@Zecc said:
Don't forget that you could still have a division by 0 if $_REQUEST['list_price'][$key] == 0 :)
Anyway, I've corrected the code to, you know, something that actually makes sense.
Edit: also, it's not a cookie, but the value of an input field, named something like "discount_price[2]". And it is set by the user anyway (we're talking back-office here).
$_REQUEST includes Cookies, GETs, POSTS it depends on the ordering/setup in your php.ini as to what gets through in what order. No matter how you slice it, if you use $_REQUEST and don't validate where the data is coming from, the user can just submit whatever they please if they know the name of the key to name it (ie, if they can view source and just pull your JS submit code/form names).
And my code only results in division by zero because the original code has division by zero if there is a real float value for $value.
$discount = - 100 + ($value * 100) / $value;
This -100 + ($value/$value)*100
This is the same as -100 + ($value/$value)*100, which is the same as -100+100. That's 0.
To be honest, I can't figure out what it was even attempting to truly put in the $discount variable... the actual $ amount of the discount, the % of discount, or a 0 or 100 based on what the user inputs for [list_price]['key']?
It makes me cry. I'll go back to looking at code I get paid for, it hurts me less.