Member Avatar for jpknoob

Hi all, i decided to try and make a php shopping cart with sessions and manged to do so with the help of online turorials and references. However, i decided to try and pass over multiple items form a table, but i must have gone wrong somewhere, as some of them work and others don't! The ones that work display the cart, quantity and price, the others display a blank screen with no error messages

I pass over the id's using the following code;

<td>$row[product_1_name]</td>
      <td><a href='cart.php?action=add&amp;id=".$row['id1']."'>BUY</a></td>
      <td>$row[product_2_name]</td>
      <td><a href='cart.php?action=add&amp;id=".$row['id2']."'>BUY</a></td>

My cart code then GETs the id's using;

$product_id = $_GET[id]; 
         $product_id = mysql_real_escape_string($product_id);
	$action 	= $_GET[action];  
	$action = mysql_real_escape_string($action);

Is this correct? This is my first attempt at security issues.

To display the contents i am using the following query;

$query = sprintf("SELECT * FROM products_table WHERE product_number = '%s';",$product_id);  
					
	$result = mysql_query($query)or die(mysql_error());
	$num = mysql_num_rows($result); //number of messages

Is this the best way to do this sort of thing? Any help or advice would be greatly appreciated. I can also provide the full code on request.

Load you page via the browser. Now look at the browser's source code. Are you seeing all the expected item ids? How are you sending/printing your first block of code. It looks incomplete, so I am wondering if you are using an echo (or print) WITH double quote delimiters.

Member Avatar for jpknoob

I'm such an idiot, my tables had '&' in it and i forgot to change them to 'and'. So sorry for wasting time.

Thanks for the reply tho :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.