-1

i want to add an select option for the size of product and put it on cart but I don't know where to start, can anyone guide mo on how to add selected product sizes to cart

<?php
session_start();
error_reporting(0);
include 'connections.php';
if(isset($_GET['action']) && $_GET['action']=="add"){
    $id=intval($_GET['id']);
        
    if(isset($_SESSION['cart'][$id])){
        $_SESSION['cart'][$id]['quantity']++;
        
    }else{
        $sql_p="SELECT * FROM products WHERE id={$id}";
        $query_p=mysqli_query($con,$sql_p);
        if(mysqli_num_rows($query_p)!=0){
            $row_p=mysqli_fetch_array($query_p);
           
            $_SESSION['cart'][$row_p['id']]=array("quantity" => 1, "price" => $row_p['productPrice'],);
    

        }else{
            $message="Product ID is invalid";
        }
     
    }
        echo "<script>alert('Product has been added to the cart')</script>";
        echo "<script type='text/javascript'> document.location ='products.php'; </script>";
}


?>
Joshua Espina Magos
  • 1
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Jul 19 '22 at 10:05
  • **NEVER** silence all errors. Remove `error_reporting(0);` – Dharman Jul 19 '22 at 10:05

1 Answers1

-1

Your SQL:

$sql_p="SELECT * FROM products WHERE id={$id}";
    $query_p=mysqli_query($con,$sql_p);

Your SQL should be

$sql_p="SELECT * FROM products WHERE id LIKE '$id'";
    $query_p=mysqli_query($con,$sql_p);
Pierre
  • 11
  • 4
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 20 '22 at 10:41