Hey all..
Im in desperate need to solve my shopping cart problem.
Im doing it for a school project.
The situation is my products are listed in a table.
Users will select which product they want by selecting the add to cart link.
Once they select it, the product information are sent to the cart table.
This is my current codes which I have taken reference to from a website.
Cart.php
<?php
$booksid = $_GET[booksid]; //the product id from the URL
$action = $_GET[action]; //the action from the URL
//if there is an product_id and that product_id doesn't exist display an error message
if($booksid && !productExists($booksid)) {
die("Error. Product Doesn't Exist");
}
switch($action) { //decide what to do
case "add":
$_SESSION['cart'][$booksid]++; //add one to the quantity of the product with id $product_id
break;
case "remove":
$_SESSION['cart'][$booksid]--; //remove one from the quantity of the product with id $product_id
if($_SESSION['cart'][$booksid] == 0) unset($_SESSION['cart'][$booksid]); //if the quantity is zero, remove it completely (using the 'unset' function) - otherwise is will show zero, then -1, -2 etc when the user keeps removing items.
break;
case "empty":
unset($_SESSION['cart']); //unset the whole cart, i.e. empty the cart.
break;
}
if($_SESSION['cart']) { //if the cart isn't empty
//show the cart
echo "<table border=\"1\" padding=\"3\" width=\"40%\">"; //format the cart using a HTML table
//iterate through the cart, the $product_id is the key and $quantity is the value
foreach($_SESSION['cart'] as $booksid => $quantity) {
//get the name, description and price from the database - this will depend on your database implementation.
//use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
$sql = sprintf("SELECT title, author, price, category FROM books WHERE booksid = %d;",
$booksid);
$result = mysql_query($sql);
//insert books value into cart
$sql = "INSERT INTO cart (cartid, cartqty, cartsessionid,)
VALUES ($cartid, 1, 1)";
$result = dbQuery($sql);
//Only display the row if there is a product (though there should always be as we have already checked)
if(mysql_num_rows($result) > 0) {
list($title, $author, $price, $category) = mysql_fetch_row($result);
$line_cost = $price * $quantity; //work out the line cost
$total = $total + $line_cost; //add to the total cost
echo "<tr>";
//show this information in table cells
echo "<td align=\"center\">$title</td>";
//along with a 'remove' link next to the quantity - which links to this page, but with an action of remove, and the id of the current product
echo "<td align=\"center\">$quantity <a href=\"$_SERVER[PHP_SELF]?action=remove&id=$booksid\">X</a></td>";
echo "<td align=\"center\">$line_cost</td>";
echo "</tr>";
}
}
//show the total
echo "<tr>";
echo "<td colspan=\"2\" align=\"right\">Total</td>";
echo "<td align=\"right\">$total</td>";
echo "</tr>";
//show the empty cart link - which links to this page, but with an action of empty. A simple bit of javascript in the onlick event of the link asks the user for confirmation
echo "<tr>";
echo "<td colspan=\"3\" align=\"right\"><a href=\"$_SERVER[PHP_SELF]?action=empty\" onclick=\"return confirm('Are you sure?');\">Empty Cart</a></td>";
echo "</tr>";
echo "</table>";
}else{
//otherwise tell the user they have no items in their cart
echo "You have no items in your shopping cart.";
}
function productExists($booksid) {
//use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
$sql = sprintf("SELECT * FROM books WHERE booksid = %d;",
$booksid);
return mysql_num_rows(mysql_query($sql)) > 0;
}
?>
Products.php
<?php require_once('../Connections/myDatabase.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_myDatabase, $myDatabase);
$query_title = "SELECT * FROM books WHERE books.booksid = 1";
$title = mysql_query($query_title, $myDatabase) or die(mysql_error());
$row_title = mysql_fetch_assoc($title);
$totalRows_title = mysql_num_rows($title);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<table border="1">
<tr>
<td> </td>
<td>Title</td>
<td>Author</td>
<td>Price</td>
<td>Category</td>
<td> </td>
</tr>
<tr>
<td><?php echo $row_title['booksid']; ?></td>
<td><?php echo $row_title['title']; ?></td>
<td><?php echo $row_title['author']; ?></td>
<td><?php echo $row_title['price']; ?></td>
<td><?php echo $row_title['category']; ?></td>
<td><a href="Cart.php?action=add&id=1">Add To Cart</a></td></tr></table>
<a href="Cart.php">View Cart</a>
</body>
</html>
<?php
mysql_free_result($title);
?>
Cart table
cartid
cartqty
cartsessionid
Products table
booksid
title
author
price
category
Any help is much appreciated!
Unsolved 
