Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once'mysqlLogin.php';
- $connection=new mysqli($db_hostname, $db_username,$db_password,$db_database);
- if ($connection->connect_error) die($connection->connect_error);
- $accountNum=$_COOKIE['cookie_account'];
- $query="SELECT*FROM bank WHERE accountNum=$accountNum";
- $result=$connection->query($query);
- if (!$result) die ($connection->error);
- $display=$result->fetch_array(MYSQLI_ASSOC);
- //deposit
- if (isset($_POST['deposit'])){
- $deposit=sanitizeString($_POST['deposit']);
- if ($deposit<0){
- die("deposit can't be lower than 0");
- }
- $newMoney=$display['money']+$deposit;
- $query="BEGIN";
- $connection->query($query);
- $query="UPDATE bank SET money=$newMoney WHERE accountNum=$accountNum";
- $connection->query($query);
- $query="COMMIT";
- $connection->query($query);
- $_POST['deposit']=0; //if you deposited money and then refreshed it deposited it again
- $_POST['withdraw']=NULL;
- }
- if (isset($_POST['withdraw'])){
- $withdraw=sanitizeString($_POST['withdraw']);
- if ($withdraw<0){
- die("withdraw can't be lower than 0");
- }
- $newMoney=$display['money']-$withdraw;
- $query="BEGIN";
- $connection->query($query);
- $query="UPDATE bank SET money=$newMoney WHERE accountNum=$accountNum";
- $connection->query($query);
- $query="COMMIT";
- $connection->query($query);
- $_POST['withdraw']=0; //if you withdrew money and then refreshed it deposited it again
- $_POST['deposit']=NULL;
- }
- $query="SELECT*FROM bank WHERE accountNum=$accountNum";
- $result=$connection->query($query);
- if (!$result) die ($connection->error);
- $display=$result->fetch_array(MYSQLI_ASSOC);
- //display the name and everthing
- echo "Account Number: ".$display['accountNum']."<br>";
- echo "Name: ".$display['firstName']."<br>";
- echo "LastName: ".$display['lastName']."<br>";
- echo "Money: ".$display['money']."<br>";
- echo <<<_END
- <html>
- <bod>
- <form method="post" action="accountManagment.php">
- <br>
- Deposit:
- <input type="number" name="deposit" value="FALSE">
- <br>
- Withdraw:
- <input type="number" name="withdraw" value="FALSE">
- <br>
- <input type="submit" name"submit" value="submit">
- _END;
- $result->close();
- $connection->close();
- function sanitizeString($string)
- {//gets rid of some html signs
- return htmlentities(mysql_fix_string($string));
- }
- function mysql_fix_string($string)
- {
- if (get_magic_quotes_gpc()) $string = stripslashes($string);
- return $string;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement