by mexabet because: made changes to title

2 Contributors
1 Reply
319 Views
1 Hour Discussion Span
Latest Post 10 Years Ago Latest Post by Adrian_5

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Adrian_5 1 Light Poster · Answer 1 · 2014-06-10T07:13:53+00:00

Could you do a var_dump on $_SESSION['id']? My guess is that it is an array.