shopping cart script help

[vineet]

Hi all

I am working on a shopping cart module. At present i have a script that add a product in cart and if its already in the cart then it updates the quantity.

This works for the single visitor to the website. But if there are multiple visitors or users at the same time then it will mess up the cart contents with others.

what should i add in my script.

This is my shopping cart script

Code:

<?php 
require_once("config.php"); 

$_SESSION['product_id']=$_REQUEST['product_id']; 
$id=$_SESSION['product_id'];
$id=$_REQUEST['id'];
echo $id;

$qry="SELECT * FROM product_table WHERE product_id=$id";
$result=mysql_query($qry)or die (mysql_error()); 
$row=mysql_fetch_array($result);

$pid=$id;
$image=$row['image'];
$product_name=$row['product_name'];
$price=$row['price'];
$shipping_cost=$row['shipping_cost'];
$total_cost=$row['price']+$row['shipping_cost'];

$qry="SELECT product_id from cart_table where product_id=$id";
$result=mysql_query($qry)or die (mysql_error()); 
$row=mysql_fetch_array($result);

if($id != $row['product_id'])
{
$qry="INSERT INTO cart_table(product_id,image,product_name,price,quantity,shipping_cost,total_cost) 
 VALUES($id,'$image', '$product_name', $price, 1, $shipping_cost, $total_cost)";
$result=mysql_query($qry)or die(mysql_error());
}
else
{
$qry="UPDATE cart_table SET product_id=$pid,image='$image',product_name='$product_name',price=$price,quantity=quantity+1,shipping_cost=$shipping_cost,total_cost=$total_cost where product_id=$id"; 
$result=mysql_query($qry)or die(mysql_error());
}
?>

vineet

[BabblingIdjit]

You are going to need a unique identifier in your table to identify the visitor.

You could generate a unique value and store it in $_SESSION, then use this value to locate the correct record in your db.

You are probably going to want a db field to identify which carts were actually "checked out" (some visitors may start a cart but never checkout). And you may want another db field to indicate which carts were checked-out successfully (some visitors payment method may fail).

Alternatively, you could simply store the item id and quantity in $_SESSION and insert the records into your db at check-out time.

BTW:

1. I'm assuming this block of code was for testing, as it doesn't actually do anything:

Code:

$_SESSION['product_id']=$_REQUEST['product_id']; 
$id=$_SESSION['product_id'];
$id=$_REQUEST['id'];
echo $id;

2. Personally, I would use $_POST or $_GET as opposed to $_REQUEST. I prefer to know where my input is coming from.
3. You really should sanitize all input (ie: $id) BEFORE using it in your SQL.
4. You have no error recovery logic in your code. For example, if I submit a product id of 34567515747654879 and you don't have one in your database, this code:

Code:

$qry="SELECT * FROM product_table WHERE product_id=$id";
$result=mysql_query($qry)or die (mysql_error()); 
$row=mysql_fetch_array($result);

will not return an error, but it won't return a row either. So the rest of your code blindly assumes that a row was returned - in other words it will choke.

[npsari]

What if you use the users IPs

I dont think there will a time where two same ips will be adding to cart

use this to get IPs

Code:

$IP=GetHostByName($REMOTE_ADDR);

[besart]

hi. is there any chance that u have an php shopping cart? if so could u send it to besartk@hotmail.co.uk
cheers