0

Hi all, i decided to try and make a php shopping cart with sessions and manged to do so with the help of online turorials and references. However, i decided to try and pass over multiple items form a table, but i must have gone wrong somewhere, as some of them work and others don't! The ones that work display the cart, quantity and price, the others display a blank screen with no error messages

I pass over the id's using the following code;

<td>$row[product_1_name]</td>
      <td><a href='cart.php?action=add&amp;id=".$row['id1']."'>BUY</a></td>
      <td>$row[product_2_name]</td>
      <td><a href='cart.php?action=add&amp;id=".$row['id2']."'>BUY</a></td>

My cart code then GETs the id's using;

$product_id = $_GET[id]; 
         $product_id = mysql_real_escape_string($product_id);
	$action 	= $_GET[action];  
	$action = mysql_real_escape_string($action);

Is this correct? This is my first attempt at security issues.

To display the contents i am using the following query;

$query = sprintf("SELECT * FROM products_table WHERE product_number = '%s';",$product_id);  
					
	$result = mysql_query($query)or die(mysql_error());
	$num = mysql_num_rows($result); //number of messages

Is this the best way to do this sort of thing? Any help or advice would be greatly appreciated. I can also provide the full code on request.

Edited by jpknoob: n/a

2
Contributors
2
Replies
5
Views
6 Years
Discussion Span
Last Post by jpknoob
0

Load you page via the browser. Now look at the browser's source code. Are you seeing all the expected item ids? How are you sending/printing your first block of code. It looks incomplete, so I am wondering if you are using an echo (or print) WITH double quote delimiters.

0

I'm such an idiot, my tables had '&' in it and i forgot to change them to 'and'. So sorry for wasting time.

Thanks for the reply tho :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.