35 lines
963 B
PHP
35 lines
963 B
PHP
<?php
|
|
include "../../ConnectDB.php";
|
|
session_start();
|
|
$username = mysqli_real_escape_string($conn, $_SESSION['username']);
|
|
$usertype = mysqli_real_escape_string($conn, $_SESSION['user_type']);
|
|
|
|
if (isset($_GET["name"])) {
|
|
$name = $_GET["name"];
|
|
$sql_quant = "SELECT $name FROM $usertype WHERE name='$username'";
|
|
$res = mysqli_query($conn, $sql_quant);
|
|
|
|
if ($res) {
|
|
$num = mysqli_fetch_array($res);
|
|
|
|
if ($num[$name] > 1) {
|
|
$add = "UPDATE $usertype SET `$name` = `$name` - 1 WHERE name='$username'";
|
|
$res = mysqli_query($conn, $add);
|
|
}
|
|
else {
|
|
echo "<script type='text/javascript'>
|
|
alert('You cannot buy for nothing!');
|
|
</script>";
|
|
}
|
|
}
|
|
else {
|
|
// Handle the SQL query error
|
|
echo "Error: " . mysqli_error($conn);
|
|
}
|
|
}
|
|
|
|
echo "<script type='text/javascript'>
|
|
window.location.href = '../checkup.php';
|
|
</script>";
|
|
?>
|