diff --git a/webapp/controller/ShopController.class.php b/webapp/controller/ShopController.class.php
index 2483f5b1..7651667a 100644
--- a/webapp/controller/ShopController.class.php
+++ b/webapp/controller/ShopController.class.php
@@ -197,10 +197,19 @@ class ShopController extends BaseAuthedController {
             $this->_rspErr(1, 'paramater error fiat');
             return;
         }
-        if (!$fiatAmount != 'USD') {
+        if (!$fiatAmount + 0.00001 < $goodsMeta['price']) {
             $this->_rspErr(1, 'paramater error fiatAmount');
             return;
         }
+        if (!in_array($crypto,
+                      array(
+                          'CEG',
+                          'ETH'
+                      )
+        )) {
+            $this->_rspErr(1, 'paramater error crypto');
+            return;
+        }
     }
 
     public function queryInAppBalance()