Jump to content

php script help


ohno

Recommended Posts

I’m trying to make the update qty script for our cart work so it stays on the page you are on, eg, if the qty is changed at stage 3 of the cart the qty updates & you stay on cart 3. Currently it would take you back to cart stage 1!

 

The code currently looks like this :-

<?php
session_start();
if ( $_SESSION['locked'] != 1 )
	{
		include_once("config.php");
		if ( ( !isset($_POST['cartitem']) ) || ( $_POST['cartitem'] == '' ) )
			{
				include_once("top.php");
				echo 'Please go back and select a product to change the quantity of from your cart.';
				include_once("bottom.php");
			}
		else
			{
				if ( $_POST['quantity'] == '0' )
					{
						$sql = "UPDATE cartitems SET active='0' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'";
						mysql_query($sql);
					}
				else
					{
						$sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'";
						mysql_query($sql);
					}
				header ("Location: cart.php");
			}
	}
else
	{
		header ("Location: cart.php");
	}
?>

I tried modifying the link on each cart page so rather than the script called as <form method="post" action="s_updateqty.php"> I changed it to <form method="post" action="s_updateqty.php?cartpage=a"> for cart1.php then cartpage=b for cart2.php etc. I then modified the script attached as follows :-

include_once("bottom.php");
                                    }
                        else
                                    {
                                                if ( $_POST['quantity'] == '0' )
                                                            {
                                                                        $sql = "UPDATE cartitems SET active='0' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'";
                                                                        mysql_query($sql);
                                                            }
                                                else
                                                            {
                                                                        $sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'";
                                                                        mysql_query($sql);
                                                            }
                                                header ("Location: cart.php");
                                    }
            }
else
            {
                        if ( $_GET['cartpage'] == "a" )
                                    {
                                                header ("Location: cart.php");
                                    }
                        if ( $_GET['cartpage'] == "b" )
                                    {
                                                header ("Location: cart2.php");
                                    }
                        if ( $_GET['cartpage'] == "c" )
                                    {
                                                header ("Location: cart3.php");
                                    }
            }
?>

But it didn't work, can anyone suggest how I can get this to work. I know nothing about PHP so i'm just trying my best here. Developers don't want to know as the job is too small :(

 

Thanks for any help anyone can offer :)

                                                

Link to comment
Share on other sites

the part of the code you changed is the else statement for if ( $_SESSION['locked'] != 1 ). which, if the session is locked, you wouldn't care if you went back to step 1.

 

the header() redirect right after the block with the update queries is what you need to modify.

 


 

your update code needs to enforce access security. it currently allows anyone to modify the quantity of any item in the cartitems table, not just their own items.

Link to comment
Share on other sites

Thanks, so i need to change code in this section??

$sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'";
						mysql_query($sql);
					}
				header ("Location: cart.php");
			}

?? Thanks again.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.