0

I am creating a PHP shopping cart linked to SQL database, from a tutorial i am following.

The code below SHOULD display all my products, however I believe that the 

$id = intval($_GET['id']);

section is messing it up. The SKU's of the products are Varchar, not integers, so I am lead to believe that this is causing the problem with "intval". Is there another datatype I can insert that will display my products again?

<?php

if (isset($_GET['action']) && $_GET['action'] == "add")
{
    $id = intval($_GET['id']);

    if(isset($_SESSION['cart'][$id]))
    {
        $_SESSION['cart'][$id]['quantity']++;
    } 
    else 
    {
        $sql2   = "SELECT * FROM products WHERE SKU={$id}";
        $query2 = mysql_query($sql2);

        if(mysql_num_rows($query2) != 0)
        {
            $row2 = mysql_fetch_array($query2);
            $_SESSION['cart'][$row2['SKU']] = array("quantity => 1, "price" => $row['price']);

        } 
        else 
        {
            $message = "This product id is invalid";
        }
    }
}
?>
<h2 class="message"><?php if(isset($message)){echo $message; ?></h2>
<h1>Product Page</h1>
<table>
    <tr>
        <th>Name</th>
        <th>Description</th>
        <th>Price</th>
        <th>Action</th>
    </tr>

    <?php
    $sql   = "SELECT * FROM products ORDER BY SKU ASC";
    $query = mysql_query($sql)or die(mysql_error());

    while($row = mysql_fetch_assoc($query))
    {
        ?>
        <tr>
            <td><?php echo $row['name']; ?></td>
            <td><?php echo $row['Description']; ?></td>
            <td><?php echo "£" . $row['price']; ?></td>
            <td><a href="index.php?page=products&action=add&id=<?php echo $row['SKU']; ?>">Add to Cart</a></td>
        </tr>

        <?php
    }
    ?>

</table>
msturdy
  • 10,479
  • 11
  • 41
  • 52
WibblyWobbly
  • 145
  • 3
  • 7
  • 18
  • You should use prepared statements with PDO or mysqli instead of injecting variables in your sql statements. – jeroen Jun 11 '13 at 19:00
  • You have a syntax error: `"quantity => 1,` must be `"quantity" => 1,`. You forgot a double quote – Agustin Meriles Jun 11 '13 at 19:01
  • PHP makes very little distinction between numbers and strings. There are many things wrong with this code. It doesn't follow many of the modern good practices. This tutorial is kinda bad. I honestly can't tell you what this code does, it's too messy. – Halcyon Jun 11 '13 at 19:01
  • *Are* the product IDs integers? PHP doesn't care how your column type is defined it only cares what's in it. Show us your DB table structure. – Madbreaks Jun 11 '13 at 19:03
  • my product IDs are test1, test2, test3 Unrealistic I know, but for the task they must remain strings – WibblyWobbly Jun 11 '13 at 19:04

2 Answers2

1

You are missing an ending quote here:

$_SESSION['cart'][$row2['SKU']] = array("quantity" => 1, "price" => $row['price']);

You're also missing a } sign

<h2 class="message"><?php if(isset($message)){echo $message; } ?> </h2>
Martin
  • 410
  • 2
  • 11
0

Check the docs for intval() and you'll see that this method returns 0 when the variable isn't an integer.

if you're looking to search for this, you can just change the line to:

$id = $_GET['id'];

to get the variable as a string

However there are two things to bear in mind with this:

Community
  • 1
  • 1
msturdy
  • 10,479
  • 11
  • 41
  • 52