Hi all, i decided to try and make a php shopping cart with sessions and manged to do so with the help of online turorials and references. However, i decided to try and pass over multiple items form a table, but i must have gone wrong somewhere, as some of them work and others don't! The ones that work display the cart, quantity and price, the others display a blank screen with no error messages

I pass over the id's using the following code;

      <td><a href='cart.php?action=add&amp;id=".$row['id1']."'>BUY</a></td>
      <td><a href='cart.php?action=add&amp;id=".$row['id2']."'>BUY</a></td>

My cart code then GETs the id's using;

$product_id = $_GET[id]; 
         $product_id = mysql_real_escape_string($product_id);
	$action 	= $_GET[action];  
	$action = mysql_real_escape_string($action);

Is this correct? This is my first attempt at security issues.

To display the contents i am using the following query;

$query = sprintf("SELECT * FROM products_table WHERE product_number = '%s';",$product_id);  
	$result = mysql_query($query)or die(mysql_error());
	$num = mysql_num_rows($result); //number of messages

Is this the best way to do this sort of thing? Any help or advice would be greatly appreciated. I can also provide the full code on request.

Edited by jpknoob: n/a

7 Years
Discussion Span
Last Post by jpknoob

Load you page via the browser. Now look at the browser's source code. Are you seeing all the expected item ids? How are you sending/printing your first block of code. It looks incomplete, so I am wondering if you are using an echo (or print) WITH double quote delimiters.


I'm such an idiot, my tables had '&' in it and i forgot to change them to 'and'. So sorry for wasting time.

Thanks for the reply tho :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.