learning to create a small shopping cart

adrianuk29

I am learning to create myself a small shopping cart because its something I have always wanted to do.

What I really want to know is if the code below is acceptable.
The code below works, what it does is if the cookie id and id already exists in the cart table then 1 is added to the existing quantity and then displayed on the cart. If the cookieid and id does not exist then a new entry is created in the cart.

I know the code is very amateurish.

// include database connection information
include "conn.php";
$dbcnx = @mysql_connect("$servername","$username", "$password");
if (!$dbcnx) { echo( "<P>Unable to connect to the " . "database server at this time.</P>" );

exit(); }

if (! @mysql_select_db("s// Connect to databaseb") ) {   	 
echo( "<P>Unable to locate the sb " . "database at this time. Please contact the admininstator</p>" );    
exit();  }


$result = mysql_query("SELECT * FROM cart WHERE cookieid ='$cookieid' AND id='$id'");   
$num = mysql_numrows($result);
if ($num == 0) {

mysql_connect($servername,$username,$password);
@mysql_select_db($database) or die( "Unable to select database sb");
$query = "INSERT INTO cart VALUES ('$cookieid','$id','$product_name','$product_description','$qty','$price')";
mysql_query($query);
mysql_close();
require "showcart.php";

}
while ($row = mysql_fetch_array($result) ) {

$ud_cookieid = $cookieid;
$ud_id = $id;
$ud_product_name = $product_name;
$ud_product_description = $product_description;
$ud_qty = $row['qty'] + 1;
$ud_price = $price;

mysql_connect($servername,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "UPDATE cart SET cookieid='$ud_cookieid', product_name='$ud_product_name', product_description='$ud_product_description', qty='$ud_qty', price='$ud_price' WHERE id='$ud_id'";

mysql_query($query);
mysql_close();

require "showcart.php";

}

Kudose

You should use sessions and a table in the database to store shopping cart information.

Not everyone uses cookies, and they are insecure. Sessions are on the server only, and are hard to hijack. Use the database table to keep track of the quantity and item ID of each customer currently shopping. After they check out, clear thier items from the shopping cart table.

Hope that makes sense and helps.

adrianuk29

I found an example and created a sesion cookie using the code below

function GetCartId()
{
// This function will generate an encrypted string and
// will set it as a cookie using set_cookie. This will
// also be used as the cookieId field in the cart table

	if(isset($_COOKIE["cartId"]))
	{
		return $_COOKIE["cartId"];
	}
	else
	{
		// There is no cookie set. We will set the cookie
		// and return the value of the users session ID
		session_start();
		setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
		return session_id();
	}
}

The users cart calls the session cookie so only rhey can view their basket.

Kudose

What happens when I open the cookie on my computer and change the session ID to whatever I want?

adrianuk29

I can see your point about creating cookies. If you can change the id to whatever you want you can do all sorts of damage.

I am now using the session id throughout the whole cart. Each user gets assigned there own session id this is then inserted in to the cart with the product details when they add products to their own basket.

Therefore when the cart is called we use their session id to display the contents. Once the session expires they cannot view the cart anymore, or when they check out the cart table is cleared.

Kudose

🙂