ohno Posted June 11, 2014 Share Posted June 11, 2014 I’m trying to make the update qty script for our cart work so it stays on the page you are on, eg, if the qty is changed at stage 3 of the cart the qty updates & you stay on cart 3. Currently it would take you back to cart stage 1! The code currently looks like this :- <?php session_start(); if ( $_SESSION['locked'] != 1 ) { include_once("config.php"); if ( ( !isset($_POST['cartitem']) ) || ( $_POST['cartitem'] == '' ) ) { include_once("top.php"); echo 'Please go back and select a product to change the quantity of from your cart.'; include_once("bottom.php"); } else { if ( $_POST['quantity'] == '0' ) { $sql = "UPDATE cartitems SET active='0' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'"; mysql_query($sql); } else { $sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'"; mysql_query($sql); } header ("Location: cart.php"); } } else { header ("Location: cart.php"); } ?> I tried modifying the link on each cart page so rather than the script called as <form method="post" action="s_updateqty.php"> I changed it to <form method="post" action="s_updateqty.php?cartpage=a"> for cart1.php then cartpage=b for cart2.php etc. I then modified the script attached as follows :- include_once("bottom.php"); } else { if ( $_POST['quantity'] == '0' ) { $sql = "UPDATE cartitems SET active='0' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'"; mysql_query($sql); } else { $sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'"; mysql_query($sql); } header ("Location: cart.php"); } } else { if ( $_GET['cartpage'] == "a" ) { header ("Location: cart.php"); } if ( $_GET['cartpage'] == "b" ) { header ("Location: cart2.php"); } if ( $_GET['cartpage'] == "c" ) { header ("Location: cart3.php"); } } ?> But it didn't work, can anyone suggest how I can get this to work. I know nothing about PHP so i'm just trying my best here. Developers don't want to know as the job is too small Thanks for any help anyone can offer Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 11, 2014 Share Posted June 11, 2014 the part of the code you changed is the else statement for if ( $_SESSION['locked'] != 1 ). which, if the session is locked, you wouldn't care if you went back to step 1. the header() redirect right after the block with the update queries is what you need to modify. your update code needs to enforce access security. it currently allows anyone to modify the quantity of any item in the cartitems table, not just their own items. Quote Link to comment Share on other sites More sharing options...
ohno Posted June 11, 2014 Author Share Posted June 11, 2014 Thanks, so i need to change code in this section?? $sql = "UPDATE cartitems SET quantity='".$_POST['quantity']."' WHERE cartitemid='".mysql_real_escape_string($_POST['cartitem'])."'"; mysql_query($sql); } header ("Location: cart.php"); } ?? Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.