0
<?php
        $page_title = "Shopping Cart";
        require_once('includes/header.php');
        require_once('includes/database.php');
?>
    </head>
    <body>
    <p>Check out</p>
    
<?php
    if (! isset($_SESSION['cart']) || ! $_SESSION['cart']) {
        echo "Your shopping cart is empty.<br><br>";
        include('includes/footer.php');
        exit();
    }
    
    //proceed since the cart is not empty
    $cart = $_SESSION['cart'];
    ?>
    <table class="productlist">
        <tr>
            <th style="width: 500px">Product</th>
            <th style="width: 60px">Price</th>
            <th style="width: 60px">Quantity</th>
            <th style="width: 60px">Total</th>
        </tr>
    
    <?php
        //insert code to display the shopping cart content
        if (! filter_has_var(INPUT_GET, 'id')){
            echo "error: product id was not found.";
            exit();
        }
        $product_id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
    
        //select statement
        $sql="SELECT product_id, product_name, price FROM products WHERE 0";
        foreach(array_keys($cart) as $product_id){
            $sql.="OR id=$product_id";
        }
    
        //execute the query
        $query = @$conn->query($sql);
    
        //display in table
        while ($row = $query->fetch_assoc()){
            $product_id= $row['id'];
            $product_name=$row['product_name'];
            $price=$row['price'];
            $qty=$cart[$product_id];
            $total= $qty * $price;
            echo"<tr>",
            "<td><a href='product_details.php?id=$product_id'>$product_name</a></td>",
            "<td>$price</td>",
            "<td>$qty</td>",
            "<td>$total</td>",
            "<tr>";
    
        }
?>
    </table>
    <br>
    <div class="bookstore-button">
        <input type="button" value="Checkout" onclick="window.location.href = 'checkout.php'"/>
        <input type="button" value="Cancel" onclick="window.location.href = 'products.php'" />
    </div>
    <br><br>
    
    <br> <p>Until Next Time!</p>
    </body>
    
    <?php require ('includes/footer.php') ?>
    </html>

The code is only showing errors when trying to add a product to the shopping cart. I'm wondering if someone sees an error i could not see. "error product id was not found" The code is only showing errors when trying to add a product to the shopping cart. I'm wondering if someone sees an error i could not see.** "error product id was not found

mymymerr
  • 1
  • 1
  • 1
    You mentioned that you are seeing errors. What are those errors? It would help us debug your code much faster – Rojo Dec 13 '20 at 21:33
  • You should look into using parameterized [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of manually escaping and injecting the user data into the queries like that. – M. Eriksson Dec 13 '20 at 21:41
  • If you get that error, the code stops before it even reach the database code. It's `filter_has_var(INPUT_GET, 'id')` that evaluates as false. Why not just check using: `isset($_GET['id'])`? – M. Eriksson Dec 13 '20 at 21:44
  • `$sql="OR id=$product_id";` -- You're setting the query to just that `"OR ..."` in each iteration of the loop, deleting the prior `"SELECT ..."`. You probably want `.=` instead of `=` and add a space before the `"OR"`. But you should also use parameterized queries here to prevent funny errors and the possibility of SQL injections. See [here](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) and [here](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – sticky bit Dec 13 '20 at 21:44
  • when i changed it to $_GET ... it took away "error: product id was not found. Product Price Quantity Total" but either way it isnt showing anything added :( – mymymerr Dec 13 '20 at 21:57

0 Answers0