DaniWeb IT Discussion Community - View Single Post

Shopping cart

Jan 11th, 2009

Hey all..
Im in desperate need to solve my shopping cart problem.
Im doing it for a school project.
The situation is my products are listed in a table.
Users will select which product they want by selecting the add to cart link.
Once they select it, the product information are sent to the cart table.
This is my current codes which I have taken reference to from a website.

Cart.php

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
  <?php
     $booksid = $_GET[booksid];     //the product id from the URL
     $action  = $_GET[action]; //the action from the URL
 
     //if there is an product_id and that product_id doesn't exist     display an error message
     if($booksid && !productExists($booksid)) {
         die("Error. Product Doesn't Exist");
     }
 
     switch($action) {    //decide what to do    
 
         case "add":
             $_SESSION['cart'][$booksid]++; //add one to the quantity of the product with id $product_id
         break;
 
         case "remove":
             $_SESSION['cart'][$booksid]--; //remove one from the quantity of the product with id $product_id
             if($_SESSION['cart'][$booksid] == 0) unset($_SESSION['cart'][$booksid]); //if the quantity is zero, remove it completely (using the 'unset' function) - otherwise is will show zero, then -1, -2 etc when the user keeps removing items.
         break;
 
         case "empty":
             unset($_SESSION['cart']); //unset the whole cart, i.e. empty the cart.
         break;
 
     }
	      if($_SESSION['cart']) {    //if the cart isn't empty
         //show the cart
 
         echo "<table border=\"1\" padding=\"3\" width=\"40%\">";    //format the cart using a HTML table
 
             //iterate through the cart, the $product_id is the key and $quantity is the value
             foreach($_SESSION['cart'] as $booksid => $quantity) {    
 
                 //get the name, description and price from the database - this will depend on your database implementation.
                 //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
                 $sql = sprintf("SELECT title, author, price, category FROM books WHERE booksid = %d;",
                                 $booksid);
 
                 $result = mysql_query($sql);
 
				 //insert books value into cart
				$sql = "INSERT INTO cart (cartid, cartqty, cartsessionid,)
              	VALUES ($cartid, 1, 1)";
      			$result = dbQuery($sql);
 
                 //Only display the row if there is a product (though there should always be as we have already checked)
                 if(mysql_num_rows($result) > 0) {
 
                     list($title, $author, $price, $category) = mysql_fetch_row($result);
 
                     $line_cost = $price * $quantity;        //work out the line cost
                     $total = $total + $line_cost;            //add to the total cost
 
                     echo "<tr>";
                         //show this information in table cells
                         echo "<td align=\"center\">$title</td>";
                         //along with a 'remove' link next to the quantity - which links to this page, but with an action of remove, and the id of the current product
                         echo "<td align=\"center\">$quantity <a href=\"$_SERVER[PHP_SELF]?action=remove&id=$booksid\">X</a></td>";
                         echo "<td align=\"center\">$line_cost</td>";
 
                     echo "</tr>";
 
                 }
 
             }
 
             //show the total
             echo "<tr>";
                 echo "<td colspan=\"2\" align=\"right\">Total</td>";
                 echo "<td align=\"right\">$total</td>";
             echo "</tr>";
 
             //show the empty cart link - which links to this page, but with an action of empty. A simple bit of javascript in the onlick event of the link asks the user for confirmation
             echo "<tr>";
                 echo "<td colspan=\"3\" align=\"right\"><a href=\"$_SERVER[PHP_SELF]?action=empty\" onclick=\"return confirm('Are you sure?');\">Empty Cart</a></td>";
             echo "</tr>";        
         echo "</table>";
 
 
 
     }else{
         //otherwise tell the user they have no items in their cart
         echo "You have no items in your shopping cart.";
 
     }    
 
	 function productExists($booksid) {
             //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
             $sql = sprintf("SELECT * FROM books WHERE booksid = %d;",
                             $booksid);
 
             return mysql_num_rows(mysql_query($sql)) > 0;
     }
 
 
	 ?>
  <?php
     $booksid = $_GET[booksid];     //the product id from the URL
     $action  = $_GET[action]; //the action from the URL

     //if there is an product_id and that product_id doesn't exist     display an error message
     if($booksid && !productExists($booksid)) {
         die("Error. Product Doesn't Exist");
     }

     switch($action) {    //decide what to do    
    
         case "add":
             $_SESSION['cart'][$booksid]++; //add one to the quantity of the product with id $product_id
         break;
        
         case "remove":
             $_SESSION['cart'][$booksid]--; //remove one from the quantity of the product with id $product_id
             if($_SESSION['cart'][$booksid] == 0) unset($_SESSION['cart'][$booksid]); //if the quantity is zero, remove it completely (using the 'unset' function) - otherwise is will show zero, then -1, -2 etc when the user keeps removing items.
         break;
        
         case "empty":
             unset($_SESSION['cart']); //unset the whole cart, i.e. empty the cart.
         break;
    
     }
	      if($_SESSION['cart']) {    //if the cart isn't empty
         //show the cart
        
         echo "<table border=\"1\" padding=\"3\" width=\"40%\">";    //format the cart using a HTML table
        
             //iterate through the cart, the $product_id is the key and $quantity is the value
             foreach($_SESSION['cart'] as $booksid => $quantity) {    
                
                 //get the name, description and price from the database - this will depend on your database implementation.
                 //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
                 $sql = sprintf("SELECT title, author, price, category FROM books WHERE booksid = %d;",
                                 $booksid);
                    
                 $result = mysql_query($sql);
				 
				 //insert books value into cart
				$sql = "INSERT INTO cart (cartid, cartqty, cartsessionid,)
              	VALUES ($cartid, 1, 1)";
      			$result = dbQuery($sql);
				                     
                 //Only display the row if there is a product (though there should always be as we have already checked)
                 if(mysql_num_rows($result) > 0) {
                
                     list($title, $author, $price, $category) = mysql_fetch_row($result);
                
                     $line_cost = $price * $quantity;        //work out the line cost
                     $total = $total + $line_cost;            //add to the total cost
                
                     echo "<tr>";
                         //show this information in table cells
                         echo "<td align=\"center\">$title</td>";
                         //along with a 'remove' link next to the quantity - which links to this page, but with an action of remove, and the id of the current product
                         echo "<td align=\"center\">$quantity <a href=\"$_SERVER[PHP_SELF]?action=remove&id=$booksid\">X</a></td>";
                         echo "<td align=\"center\">$line_cost</td>";
                    
                     echo "</tr>";
                    
                 }
            
             }
            
             //show the total
             echo "<tr>";
                 echo "<td colspan=\"2\" align=\"right\">Total</td>";
                 echo "<td align=\"right\">$total</td>";
             echo "</tr>";
            
             //show the empty cart link - which links to this page, but with an action of empty. A simple bit of javascript in the onlick event of the link asks the user for confirmation
             echo "<tr>";
                 echo "<td colspan=\"3\" align=\"right\"><a href=\"$_SERVER[PHP_SELF]?action=empty\" onclick=\"return confirm('Are you sure?');\">Empty Cart</a></td>";
             echo "</tr>";        
         echo "</table>";
        
        
    
     }else{
         //otherwise tell the user they have no items in their cart
         echo "You have no items in your shopping cart.";
        
     }    
	 
	 function productExists($booksid) {
             //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
             $sql = sprintf("SELECT * FROM books WHERE booksid = %d;",
                             $booksid);
                
             return mysql_num_rows(mysql_query($sql)) > 0;
     }
	 
 
	 ?>

Products.php

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php require_once('../Connections/myDatabase.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
 
mysql_select_db($database_myDatabase, $myDatabase);
$query_title = "SELECT * FROM books WHERE books.booksid = 1";
$title = mysql_query($query_title, $myDatabase) or die(mysql_error());
$row_title = mysql_fetch_assoc($title);
$totalRows_title = mysql_num_rows($title);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
 
<body>
<table border="1">
 
	<tr>
	  <td>&nbsp;</td>
	  <td>Title</td>
	  <td>Author</td>
	  <td>Price</td>
	  <td>Category</td>
	  <td>&nbsp;</td>
  </tr>
	<tr>
	  <td><?php echo $row_title['booksid']; ?></td>
      <td><?php echo $row_title['title']; ?></td>
	  <td><?php echo $row_title['author']; ?></td>
      <td><?php echo $row_title['price']; ?></td>
      <td><?php echo $row_title['category']; ?></td>
  <td><a href="Cart.php?action=add&id=1">Add To Cart</a></td></tr></table>
 
 
<a href="Cart.php">View Cart</a>
 
</body>
</html>
<?php
mysql_free_result($title);
?>
<?php require_once('../Connections/myDatabase.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_myDatabase, $myDatabase);
$query_title = "SELECT * FROM books WHERE books.booksid = 1";
$title = mysql_query($query_title, $myDatabase) or die(mysql_error());
$row_title = mysql_fetch_assoc($title);
$totalRows_title = mysql_num_rows($title);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<table border="1">

	<tr>
	  <td>&nbsp;</td>
	  <td>Title</td>
	  <td>Author</td>
	  <td>Price</td>
	  <td>Category</td>
	  <td>&nbsp;</td>
  </tr>
	<tr>
	  <td><?php echo $row_title['booksid']; ?></td>
      <td><?php echo $row_title['title']; ?></td>
	  <td><?php echo $row_title['author']; ?></td>
      <td><?php echo $row_title['price']; ?></td>
      <td><?php echo $row_title['category']; ?></td>
  <td><a href="Cart.php?action=add&id=1">Add To Cart</a></td></tr></table>


<a href="Cart.php">View Cart</a>

</body>
</html>
<?php
mysql_free_result($title);
?>

Cart table
cartid
cartqty
cartsessionid

Products table
booksid
title
author
price
category

Any help is much appreciated!

Last edited by peter_budo; Jan 11th, 2009 at 2:28 pm. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.