Possible SQL injection error?

[Muddy_Funster]

fermac, can you do a mysqldump on your server (specifically the tables that this connects to)?  If you can dump your tables that this script connects to then I'll have a bash at recreating the problem - and hopefully getting closer to an answer as well.

[Fermac]

I dropped you a private message Muddy.

[Fermac]

Hi all, thanks for your help, this has now been resolved.

[Muddy_Funster]

could you mark the thread as answered and, if at all possible, stick in a summary of the solution for others who may have a simmilar problem in the future?

[Fermac]

2 different sections of code needed fixed for the cart to work correctly.

 

Firstly, the displaying of the cart was not selecting any of the items from the database that associated with the cart ID. It was re-written to select only the details needed to keep code to a minimum and also to be a lot cleaner with correct error debugging.

 

Secondly, the updating of the cart when the "Update" button was pressed. It was taking the long way around a short simple task, it was performing updates on items that hadn't changed quantities, it was re-written as follows:

- Quantities are changed to between 0-10 and update is submitted.

- Script checks to see which quantities have changed (if any).

- If there are changes to the quantities, the script selects which items have been changed.

- It then loops through all of the quantity changes and either removes the row (if the value is 0) or updates the row (i the values is 1 or more).