There is a copyright Point of Sale software for pharmacies in PHP. To prevent the cashier from selling more than the quantity of the product in stock, I do this:

include('../connect.php'); $nl = $_POST['nall'] ; $a = $_POST['invoice']; $b = $_POST['product']; $c = $_POST['qty']; if($c > $nl) { echo "<div align='center'><font color='red' style='font:bold 22px 'Aleo';'>Внимание: Вы не сможете расходовать больше чем остаток. Сейчас будете перенаправлены' </font> </div><br> "; echo "<meta http-equiv=\"refresh\" content=\"3;url=" . $_SERVER['HTTP_REFERER'] . "\">"; exit; } ?>

As can be seen from the code, if the amount of the drug being sold (variable $ c) is MORE than the quantity in the warehouse (variable $ nl), then output an error. But if, for example, the amount of the drug in stock is 10 pcs. and the cashier is also going to sell 10 pcs., it still produces an error that you can not spend more than the remainder.

Question: How to write the condition correctly so that when the cashier is going to sell more, and not exactly - bring an error? I did it, and everything worked fine:

 $result = $db->prepare("SELECT * FROM products WHERE product_id= :userid"); $result->bindParam(':userid', $b); $result->execute(); for($i=0; $row = $result->fetch(); $i++){ $nall= $row['qty'] ; if ($nall<$c) { echo "<div align='center'><font color='red' style='font:bold 22px 'Aleo';'>Внимание: Вы не сможете расходовать больше чем остаток. Сейчас будете перенаправлены' </font> </div><br> "; echo "<meta http-equiv=\"refresh\" content=\"2;url=" . $_SERVER['HTTP_REFERER'] . "\">"; exit; }

    2 answers 2

    The data from the POST request, which is expected to be numbers, needs to be converted to int type, since the data will come with a string type

    • I did it, but in this situation the cashier can spend even more than the rest) - Alex Stassov
    • @AlexStassov who among the variables in question is a cashier? and who is then $ nl? - Alexey Shimansky
    • $ nl = stock balance $ c = amount the cashier wants to sell - Alex Stassov
    • @AlexStassov read the question: the продаваемое количество препарата (переменная $nl).... ........... ....чем количества остатка на складе (переменная $c) ........ ..he did not decide? - Alexey Shimansky
    • Corrected! I apologize for the carelessness. By the way, var_dump ($ _ POST ['qty'], $ _POST ['nall']); yields this string (2) "25" string (3) "210" - Alex Stassov

    The problem is that you always have to do parameter checks before using them. You should always keep track of your data types, this can be done in different ways, one of them is intval, although you can simply multiply the variables by one $_POST['nall']*1 . And the type of change.

     include('../connect.php'); $nl = intval($_POST['nall']) ; $a = $_POST['invoice']; $b = $_POST['product']; $c = intval($_POST['qty']); if($c > $nl) { echo "<div align='center'><font color='red' style='font:bold 22px 'Aleo';'>Внимание Вы не сможете расходовать больше чем остаток. Сейчас будете перенаправлены' </font> </div><br> "; echo "<meta http-equiv=\"refresh\" content=\"3;url=" . $_SERVER['HTTP_REFERER'] . "\">"; exit; } ?>

    And I can’t say about the remaining variables, I don’t know why you need them and what values ​​they have. intval makes explicit type conversion to int. Details can be found here.

    • But the php documentation is written because If you compare a number with a string or two strings containing numbers, each string will be converted to a number, and they will be compared as numbers. - Alex Stassov
    • @AlexStassov, you should never trust the data that came from outside. This is $ _SERVER, $ _GET, $ _POST, $ _FILES, $ _COOKIE, $ _REQUEST all data from the outside. - Visman
    • Thanks got it. But how can I be to solve this problem. Anyway, after turning the numbers into numbers, the problem remains the same (The rest of the variables are needed, I didn’t just bring the whole code - Alex Stassov
    • one
      before this line if($c > $nl) { output the data and see if it came normally or not? - Raz Galstyan