gtseviper

I finished getting the shopping cart organize. Every time i refresh the page (under the shopping_cart.php) an addition quantity is added by increment of 1 (changing the final price as well). How do I stop this from happening? shopping_cart.php <?php // Include functions require_once('inc/functions.inc.php'); // Start the session session_start(); // Process actions $cart = $_SESSION['cart']; $action = $_GET['action']; switch ($action) { case 'add': if ($cart) { $cart .= ','.$_GET['id']; } else { $cart = $_GET['id']; } break; case 'delete': if ($cart) { $items = explode(',',$cart); $newcart = ''; foreach ($items as $item) { if ($_GET['id'] != $item) { if ($newcart != '') { $newcart .= ','.$item; } else { $newcart = $item; } } } $cart = $newcart; } break; case 'update': if ($cart) { $newcart = ''; foreach ($_POST as $key=>$value) { if (stristr($key,'qty')) { $id = str_replace('qty','',$key); $items = ($newcart != '') ? explode(',',$newcart) : explode(',',$cart); $newcart = ''; foreach ($items as $item) { if ($id != $item) { if ($newcart != '') { $newcart .= ','.$item; } else { $newcart = $item; } } } for ($i=1;$i<=$value;$i++) { if ($newcart != '') { $newcart .= ','.$id; } else { $newcart = $id; } } } } } $cart = $newcart; break; } $_SESSION['cart'] = $cart; ?> functions.inc.php <?php function writeShoppingCart() { $cart = $_SESSION['cart']; if (!$cart) { return '<p>You have no items in your shopping cart</p>'; } else { // Parse the cart session variable $items = explode(',',$cart); $s = (count($items) > 1) ? 's':''; return '<p>Shopping Cart <a href="shopping_cart.php">'.count($items).' item'.$s.' </a></p>'; } } function showCart() { global $db; $cart = $_SESSION['cart']; if ($cart) { $items = explode(',',$cart); $contents = array(); foreach ($items as $item) { $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } $output[] = '<form action="shopping_cart.php?action=update" method="post" id="cart">'; $output[] = '<table border="0" width="100%" cellspacing="0" cellpadding="0">'; foreach ($contents as $id=>$qty) { $sql = 'SELECT * FROM Products WHERE id = '.$id; $result = $db->query($sql); $row = $result->fetch(); extract($row); $output[] = '<tr>'; $output[] = '<td width="217" align="center"> <a class="right_20" href="product_info.php?products_id='.$id.'"> <img src="images/product_5.jpg" alt="Consectetur adipiscing" title="Consectetur adipiscing" width="211" height="211" /></a></td>'; $total += $price * $qty; $output[] = '<td width="414" valign="top"><a href="product_info.php?products_id='.$id.'"> <strong>Consectetur adipiscing</strong></a> <span class="markProductOutOfStock">***</span><br /><br /> <input type="text" name="qty'.$id.'" value="'.$qty.'" size="3" maxlength="3" /> <div><button type="submit">Update cart</button> or <a href="shopping_cart.php?action=delete&id='.$id.'" class="r">Remove</a></div></td>'; $output[] = '<td width="207" align="right" valign="top"> <strong>$'.($price * $qty).'</strong></td>'; $output[] = '</tr>'; } $output[] = '<tr>'; $output[] = '<td colspan="2"></td>'; $output[] = '<td ><p align="right">Grand total: <strong>$'.$total.'</strong></p></td>'; $output[] = '</tr>'; $output[] = '<tr>'; $output[] = '<td colspan="3"><p class="stockWarning" align="center">Products marked with *** dont exist in desired quantity in our stock.<br />You can buy them anyway and check the quantity we have in stock for immediate deliver in the checkout process.</p></td>'; $output[] = '</tr>'; $output[] = '</table>'; $output[] = '</form>'; } else { $output[] = '<p><a href="products_new.php">Continue Shopping</a></p>'; } return join('',$output); } ?>

The page was working fine to get to ash.php or Bobby.php and now the web server is redirecting me to there default page. I tried it another server and it started doing the same thing When the result_bind happens, am I suppose to use that in my if ($username) to locate the page or do you use the $form_username <?php session_start(); $form_username = $_POST['username']; $form_password = $_POST['password']; $conn = new mysqli('host','username','password', 'database'); $stmt = $conn->prepare("SELECT username FROM users WHERE username=? AND password=?"); $stmt->bind_param('ss', $form_username, $form_password); $stmt->execute(); $stmt->bind_result($username); if ($stmt->fetch()) { if($username == "ash") { include('ash.php'); } else if($username == "Bobby") { include('Bobby.php'); } } else { echo ("Incorrect username or password. <br /><a href='index.php'>Click here to try again</a>"); } $stmt->close(); $conn->cloase(); ?>

Alright, I got it to function. Thanks for all your help

Thanks again for all your expert help. I will have to sit down and learn a little more about this prepared statement stuff. It will take me sometime for this to soak in. thanks again

Thanks for all the responses. Here is what I have done. I had alot of help converting it What this even convert correctly to do the same thing that the original is doing without a problem The problem i am having is that my if($username == "ash") { include("ash.php") comes up with the page background only and no image content. <?php session_start(); $form_username = $_POST['username']; $form_password = $_POST['password']; if ($form_username&&$form_password) { $form_password = md5(md5($password)); $conn = new mysqli('host','username','password', 'database') or die ('Couldnt connect to database'); $stmt = $conn->prepare("SELECT username FROM users WHERE username=?"); $stmt->bind_param('s', $username); $stmt->execute(); if($stmt->fetch()) { if($numrows !=0) { while ($rows = mysql_fetch_assoc($query)) { $dbusername = $rows ['username']; $dbpassword = $rows ['password']; } if ($form_username==$dbusername&&$form_password==$dbpassword) { $form_password = md5(md5("Rh4izr".$password."Q46s7E")); $_SESSION['username']=$dbusername; if($username == "ash") { include("ash.php"); } else if($username == "Bobby") { include("Bobby.php"); } } else echo ("Incorrect password. <br /><a href='webpage'>Click here to try again</a>"); } else die ("That username doesnt exist. <br /><a href='webpage'>Please contact Innavationz for further assistance</a>"); } } else die ("Please enter a username and password. <br /><a href='webpage'>Click here to try again</a>"); $stmt->close(); $conn->close(); ?>

It took me a while to get my login.php working correctly until I was told it needed a prepared statement to secure it How would this login.php be converted to a Prepared statement? Any help will be thankful <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { $connect = mysql_connect("host","username","password") or die ("Couldnt connect to database"); mysql_select_db("database name") or die ("Couldn't find database"); $password = md5(md5($password)); $query = mysql_query("SELECT * FROM users WHERE username='$username' "); $numrows = mysql_num_rows($query); if($numrows !=0) { while ($rows = mysql_fetch_assoc($query)) { $dbusername = $rows ['username']; $dbpassword = $rows ['password']; } if ($username==$dbusername&&$password==$dbpassword) { $password = md5(md5("Rh4izr".$password."Q46s7E")); $_SESSION['username']=$dbusername; if($username == "ash") { include("webpage"); } else if($username == "Bobby") { include("webpage"); } } else echo "Incorrect password. <br /><a href='webpage'>Click here to try again</a>"; } else die ("That username doesnt exist. <br /><a href='webpage'>Please contact Innavationz for further assistance</a>"); } else die ("Please enter a username and password. <br /><a href='webpage'>Click here to try again</a>"); ?>