labs / tiddlers / content / labs / lab11 / _Labs_11_The Sale
@Mark George Mark George on 26 Sep 619 bytes Lab 11

The sale price that is being stored in the final sale that is added to the database is coming from the client side. Remember rule 11 --- don't trust the client. A sneaky user could edit the cart details in the web browser using the browser's developer tools and give themselves a discount.

Note that our system does not currently have features for properly dealing with sales and discounts. As such, our only option is to use the product's list price as the sale price.

Modify the code in the sale module so that it loads the correct list price from the database and inserts it into the sale price for each sale item.