Your IP : 216.73.216.26
<?php
session_start();
include('../connection.php');
include '../function_lib.php';
$uid = 100;
if(isset($_POST['amount']) && isset($_POST['uid'])){
$login_id = $_POST['uid'];
$amount = $_POST['amount'];
//$row = mysqli_fetch_object(mysqli_query($connection, "SELECT uid, email, mobile, wallet_fund as wallet FROM user WHERE uid='$uid'"));
$result = mysqli_query($connection, "SELECT uid, email, mobile, wallet_fund as wallet FROM user WHERE login_id='$login_id'");
$to_uid_num_rows = mysqli_num_rows($result);
if($to_uid_num_rows==1){
$to_row = mysqli_fetch_object($result);
}
if($to_uid_num_rows!=1 || $to_row->uid == $uid){
setMessage('Invalid user id.', 'alert-msg error');
redirect('./fund_transfer.php');
die();
}
// elseif($to_row->email != $row->email || $to_row->mobile != $row->mobile){
// setMessage('Mobile and email does not match.', 'alert-msg error');
// redirect('./fund_transfer.php');
// die();
// }
else{
$to_uid = $to_row->uid;
//mysqli_query($connection, "UPDATE user SET wallet_fund = wallet_fund - '$amount' WHERE uid='".$uid."'");
mysqli_query($connection, "UPDATE user SET wallet_fund = wallet_fund + '$amount' WHERE uid='".$to_uid."'");
mysqli_query($connection, "INSERT INTO `fund_transfer` (`uid`, `from_uid`, `amount`, `datetime`) VALUES ('".$to_uid."','$uid','".$amount."','".date('Y-m-d H:i:s')."')");
setMessage('Fund transfer successfully.', 'alert-msg success');
redirect('./fund_transfer.php');
}
}
else{
redirect('./fund_transfer.php');
}
?>