Passing variables and session variables

chrima

Hi all,
I'm currently working on a shopping cart script that works just fine with register_globals
turned on but when turned off i get all kind of errors.
The following page displays a detail of the book with the "Add to cart" link at the bottom.

books.php

<html>
<head>
<title>Book Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<?PHP
$connection=mysql_connect("localhost","","") or die('Could not connect to the database server'); 
$db = mysql_select_db("shopcart", $connection) or die ("Unable to select database."); 
$sql= "SELECT 
books.book_name, 
books.book_author, 
books.book_type, 
books.book_list_price,
books.book_our_price,
books.book_pages,
books.book_edition,
books.rev_id,
books.book_pub,
books.book_isbn,
categories.cat_name
FROM 
books, categories 
WHERE 
books.book_isbn = '" . $_GET['book_isbn'] . "' AND books.cat_id=categories.cat_id"; 
$sql_result = mysql_query($sql,$connection) or die ("Could not select data"); 
while ($row = mysql_fetch_row($sql_result)) 
{ 
$book_name= $row[0];
$book_author= $row[1];
$book_type= $row[2]; 
$book_list_price= $row[3];
$book_our_price= $row[4];
$book_pages= $row[5];
$book_edition= $row[6];
$rev_id= $row[7];
$book_pub= $row[8];
$book_isbn=$row[9];
$cat_id= $row[10];
}
$yousave=$book_list_price - $book_our_price;
$percent=round(($yousave/$book_list_price)*100);
echo "<b>Book Name:</b> $book_name<br>";
echo "<b>Author:</b> $book_author<br>";
echo "
<b>List Price:</b> $$book_list_price<br>
<b>Our Price:</b> $$book_our_price<br>
<b>You Save:</b> $$yousave ($percent%)<br>";
echo "<b>Availability:</b>Usually ships within 24 hours.<BR>";
echo "<b>Category:</b> $cat_id<br>";
echo "<b>$book_type</b> - $book_pages pages $book_edition $book_pub; ISBN: $book_isbn<br><br>";
echo "<a href='addtocart.php?add_isbn=$book_isbn' >Add to cart</a>";
?>
</body>
</html>

When i click the add to cart link it goes to addtocart.php page but displays nothing.
This is my addtocart.php script:

<?
ob_start();

include ('functions.php');
session_start();
if(!empty($add_isbn))
{
if(!session_is_registered("cart"))
{
$cart=array();
session_register("cart");
$items=0;
session_register("items");
$total_price="0.00";
session_register("total_price");
}
if($cart[$add_isbn])
{
$cart[$add_isbn]++;

}else
{
$cart[$add_isbn]=1;
}
$total_price=calculate_price($cart);
$items=calculate_items($cart);
header ("Location: shoppingbasket.php"); 
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">

</body>
</html>
<?
ob_end_flush();
?>

How can i get it to pass the variables and session variable when register_globals in turned on?
I've also included the scripts that get called within addtocart.php
Sorry for the long post, hope somebody can help.

functions.php

<?
function calculate_price($cart)
{
$price=0.0;
if(is_array($cart))
{
$connection=mysql_connect("localhost","","") or die('Could not connect to the database server'); 
$db = mysql_select_db("shopcart", $connection) or die ("Unable to select database."); 
foreach($cart as $isbn => $qty)
{
$sql= "SELECT 
book_our_price
FROM 
books 
WHERE 
book_isbn='$isbn'"; 
$sql_result = mysql_query($sql,$connection) or die ("Could not select data"); 
while ($row = mysql_fetch_row($sql_result)) 
{ 
$book_our_price= $row[0];
}
$price += $book_our_price*$qty;
}
}
return $price;
}
function calculate_items($cart)
{
$items=0;
if(is_array($cart))
{
foreach($cart as $book_isbn => $qty)
{
$items += $qty;
} 
}
return $items;
}
?>

shoppingbasket.php

<?
ob_start();

include ('functions.php');
session_start();
$connection=mysql_connect("localhost","","") or die('Could not connect to the database server'); 
$db = mysql_select_db("shopcart", $connection) or die ("Unable to select database."); 
$i=0;
if(!session_is_registered("cart") OR count($cart)==0)
{
echo "<center>Your shopping cart is empty</center><BR>";
echo "<center>Return to the <a href='bookslist.php'>list of books</a>.</center><br>";
echo "$cart";
exit;
}elseif(session_is_registered("cart") AND count($cart)!=0)
{
echo "<form action='updatecart.php' method='post'>";
echo "<table width='100%' border='0'>";
echo "<tr><td align='right'></td></tr></table>";
echo "<table width='100%' border='5'>";
echo "<tr>";
?>
<td height='20' bgcolor='#99CCFF'><b>Shopping Cart Items</b></td>
<td bgcolor='#99CCFF'><b>Quantity</b></td>
<td></td></tr>
<?
foreach ($cart as $isbn => $qty)
{
$total_price=calculate_price($cart);
$items=calculate_items($cart);
$sql= "SELECT 
book_name, 
book_author, 
book_type, 
book_list_price,
book_our_price,
book_rating,
book_id,
book_isbn
FROM 
books 
WHERE 
book_isbn='$isbn'"; 
$sql_result = mysql_query($sql,$connection) or die ("Could not select data"); 
while ($row = mysql_fetch_row($sql_result)) 
{ 
$book_name= $row[0];
$book_author= $row[1];
$book_type= $row[2]; 
$book_list_price= $row[3];
$book_our_price= $row[4];
$book_rating= $row[5];
$book_id= $row[6];
$book_isbn= $row[7];
}
echo "<tr valign='top'>";
echo "<td width='64%'>";
echo "<b><a href='books.php?book_isbn=$book_isbn'>$book_name</a></b><br>";
echo "by $book_author ($book_type)<br>";
echo "Usually ships in 24 hours<br>";
echo "</td>";
echo "<td width='24%'><input type='text' name='quantity[$i]' size='8' value='$qty'>&nbsp;&nbsp;&nbsp;&nbsp;<b>Our Price: $$book_our_price</b></td>";
echo "<td width='7%'><a href='updatecart.php?action=delete&book_isbn=$book_isbn'>Delete</a></td>";
echo "</tr>";
echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>";
echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>";
$i += 1;
}
echo "<table width='100%' border='0'>";
echo "<td width='5%' align='right'></td>";
echo "<td width='64%' align='right'>If you changed any quantities, please press this button to </td>";
echo "<td width='5%'><input type='submit' name='Submit' value='Update'></td>";
echo "<td width='19%' align='left'>&nbsp;&nbsp;&nbsp;&nbsp;<b>Subtotal: $$total_price</b></td>";
echo "<td width='7%'></td>";
echo "</tr>";
echo "</table>";
echo "</table>";
echo "</form>";
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>&nbsp;</p>
<p>Return to the <a href="bookslist.php">list of books</a>.</p>
</body>
</html>
<?
ob_end_flush();
?>

Cheers,
chrima

jeremuck

This very issue is talked about all over the place.

If the information is being passed to you through GET,
use $GET['varname']
if POST
$POST['varname']
if it's a file,
$FILE['filevarname'['vars']
if it's a session,
$SESSION['varname']

It's all described in the manual, and maybe 25% of these posts.