PHP MySQL Negative Value (Balance) Issue

Question

I am developing a desktop software where it charge user per execution the main action. For example say it will charge user 0.1$ for per PDF print.

and my software provide multithreading. .

so, if it run single thread it works fine :)

but the problem is if user run multiple thread at one (say 10/20 threads)

it (php) also continues user to allow the server/execution even balance get below zero..

though my php script check whether balance is positive ..

but after user run multiple threads balance become like -5.95$ or -25.75$ etc

and that is a big security/financial issue..

here is the code I am using:

<?php

$strSQL = "Select * from users where Email = '$strUser'";
$return = mysql_query($strSQL, $strDBConn);
$strDBData = mysql_fetch_array($return, MYSQL_ASSOC);
//checking balance
$strBalance = $strDBData['Balance'];
if($strBalance < 0)
{
    // if balance 0 then exit so, my software/thread will not process further
    mysql_close($strDBConn);
    exit('Balance Exceed'); 
}

//rest of the codes that realted to service executaion

// code that substract the balnce
    $dblCost = 0.25;
    $strSQL = "Update users set Balance = Balance - '$dblCost' where Email = '$strUser'";
    $return = mysql_query($strSQL, $strDBConn);

//rest finising codes

?>

any help/suggestion would be highly appreciated..

thanks in advance. best regards

Start using SQL transactions. Read more here http://dev.mysql.com/doc/refman/5.0/en/commit.html — Bud Damyanov, Nov 04 '13 at 07:37
also... watch out for [sql injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) if you're concerned about security — gloomy.penguin, Nov 04 '13 at 07:38
Don't use the `mysql` extension for PHP anymore because it's deprecated and gets removed with one of the next PHP releases. Use `PDO` or `mysqli` instead. — TiMESPLiNTER, Nov 04 '13 at 07:43
@bodi0, sir, thanks for your fast reply, but i am not very good at mysql even in php. I mainly do desktop software developing and know php/mysql as far that is needed by my desktop software. Hope i am clear? so, would you please give me example code? — , Nov 04 '13 at 07:47
Check this http://www.php.net/manual/en/pdo.begintransaction.php, anyway YOU NEED TO UNDERSTAND THE PROCESS, before starting creating such applications, the first step is to LEARN and READ. — Bud Damyanov, Nov 04 '13 at 08:11

score 0 · Answer 1 · edited May 23 '17 at 11:57

I think, this is a quite similar question: What is equivalent of the C# lock statement in PHP?

First, try to switch away from the old "mysql" to somethin new, maybe some PDO like DB access ;). Then, for getting around with multi-thread in php, it can be a good idea, to write a file for every userid (!) and lock this file, when there's a request. When file is locked in another thread, wait for x seconds for the file to be unlocked by the locker-thread. If it is not unlocked within time, something went wrong. When in locked-thread all went good, unlock the file after every operation needed. Theoraticaly you will be good with then till there's a multi-thread soloution in PHP ;)

PHP MySQL Negative Value (Balance) Issue

1 Answers1