Using Sessions to add items to a cart
Question
I have been following a tutorial for a php shopping cart,
I have checked my code over and I am to the point where the add to cart button SHOULD be adding the products into the sidebar.
However, it appears to skip over my if statement and go straight to the else error message stating the product ID is invalid. I have checked that the SKU in the database match thought that are displayed in $id so i'm a little lost as to why this error persists?
PHP for Products:
<?php
session_start();
if (isset($_GET['action']) && $_GET['action'] == "add") {
$id = $_GET['id'];
if (isset($_SESSION['cart'][$id])) {
$_SESSION['cart'][$id]['quantity']++;
} else {
$sql2 = "SELECT * FROM products WHERE SKU=$id";
$query2 = mysql_query($sql2);
if(mysql_num_rows($query2) != 0){
$row2 = mysql_fetch_array($query2);
$_SESSION['cart'][$row2['SKU']] = array("quantity" => 1, "price" => $row2['price']);
} else {
$message = "This product ID is invalid";
}
}
}
?>
<h2 class="message"><?php if(isset($message)){echo $message;} ?></h2>
<h1>Product Page</h1>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Price</th>
<th>Action</th>
</tr>
<?php
$sql = "SELECT * FROM products ORDER BY SKU ASC";
$query = mysql_query($sql)or die(mysql_error());
while($row = mysql_fetch_assoc($query)){
?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['description']; ?></td>
<td><?php echo "£" . $row['price']; ?></td>
<td><a href="index.php?page=products&action=add&id=<?php echo $row['SKU']; ?>">Add to cart</a></td>
</tr>
<?php
}
?>
PHP for Index.php:
<?php
session_start();
require_once("connect.php");
if (isset($_GET['page'])) {
$pages = array("products","cart");
if (in_array($_GET['page'],$pages)) {
$page = $_GET['page'];
} else {
$page = "products";
}
} else {
$page = "products";
}
?>
<html>
<head>
<link rel="stylesheet" href="reset.css" />
<link rel="stylesheet" href="style.css" />
<title>Shopping Cart - WebThatWorks Ltd</title>
</head>
<body>
<div id="container">
<div id="main"><?php require($page. ".php"); ?></div>
<div id="sidebar">
<h1>Cart</h1>
<?php
if (isset($_SESSION['cart'])) {
$sql = "SELECT * FROM products WHERE SKU IN (";
foreach ($_SESSION['cart'] as $id => $value) {
$sql .=$id. ",";
}
$sql = substr($sql,0,-1) . ")ORDER BY SKU ASC";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)){
?>
<p><?php echo $row['name']; ?><?php echo $_SESSION['cart'][$row['SKU']]['quantity']; ?></p>
<a href="index.php?page=cart">Go To Cart</a>
<?php
}
} else {
echo "<p>Your Cart Is Empty. <br /> Please Add some products</a>";
}
?>
If you require me to post the structure of my database, I shall do so
1 answers
solution1
2 ACCPTED 2013-06-15 15:24:49
The problem is your SKU is a string and so it needs quotes in the query:
$sql2 = "SELECT * FROM products WHERE SKU='" . mysql_real_escape_string($id) . "'";
I also added the escape call to prevent SQL Injection, but for best security and other benefits, you should switch to a modern API such as PDO or MySQLi and use prepared statements.
You will also need to make sure the quotes are added to the IN query as well.
foreach ($_SESSION['cart'] as $id => $value) {
$sql .="'" . mysql_real_escape_string($id) . "',";
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.