am also working on a site that will handle real money. I was having a little hard time determining why the users don’t get their money back if the bet (a bets site) is cancelled

In the CancelBet stored procedure (T-SQL) :

..

UPDATE		Account

SET		Amount = Account.Amount + BB.Amount

FROM		BetBettings	BB

INNER JOIN	BetOutcomes	BO	ON	BB.BetOutcomesId = BO.BetsId

WHERE		BO.BetsId = @BetId

AND	        Account.UserId = BB.UserId

…

The bold-underlined text fragment should have been "BO.Id". A very small slip-up but enough to not trigger any automatic checking in Microsoft SQL Server Management Studio 2008 and enough to have the users cry out loud : “FRAUUUD”.

The site is not live yet, so no user has been hurt during the experiment. However anyone wouldn’t have believed me that this error in favor of the site was not intentional … they would have said something like “how convenient…”.