PHP Code:
if(params[0] == "Buy"){
temp.rate = Stocks.stock_price.(@params[1]);
temp.amnt = params[2];
temp.price = amnt*rate;
if(clientr.stockcash >= price){
clientr.stockcash -= price;
clientr.stocks.(@int(random(1,9999999)))= {params[1], rate, amnt};
clientr.stockcash = clientr.stockcash.substring(0, clientr.stockcash.pos(".") + 3);
}
}
if(params[0] == "Sell"){
temp.rate = Stocks.stock_price.(@params[1]);
for(temp.i : getstringkeys("clientr.stocks.")){
temp.amnt = clientr.stocks.(@i)[2];
temp.price = amnt*rate;
temp.checkname = clientr.stocks.(@i)[0];
if(checkname == params[1]){
temp.checkrate = clientr.stocks.(@i)[1];
if(checkrate.pos(params[2]) >= 0){
temp.checkquantity = clientr.stocks.(@i)[2];
if(checkquantity == params[3]){;
if(clientr.stocks.(@i) == null) return;
clientr.stocks.(@i) = null;
clientr.stockcash += price;
return;
}
}
}
}
}
No validation? Huge security holes... What if params[1] or params[2] was negative?
clientr.stockcash -= -(price);
See where I'm going?
01-03-2013, 04:59 PM
Threaded Mode