labs / tiddlers / content / labs / lab13 / _Labs_13_The Sale
@Mark George Mark George on 11 Oct 2021 624 bytes Lab 13

The sale price that is being stored in the final sale that is added to the database is coming from the client side. Remember rule 11 -- don't trust the client. A sneaky user could edit the cart details in the web browser using the browser's developer tools and give themselves a large discount.

Note that our system does not currently have features for properly dealing with sales and discounts. As such, our only option is to use the product's list price as the sale price.

Modify the code in the sale module so that it loads the correct list price from the database and inserts it into the sale price for each sale item.