Jump to content

Recommended Posts

HI, its a been a long afternoon....ive inherited partial site to update. Shopping cart works fine, however as ive updated the structure to SEO friendly urls one part isnt working :(

 

I have a delete button, and script to update the session:

<a href="cart.php?rid=x&del=1&pos=y" >delete </a>
if($_GET['del']==1 && isset($_GET['rid']) && $_GET['rid']!='' && $_GET['rid']!=0)

{ 

	$r=$_GET['rid'];

	$pos=$_GET['pos'];

	$_SESSION['qty']=$_SESSION['qty']-$_SESSION['cart'][$pos]['qty'];

    unset($_SESSION['cart'][$pos]);

	

	

}

when using the url cart.php?... all works fine, however, now with seo friendly link (the page is website.com/cart) the page refreshes however doesn't update the session.

 

How do i reconstruct the delete url to reflect the changes on structure so that it works?

 

Thanks in advance

 

 

Link to comment
https://forums.phpfreaks.com/topic/302983-update-session-values-_self/
Share on other sites

This is far too vague. How does the full SEO URL look like? How is it resolved? Which parameter are you receiving in the script?

var_dump($_GET);

Besides that, using GET requests to change data violates the HTTP standard and leads to security vulnerabilities. For example, I can delete products from the cart of any user simply by making them visit a page with an image while they're logged in:

<img src="http://yoursite.com/cart.php?rid=x&del=1&pos=y" alt="">

The browser makes a GET request to the URL in an attempt to load the image, and that alone is enough to trigger the action.

 

This is a rather harmless case, but if you use this pattern consistently, you're definitely in trouble. You need to make POST requests with an anti-CSRF token.

Edited by Jacques1

The full url is website.com/en/cart

 

The content of the cart.php page is pulled down from both the session 'user' and 'cart' 

 

Its a little B2B site, which content is user protected, i know its not ideal, but this should've been a quick fixed thats melting my brain.

 

The above script works fine when using the .php file

 

In the htaccess rewrite file theres a simple 'RewriteRule ^([a-zA-Z_]+)/cart$ cart.php?lang=$1 [L,NC]

Those values are created with the link. The script cross checks the values against the session values. The session script, if OK, then removes the row.

As mentioned, the .php file works fine...I don't understand how I can reload the page with the del=1 condition with a seo friendly URL as apposed to the functioning .php file

One last time: How -- does -- the -- full -- URL -- of -- the -- delete -- action -- look -- like? When you click on the link, you end up with a URL (which should contain the three parameters). I want that URL. Not the cart URL. The final URL which is supposed to trigger the action. If you can't see the URL due to redirects, use the developer tools of your browser.

 

Secondly, the Apache documentation says that you need the QSA flag to make URL parameters survive the rewrites. Are you doing that?

Ok, they are the same.

cart.php has a link to delete rows from the session values with the url cart.php?xyz with the necessary values ( as in my initial post) to cross check and fire the delete.When I test using cart.php ( as apposed to /cart) it works fine.

I don't know what is the correct method is to send to /cart ( which is directed to cart.php (self)) and fire the code to delete the session row ( in the original post)..

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.