Trouble with rejiggered cart program

General PHP Help
#1

I am trying to use some code I adapted some time ago. It is from some shopping cart code. The original program had a function called GetCartId() that set a cookie while someone was “shopping” on the products page.

I am trying to adapt it to “call” the information from the mySQL tables and allow some of the same, original, shopping cart functions of removing items from the cart and updating the quantities for a given line item.

For this adaptation, the original cartId for an order is put in a form and all entries for the matching cartID are shown. However, when you try to update or remove an item from the order, the process fails. So the ShowOrder() function in the below code works correctly, however, RemoveItem() and UpdateItem(), whcih then calls the same file again (just like the original cart code), does not work correctly. I have tried using sessions and setting new cookies to no avail.

I cannot figure out what is wrong. I know it is probably stupid but I have looked and looked with no luck. I would take some troubleshooting advice as well. Thanks.

Here is the code showing the working ShowOrder() and the ones that fail (many of the $ variable values come from the dp.php file):

<?php session_start(); include("db.php"); $cookie = $_GET["cookie"]; $_SESSION['cookie'] = $cookie; $action = ''; if (isset($_GET['action'])) $action = $_GET['action']; switch($action) { case "add_item": { AddItem($_GET["id"], $_GET["qty"]); ShowOrder(); break; } case "update_item": { UpdateItem($_GET["id"], $_GET["qty"]); ShowOrder(); break; } case "remove_item": { RemoveItem($_GET["id"]); ShowOrder(); break; } default: { ShowOrder(); } } function AddItem($itemId, $qty) { // Will check whether or not this item // already exists in the cart table. // If it does, the UpdateItem function // will be called instead global $dbServer, $dbUser, $dbPass, $dbName; global $itemtable, $carttable; // Get a connection to the database $cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName); // Check if this item already exists in the users cart $result = mysqli_query($cxn, "select count(*) from $carttable where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId"); $row = mysqli_fetch_row($result); $numRows = $row[0]; if($numRows == 0) { // This item doesn't exist in the users cart, // we will it with an insert query @mysqli_query($cxn, "insert into $carttable(cookieId, itemId, qty) values('" . $GLOBALS['cookie'] . "', $itemId, $qty)"); } else { // This item already exists in the users cart, // we will update it instead UpdateItem($itemId, $qty); } } function UpdateItem($itemId, $qty) { // Updates the quantity of an item in the users cart. // If the qutnaity is zero, then RemoveItem will be // called instead global $dbServer, $dbUser, $dbPass, $dbName; global $itemtable, $carttable; // Get a connection to the database $cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName); if($qty == 0) { // Remove the item from the users cart RemoveItem($itemId); } else { mysqli_query($cxn, "update $carttable set qty = $qty where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId"); } } function RemoveItem($itemId) { // Uses an SQL delete statement to remove an item from // the users cart global $dbServer, $dbUser, $dbPass, $dbName; global $carttable, $itemtable; // Get a connection to the database $cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName); mysqli_query($cxn, "delete from $carttable where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId"); } function ShowOrder() { // Gets each item from the cart table and display them in // a tabulated format, as well as a final for the cart global $dbServer, $dbUser, $dbPass, $dbName; global $carttable, $itemtable, $cartheader, $carttitle, $headercolor; global $contshop, $shoppay, $removeitem, $carttottext; // Get a connection to the database $cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName); $result = mysqli_query($cxn, "select * from $carttable inner join $itemtable on $carttable.itemId = $itemtable.itemId where $carttable.cookieId = '" . $GLOBALS['cookie'] . "' order by $itemtable.itemId asc"); if (!$result){ echo("Error description: " . mysqli_error($cxn)); } ?>
#2

Please edit your post above and add bbcode code tags around the code so that it is not mangled by the forum software.

#3

Repost, with the BBcode for the program code:

I am trying to use some code I adapted some time ago. It is from some shopping cart code. The original program had a function called GetCartId() that set a cookie while someone was “shopping” on the products page.

I am trying to adapt it to “call” the information from the mySQL tables and allow some of the same, original, shopping cart functions of removing items from the cart and updating the quantities for a given line item.

For this adaptation, the original cartId for an order is put in a form and all entries for the matching cartID are shown. However, when you try to update or remove an item from the order, the process fails. So the ShowOrder() function in the below code works correctly, however, RemoveItem() and UpdateItem(), whcih then calls the same file again (just like the original cart code), does not work correctly. I have tried using sessions and setting new cookies to no avail.

I cannot figure out what is wrong. I know it is probably stupid but I have looked and looked with no luck. I would take some troubleshooting advice as well. Thanks.

Here is the code showing the full working ShowOrder() and the ones that fail (many of the $ variable values come from the dp.php file):

<?php
session_start();

include("db.php");

$cookie = $_GET["cookie"];

$_SESSION['cookie'] = $cookie;

$action = '';
if (isset($_GET['action'])) $action = $_GET['action'];
switch($action)
{		
case "add_item":
{
AddItem($_GET["id"], $_GET["qty"]);
ShowOrder();
break;
}
		
case "update_item":
{
UpdateItem($_GET["id"], $_GET["qty"]);
ShowOrder();
break;
}
case "remove_item":
{
RemoveItem($_GET["id"]);
ShowOrder();
break;
}
default:
{
ShowOrder();
}
}
	

function AddItem($itemId, $qty)
{
// Will check whether or not this item
// already exists in the cart table.
// If it does, the UpdateItem function
// will be called instead
		
global $dbServer, $dbUser, $dbPass, $dbName;
global $itemtable, $carttable;
// Get a connection to the database
$cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName);
// Check if this item already exists in the users cart 

$result = mysqli_query($cxn, "select count(*) from $carttable where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId");
$row = mysqli_fetch_row($result);
$numRows = $row[0];

if($numRows == 0)
{
// This item doesn't exist in the users cart,
// we will  it with an insert query
@mysqli_query($cxn, "insert into $carttable(cookieId, itemId, qty) values('" . $GLOBALS['cookie'] . "', $itemId, $qty)");
}
else
{
// This item already exists in the users cart,
// we will update it instead
			
UpdateItem($itemId, $qty);
}
}

function UpdateItem($itemId, $qty)
{
// Updates the quantity of an item in the users cart.
// If the qutnaity is zero, then RemoveItem will be
// called instead

global $dbServer, $dbUser, $dbPass, $dbName;
global $itemtable, $carttable;
// Get a connection to the database
$cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName);
		
if($qty == 0)
{
// Remove the item from the users cart
RemoveItem($itemId);
}
else
{
mysqli_query($cxn, "update $carttable set qty = $qty where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId");
}
}
	

function RemoveItem($itemId)
{
// Uses an SQL delete statement to remove an item from
// the users cart
global $dbServer, $dbUser, $dbPass, $dbName;
global $carttable, $itemtable;
// Get a connection to the database
$cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName);
mysqli_query($cxn, "delete from $carttable where cookieId = '" . $GLOBALS['cookie'] . "' and itemId = $itemId");
}
	
	
function ShowOrder()
{
// Gets each item from the cart table and display them in
// a tabulated format, as well as a final for the cart
global $dbServer, $dbUser, $dbPass, $dbName;
global $carttable, $itemtable, $cartheader, $carttitle, $headercolor;
global $contshop, $shoppay, $removeitem, $carttottext;
// Get a connection to the database
$cxn = @mysqli_connect($dbServer, $dbUser, $dbPass, $dbName);


$result = mysqli_query($cxn, "select * from $carttable inner join $itemtable on $carttable.itemId = $itemtable.itemId where $carttable.cookieId = '" . $GLOBALS['cookie'] . "' order by $itemtable.itemId asc");

if (!$result){
	echo("Error description: " . mysqli_error($cxn));
}
?>
		

<head>
<title><?php echo $carttitle; ?></title>

<script language="JavaScript">
		
function UpdateQty(item)
{
itemId = item.name;
newQty = item.options[item.selectedIndex].text;
document.location.href = 'find-sample-order.php?action=update_item&id='+itemId+'&qty='+newQty;
}
		
</script>

</head>
<body bgcolor="#ffffff">
<h1><?php echo $cartheader; ?></h1>
<form name="frmCart" method="get">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td width="10%" height="25" bgcolor=<?php echo $headercolor; ?>>
<font face="verdana" size="1" color="white">
&nbsp;&nbsp;<b>Qty</b>
</font>
</td>
<td width="10%" height="25" bgcolor=<?php echo $headercolor; ?>>
<font face="verdana" size="1" color="white">
<b>Remove</b>
</font>
</td>
<td width="35%" height="25" bgcolor=<?php echo $headercolor; ?>>
<font face="verdana" size="1" color="white">
<b>Product</b>
</font>
</td>
<td width="45%" height="25" bgcolor=<?php echo $headercolor; ?>>
<font face="verdana" size="1" color="white">
<b>Price Each</b>
</font>
</td>
</tr>

<?php
while($row = mysqli_fetch_array($result))
{

?>

<tr>
<td width="10%" height="25">
<font face="verdana" size="1" color="black">
<select name="<?php echo $row["itemId"]; ?>" onChange="UpdateQty(this)">
								
<?php
for($i = 1; $i <= 50; $i++)
{
echo "<option ";
if($row["qty"] == $i)
{
echo " SELECTED ";
}
echo ">" . $i . "</option>";
}
?>

</select>
</font>
</td>
<td width="10%" height="25">
<font face="verdana" size="1" color="black">
<a href="find-sample-order.php?action=remove_item&id=<?php echo $row["itemId"]; 
?>


"><?php echo $removeitem ; ?></a>
</font>
</td>
<td width="10%" height="25">
<font face="verdana" size="1" color="black">

<?php 
echo $row["itemName"]; 
?>
							
</font>
</td>
<td width="35%" height="25">
<font face="verdana" size="1" color="black">
								
$<?php
echo number_format($row["itemPrice"], 2, ".", ","); 
?>						
</font>
</td>
</tr>
				
<?php
}
			
// Display the total
?>
					
<tr>
<td width="100%" colspan="4">
<hr size="1" color="green" NOSHADE>
</td>
</tr>
					
<tr>
<td width="70%" colspan="3">
<font face="verdana" size="2" color="black">
<a href="find-sample-order.php"><?php echo "Continue with order processing >>" ; ?></a>
</font>
</td>

<tr>
<td width="80%" colspan="2">
<font face="verdana" size="2" color="black">
<a>&nbsp;</a>
</font>
</td>


</table>
</form>
</body>
</html>

<?php
}
?>
#4

You need to propagate the $_GET[‘cookie’] value between pages (it’s currently lost after the first page request.)

The ideal way to do this would be to continue to pass it in the URL, but this would require all code producing URLs to include any existing get parameters.

The next best/simplest way would be to store it in a session variable. Your code trying to do this now isn’t working because it is unconditionally setting the session variable from the get parameter, so both of them are empty after the first page request.

Simply -

// if the initial $_GET['cookie'] value is set, save it to a session variable
if(isset($_GET["cookie"]))
{
	$_SESSION['cookie'] = $_GET["cookie"];
}

// if there is not a session 'cookie' value, halt.
if(!isset($_SESSION["cookie"]))
{
	die('This page requires an order id (cookieid) value.');
}

// if there is a session 'cookie' value, set the existing (global) $cookie variable and run the rest of the controller code
$cookie = $_SESSION['cookie'];

// the rest of your code from the $action = ''; line goes here...

I hope no version of this code is running on a live/public web site, since it has no protection against sql injection.

#5

Thanks a million! That did it. I knew it was a variable passing issue but I could not understand what the issue was.

No, this code does not run on any public access sites. I understand it is not very secure.

Thanks again!

Sponsor our Newsletter | Privacy Policy | Terms of Service