How to save temporary user in database using md5 hash code

Question

chrisschristou 0 Posting Whiz

10 Years Ago

Hello and mery christmas and happy new years.
on my site i would like to create a simple php/mysql shopping cart use html form to insert product in shopping cart table.
with the help on forum i created a md5 hash it generate beatyfull code... every time when i click on add to shopping cart on same browse same user it is different hash code. i want to generate same md5 hash code for same user for 30 days, how can i use cookie to to generate same md5 hash code for same user ????
below is my php code where i generate md5 hash code:

 <?php 
      $hash = md5(mt_rand(1, 1000000));
      $result = mysql_query("SELECT id FROM shoppingcarttable WHERE client='$hash' LIMIT 1");
if(mysql_num_rows($result) == 1) {
    $hash = md5(mt_rand(1, 1000000));
    }
    if(!isset($_SESSION['MM_username']) && isset($_COOKIE['MM_username'])) {
    $_SESSION['MM_username'] = $_COOKIE['MM_username'];
}
?>

php

Edited 10 Years Ago by chrisschristou

2 Contributors
20 Replies
336 Views
6 Days Discussion Span
Latest Post 10 Years Ago Latest Post by chrisschristou

broj1 356 Humble servant

10 Years Ago

To get the same hash use the same string for 30 days. There are many ways to accomplish this. One of them could be:

Initially:
- store the initial string for hashing in the users record in database
- set the cookie that expires in 30 days

Everytime you need a hash:
- check whether the cookie exists (has not expired)
- if yes use the string from the user record and hash it
- if no set new cookie with expiration 30 days, generate new string in user record in database and hash that string

Alternatively you can store a hash in the user record or store the date in the user record instead of the cookie (a cross-browser / cross-computer solution)

Edited 10 Years Ago by broj1

broj1 356 Humble servant

10 Years Ago

i don't know to - set cookies and check if it exist or (expired)

You were close. But if you set cookie in one line and check for it in next it wont work since cookies are sent in header so by the time you set it the script does not know about it yet. The cookie will be sent in the next page request (if not expired). So I guess the correct order would be:

// initial hash is read from the database
$hash = $row['user_hash'];

// if cookie expired or hash not existing in the database row for that user
if(!isset($_COOKIE['MM_username']) or empty($row['user_hash'])) {
    // cookie expiration time is now + 30 days (in seconds)
    $cookieExpireTime = time() + 30 * 24 * 60 * 60;
    // compute new hash from unique string (to get different hash)
    // I used output of the time function you can also user random value
    $hash = md5(time());
    // store new hash into the user record
    // ...
    // set new cookie to expire in 30 days
    setcookie('MM_username', 'dummy cookie', $cookieExpireTime);
}
// use the hash
// ...

in my website i use [MM_username] for loged in user so it = to user email
i think i must not use it again with cookie right???

Do you mean you use MM_username as an associative index in some array already? You can use the same index in other arrays also, but it might lead to confusion in some cases. Especially it is not a good idea to use same indexes in the $_POST, $_GET, $_COOKIES and $_REQUEST arrays since some array elemnts might be lost.

Edited 10 Years Ago by broj1

broj1 356 Humble servant

10 Years Ago

Remove the ) at thr end of the statement. Correct version is:

$userUpdateSQL = "UPDATE `database`.`table` SET usecolum='$hash' WHERE usercolum='$hash'";

I made a mistake and you copied it blindly :-)

broj1 356 Humble servant

10 Years Ago

You will need a secure application in any case if you intend to script online shop. To answer your question it is difficult since I do not know what functionalities exactly you would like. But in general if you use cookies to manage stuff realted to shopping cart, security is lower since cookies are on the client side and can be easily faked. Using sessions is safe. In reality you use a combination of both.

By default sessions store session data in the file system. You can change that so that session data is stored in the database which might be even safer. See this article.

Sory we could not find a solution for your problem. I think it was just a bit of missunderstanding. Maybe you should try to rephrase the question and post it again as a new thread so other people can jump in.

broj1 356 Humble servant

10 Years Ago

I am just guessing (given the information I have) that on line 84 (and in other places) you are checking the session for existing username (logged-in user):

if (empty($_SESSION['MM_Username']))
{
    echo ("<h4>please log in before adding to shopping Cart</h4>");
}

If you want to enable guests to do the shopping, then you have to change the code for the empty username case:

if (empty($_SESSION['MM_Username']))
{
    // do whatever you intend to do only for guests
    // the rest of the code is equal as for logged-in users
}

i never did php lesson in classroom or any programmation lesson just introduction in programation

If this is true then it is a question if you are ready to program an online shop. Such a project demands quite a lot of skill and experience. Not that I want to put you off but keep in mind that you can get in trouble with your client if things do not work well and secure. Copying some code without understanding it will not help you.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

chrisschristou 0 Posting Whiz · Answer 1 · 2013-12-29T13:57:55+00:00

thank you to reply me i waited an hand to help me. :)
when user add product to shopping, product title and price plus quantity stored in table and the hash code like user ID.
i don't know to - set cookies and check if it exist or (expired)
-if yes use the tring from the user record and hash it...
i have this code on top mf my page but i know it is not correct fo use what you sugest me.

<?php require_once('../Connections/database.php'); ?>
<?php setcookie("MM_username", $hash, time() + (86400 * 30));
if(isset($_COOKIE['MM_username'])) { 
}
?>

on my website i use [MM_username] for loged in user so it = to user email
i think i must not use it again with cookie right???

chrisschristou 0 Posting Whiz · Answer 2 · 2013-12-29T22:02:00+00:00

hello friend
i deletedall my code and i used the code you wrote up but still same problem every time hash code is generated for same user :(

broj1 356 Humble servant Featured Poster · Answer 3 · 2013-12-29T22:27:59+00:00

How did you test it? I tested it so that i set up cookie expire time to 5 seconds and it worked.

chrisschristou 0 Posting Whiz · Answer 4 · 2013-12-29T22:59:35+00:00

i just copied the up code in my page .... in form field user id i use echo '$hash' and when i submit the form to inesrt data in db table the hash code is diferent every time when i click submit

broj1 356 Humble servant Featured Poster · Answer 5 · 2013-12-30T09:01:30+00:00

broj1 356 Humble servant

10 Years Ago

Can you post the whole code?

chrisschristou 0 Posting Whiz · Answer 6 · 2013-12-30T11:07:11+00:00

here is whole code o my page

<?php require_once('../Connections/dbconnection.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "formulaireajout")) {
  $insertSQL = sprintf("INSERT INTO paniertemporaire (usercookie, SKU, article, additional, prix, quantity, total) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['usercookie'], "text"),
                       GetSQLValueString($_POST['SKU'], "text"),
                       GetSQLValueString($_POST['article'], "text"),
                       GetSQLValueString($_POST['additional'], "text"),
                       GetSQLValueString($_POST['price'], "double"),
                       GetSQLValueString($_POST['quantity'], "int"),
                       GetSQLValueString($_POST['total'], "double"));

  mysql_select_db($database_marketbase, $marketbase);
  $Result1 = mysql_query($insertSQL, $marketbase) or die(mysql_error());

  $insertGoTo = "../paniertemporaire.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_marketbase, $marketbase);
$query_itemdetaille = "SELECT * FROM phone WHERE phone.sku='ZNPNZP980'";
$itemdetaille = mysql_query($query_itemdetaille, $marketbase) or die(mysql_error());
$row_itemdetaille = mysql_fetch_assoc($itemdetaille);
$totalRows_itemdetaille = mysql_num_rows($itemdetaille);
 session_start(); ?>
<!doctype html>
<!--[if lt IE 7]> <html class="ie6 oldie"> <![endif]-->
<!--[if IE 7]>    <html class="ie7 oldie"> <![endif]-->
<!--[if IE 8]>    <html class="ie8 oldie"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class=""><!-- InstanceBegin template="/Templates/deteialletemp.dwt.php" codeOutsideHTMLIsLocked="false" -->
<!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- InstanceBeginEditable name="doctitle" -->
<script type="text/javascript" src="../javascript/jquery-1.10.2.min.js"></script>
<title><?php echo $row_itemdetaille['detail']; ?></title>
<link href="css/lightbox.css" rel="stylesheet" type="text/css">
<link href="css/sample_lightbox_layout.css" rel="stylesheet" type="text/css">
<!-- InstanceEndEditable -->
<link href="../boilerplate.css" rel="stylesheet" type="text/css">
<link href="../style/responsive.css" rel="stylesheet" type="text/css">
<link href="../style/reset.css" rel="stylesheet" type="text/css">
<link href="../style/style1.css" rel="stylesheet" type="text/css">
<!-- 
Pour en savoir plus sur les commentaires conditionnels autour des balises HTML en haut du fichier :
paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/

Procédez comme suit si vous utilisez une version personnalisée de modernizr (http://www.modernizr.com/) :
* insérez ici le lien vers votre js
* supprimez le lien ci-dessous vers html5shiv
* ajoutez la classe "no-js" aux balises HTML en haut
* vous pouvez aussi supprimer le lien vers respond.min.js si vous avez inclus MQ Polyfill dans votre version de modernizr 
-->
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<script src="../respond.min.js"></script>
<script type="text/javascript" src="../javascript/jquery-1.10.2.min.js"></script>

<!-- InstanceBeginEditable name="head" -->
<script src="../scripts/jquery.js" type="text/javascript"></script>
<script src="scripts/lightbox.js" type="text/javascript"></script>
<!-- InstanceEndEditable -->

</head>
<body>
<div class="gridContainer clearfix">
  <div id="menu1" class="bottonmenu1">
  <ul class="navaccount">
    <li><a href="#">Create Account</a></li>
    <li> <a href="#">Login</a></li>
    <li><a href="#">Log out </a></li>
    <li><a href="#">My Account </a></li>
  </ul>
  </div>
  <div id="menu2" class="header"><a href="#"><img src="file:///C|/age de puce/image/Sans titre-1.png" alt="AGEDEPUCE.COM" name="AGEDEPUCE.COM" width="220" height="80" id="Insert_logo" style="background-color: #009EC2; display:block;" /></a>
  </div>
  <div id="menu3" class="bottonmenu">
  <ul class="nav">
      <li><a href="#">Home</a></li>
      <li><a href="#">Product</a></li>
      <li><a href="../Mobiles-Phones.php">Mobile  phone</a></li>
      <li><a href="../Tablet-pc.php">Tablet pc</a></li>
      <li><a href="../accesories.php">Accessories</a></li>
    </ul>
    </div>
  <!-- InstanceBeginEditable name="modifiable1" -->
  <div id="sidebar2">
    <h2> Categories</h2>
    <ul class="snav">
      <li id="snav"><a href="#">Tablet PC</a></li>
      <li id="snav"><a href="#">Mobiles Phones</a></li>
      <li id="snav"><a href="#">Accesories</a></li>
      <li id="snav"><a href="#">Electtronics</a></li>
    </ul>
  </div>
  <div id="detaille">
    <p>Home&gt;&gt; Product&gt;&gt; Mobiles phones&gt;&gt; <strong><?php echo $row_itemdetaille['article']; ?></strong></p>
    <div id="imgdudetaille">click on pictures to view in large window
      <div id="gallery1" class="lbGallery">
        <ul>
          <li> <a href="images/zp980_1.jpg" title=""> <img src="images/thumbzp980_1.jpg" width="72" height="72" alt="" /> </a> </li>
          <li> <a href="images/zp980_1.jpg" title=""> <img src="images/thumbzp980_2.jpg" width="72" height="72" alt="" /> </a> </li>
          <li> <a href="images/zp980_3.jpg" title=""> <img src="images/thumbzp980_3.jpg" width="72" height="72" alt="" /> </a> </li>
          <li> <a href="images/zp980_4.jpg" title=""> <img src="images/thumbzp980_4.jpg" width="72" height="72" alt="" /> </a> </li>
          <li></li>
        </ul>
      </div>
      <script type="text/javascript">
// BeginWebWidget lightbox_gallery

        $(function() {
        $('#gallery1 a').lightBox();
    });


// EndWebWidget lightbox_gallery
      </script>
<?php
$hash = $row['user_hash'];
// if cookie expired or hash not existing in the database row for that user
if(!isset($_COOKIE['MM_username']) or empty($row['user_hash'])) {
    // cookie expiration time is now + 30 days (in seconds)
    $cookieExpireTime = time() + 30 * 24 * 60 * 60;
    // compute new hash from unique string (to get different hash)
    // I used output of the time function you can also user random value
    $hash = md5(time( )+ 30 * 24 * 60 * 60);
    // store new hash into the user record
    // ...
    // set new cookie to expire in 30 days
    setcookie('MM_username', 'dummy cookie', $cookieExpireTime);
}
?>
    </div>
    <div id="quickdetailletadd"><?php echo $row_itemdetaille['detail']; ?></div>
    <div>
    <?php 
// number of decimals
$NoOfDecimals = 2;
// initial values for quantity and total
$initialQuantity = 1;
$initialTotal = number_format($initialQuantity * $row_itemdetaille['prix'], $NoOfDecimals);
?>
    <form action="<?php echo $editFormAction; ?>" method="POST" name="formulaireajout" class="formulaireajout" id="formulaireajoutid">
          <input name="article" type="text" id="champajout" value="<?php echo $row_itemdetaille['article']; ?>" readonly>
        Color
        <input name="additional" type="text" id="champajout" value="additional" readonly><br>
        Price<input name="price" type="text" id="pricefield" value="<?php echo $row_itemdetaille['prix']; ?>" readonly>
        quantity<input name="quantity" type="number" min="1" max="20" value="1" onKeyPress="calculateTotal()" id="quantityfield">
        total<input name="total" type="text" id="totalfield" value="<?php echo $initialTotal;?>" readonly>
         <input name="usercookie" type="hidden" value="<?php echo $hash ?>">
         <input name="SKU" type="hidden" value="<?php echo $row_itemdetaille['sku'] ?>">
         <input name="addtocart" type="submit" id="submittocart" value="ADD TO CART">
         <input type="hidden" name="MM_insert" value="formulaireajout">
        </form>
        </div>
    <div id="desc">
      <p>Il s'agit du contenu de la balise Div de disposition "desc"</p>
      <table width="90%" border="3">
        <tr bgcolor="#CCCCCC">
          <th width="50%" scope="col">NETWORK</th>
          <th width="50%" scope="col">CPU </th>
        </tr>
        <tr>
          <td><p>WIFI: 802.11b/g wireless internet<br>
            Bluetooth: Yes, GPS: Yes,Support 3G<br>
            Network type: GSM/WCDMA<br>
            Frequency: GSM 850/900/1800/1900MHz WCDMA 850/2100MHz</p></td>
          <td><p>MTK6589 <br>
            Cortex-A7 <br>
            Quad Core <br>
          1.2GHz</p></td>
        </tr>
        <tr bgcolor="#666666">
          <th colspan="2"><p>STORAGE</p>
          </th>
        </tr>
        <tr bgcolor="#CCCCCC">
          <th scope="col">ROM</th>
          <th scope="col">RAM </th>
        </tr>
        <tr>
          <td><p><?php echo $row_itemdetaille['ROM']; ?> (up to 32GB sd card)</p></td>
          <td><p><?php echo $row_itemdetaille['RAM']; ?></p></td>
        </tr>
        <tr bgcolor="#666666">
          <th colspan="2"><p>SCREEN</p>
          </th>
        </tr>
        <tr bgcolor="#CCCCCC">
          <th scope="col">SCREEN SIZE</th>
          <th scope="col">RESOLUTION </th>
        </tr>
        <tr>
          <td><p><?php echo $row_itemdetaille['screensize']; ?> inch</p></td>
          <td><p><?php echo $row_itemdetaille['resolution']; ?></p>
          <p>IPS Capacitive (5-points)</p></td>
        </tr>
        <tr bgcolor="#666666">
          <th colspan="2"><p>CAMERA</p>
          </th>
        </tr>
        <tr bgcolor="#CCCCCC">
          <th scope="col">BACK CAMEREA</th>
          <th scope="col">FRONT CAMERA </th>
        </tr>
        <tr>
          <td><p><?php echo $row_itemdetaille['Back camera']; ?></p></td>
          <td><p><?php echo $row_itemdetaille['Front camera']; ?></p></td>
        </tr>
        <tr bgcolor="#666666">
          <th colspan="2"><p>OTHER</p>
          </th>
        </tr>
        <tr bgcolor="#CCCCCC">
          <th scope="col">ADITIONAL FEATURES</th>
          <th scope="col">LANGUAGES </th>
        </tr>
        <tr>
          <td><p>3G, Wi-Fi, FM, Bluetooth, GPS, Browser, MP3, MP4, MMS, Alarm, Calendar, People, Calculator... dowload 10000 apps on goole play</p></td>
          <td><p>English, French, Spanish, German, Portuguese, Russian, Dutch, Italian</p>
          <p>find more on below screen capture</p></td>
        </tr>
      </table>
      <p>&nbsp;</p>
    </div>
  </div>
  <!-- InstanceEndEditable -->
  <div id="footer" class="footer">
  <p>Hight quality product: find hight quality dual and quad core smart-phones and dual and quad core tablet pc cheapest price on web, fast world wide shipping, hight quality product and waranty 1 years, 24h/7 days customers service: service@zunaphone.com best customers service ever.</p>
  </div>
</div>
 <script type="text/javascript">
$("#quantityfield").change(function() {
var value = parseFloat(<?php echo $row_itemdetaille['prix']; ?>);
var quantity = parseInt($("#quantityfield").val());
var total = value * quantity;
$("#totalfield").val(total.toFixed(<?php echo $NoOfDecimals;?>));
});
</script>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result($itemdetaille);
?>

broj1 356 Humble servant Featured Poster · Answer 7 · 2013-12-30T11:35:57+00:00

Make sure that you use correct variable name for the users current
hash value read form the database. I used $row['user_hash'] just to show you the principle. Replace that with your own variable name.

On line 171 you have to add your code to insert the new hash into the user record.

chrisschristou 0 Posting Whiz · Answer 8 · 2013-12-30T12:23:36+00:00

if it work i will change with my own variable name
but is don't undestund code i must use on line 171 cause i tried to use $newhash = $row['user_hash']; didn't work and i tried $hash = $row['user_hash']; still didn't work

broj1 356 Humble servant Featured Poster · Answer 9 · 2013-12-30T19:19:00+00:00

No. On line 171 you have to write code for inserting newly generated hast into the database. How you prepare the query depends on the structure of the users table.

chrisschristou 0 Posting Whiz · Answer 10 · 2013-12-30T20:34:52+00:00

you mean i must write this code in 171 line???

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "formulaireajout")) {
  $insertSQL = sprintf("INSERT INTO paniertemporaire (usercookie, SKU, article, additional, prix, quantity, total) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['usercookie'], "text"),
                       GetSQLValueString($_POST['SKU'], "text"),
                       GetSQLValueString($_POST['article'], "text"),
                       GetSQLValueString($_POST['additional'], "text"),
                       GetSQLValueString($_POST['price'], "double"),
                       GetSQLValueString($_POST['quantity'], "int"),
                       GetSQLValueString($_POST['total'], "double"));

  mysql_select_db($database_marketbase, $marketbase);
  $Result1 = mysql_query($insertSQL, $marketbase) or die(mysql_error());

cause i have tried list of that code on line 171 and still same problem :

 $result = mysql_query("SELECT id FROM shoppingcarttable WHERE client='$hash' LIMIT 1");
if(mysql_num_rows($result) == 1) {
    $hash = md5(mt_rand(1, 1000000));
    }

and this $hash = md5(mt_rand(1, 1000000));
plus this

  $hash = md5(mt_rand(1, 1000000));
      $result = mysql_query("SELECT id FROM shoppingcarttable WHERE client='$hash' LIMIT 1");
if(mysql_num_rows($result) == 1) {
    $hash = md5(mt_rand(1, 1000000));
    }
    if(!isset($_SESSION['MM_username']) && isset($_COOKIE['MM_username'])) {
    $_SESSION['MM_username'] = $_COOKIE['MM_username'];
}

and more.
please can you give me what code you wrote on line 171 and it work?????

when i use the first code of this reply on line 171 i have error on navigator.

broj1 356 Humble servant Featured Poster · Answer 11 · 2013-12-31T08:31:46+00:00

You have to UPDATE the USER record with the newly created hash. So if you post the user table structure, I can suggest a query. But the query in general will look something like:

$userUpdateSQL = "UPDATE usertable SET user_hash='$hash' WHERE usr_id='$currentUser'");
$Result = mysql_query($userUpdateSQL, $marketbase) or die(mysql_error());

chrisschristou 0 Posting Whiz · Answer 12 · 2013-12-31T18:58:44+00:00

i use the below code and i get a syntax errot on navigator but i do know where is the mistake
Parse error: syntax error, unexpected ')' in /homepages/0/...../htdocs/domainame.com/folder/pag.php on line 172

$userUpdateSQL = "UPDATE `database`.`table` SET usecolum='$hash' WHERE usercolum='$hash'");
$Result = mysql_query($userUpdateSQL, $marketbase) or die(mysql_error());

line 1 is the line 172

chrisschristou 0 Posting Whiz · Answer 13 · 2014-01-01T19:02:44+00:00

Hello dear broj1
thankk you for helping me all this time.. but it don't work stille it generate diferent hash code very submit... :(
maybe it better idea to create shopping cart using php session but it will be harder .??? i will need security??? is it better idea??

chrisschristou 0 Posting Whiz · Answer 14 · 2014-01-02T19:08:07+00:00

i took hours to read about session and how to store it in DB it look for me very hard i never did php lesson in classroom or any programmation lesson just introduction in programation...... below i give the whole code of a page who work fine for adding in shopping cart ... but the probleme is always user must log in to add product in cart else he can't it is why i try run find any way to allow temporary user to add product in shopping cart and saw total amount and there he can place order using he's user ID, anyway i hope you will understund how my shopping cart work with below code. please pay care on form and php part of inser into..... (if user is not log in when he submit it will not be possiblr cause the table colum of user can't be null)

<?php require_once('../Connectionsfolder/connectionfile.php'); ?>
<?php session_start(); ?>
 <?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "achat")) {
  $insertSQL = sprintf("INSERT INTO panier (client, article, SKU, quantite) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['client'], "text"),
                       GetSQLValueString($_POST['article'], "text"),
                       GetSQLValueString($_POST['sku'], "text"),
                       GetSQLValueString($_POST['quantite'], "int"));

  mysql_select_db($database_connectionfile, $connectionfile);
  $Result1 = mysql_query($insertSQL, $connectionfile) or die(mysql_error());

  $insertGoTo = "../myspace/panier.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>
    <?php
mysql_select_db($database_connectionfile, $connectionfile);
$query_gt89 = "SELECT * FROM phone WHERE phone.sku='ZNPNGT89'";
$gt89 = mysql_query($query_gt89, $connectionfile) or die(mysql_error());
$row_gt89 = mysql_fetch_assoc($gt89);
$totalRows_gt89 = mysql_num_rows($gt89);

$paramclient_panier = "0";
if (isset($_SESSION['MM_Username'])) {
  $paramclient_panier = $_SESSION['MM_Username'];
}
$paramsku_panier = "0";
if (isset($_GET['sku'])) {
  $paramsku_panier = $_GET['sku'];
}
mysql_select_db($database_connectionfile, $connectionfile);
$query_panier = sprintf("SELECT id,client,sku,quantite+1 AS quantite FROM panier WHERE client=%s AND sku=%s", GetSQLValueString($paramclient_panier, "text"),GetSQLValueString($paramsku_panier, "text"));
$panier = mysql_query($query_panier, $connectionfile) or die(mysql_error());
$row_panier = mysql_fetch_assoc($panier);
$totalRows_panier = mysql_num_rows($panier);
?>

  <div class="content">

    <div class="pricedetail">
 <?php
 if (empty($_SESSION['MM_Username']))
   {
     echo ("<h4>please log in before adding to shopping Cart</h4>");
   }
?>
      <form action="<?php echo $editFormAction; ?>" method="POST" name="achat" class="formaddto">
        <label for="titre"></label>
        <input name="article" type="text" class="addto" id="titre" value="<?php echo $row_gt89['article']; ?>" readonly>
        <label for="prix"></label>
        <input name="prix" type="text" class="addto" id="prix" value="<?php echo $row_gt89['prix']; ?>  EUR" readonly>
        <label for="quantite"></label>
        <input name="quantite" type="text" id="quantite" value="1">
        <input name="client" type="hidden" id="client" value="<?php echo $_SESSION['MM_Username']; ?>">
        <input name="sku" type="hidden" id="sku" value="<?php echo $row_gt89['sku']; ?>">
        <input name="button" type="submit" class="boutonaddto" id="button" value="Add to Cart">
        <input type="hidden" name="MM_insert" value="achat">
      </form>
    </div>
    <?php
mysql_free_result($gt89);

mysql_free_result($panier);
?>

chrisschristou 0 Posting Whiz · Answer 15 · 2014-01-04T21:27:36+00:00

i'm ready to program. i think :D
for payment i will use only paypal i think there customer will are securised.
when user add product to database the only way to know who user add product to shopping cart is by he's username in DB.
it why run to find for hash code cookie, session.