Add to cart does not work

[gueland]

I have been using a tutorial from udemy and have reached a point where we are adding to the cart using the IP address of the user.  The scripts in the functions.php work EXCEPT for the cart() function.  It just blinks the page but does not add the items to the database table cart.  The instructor is not getting back to me in the feedback function of the course.   Can you help?  Here is the code written:

 

function getIp() {
    $ip = $_SERVER['REMOTE_ADDR'];
 
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
 
    return $ip;
}
function cart() {
if(isset($_GET['add_cart'])) {
    
        global $con;
        
        $ip = getIp();
    
        $pro_id = $_GET['add_cart'];
        
        $check_pro = "select * from cart where ip_add='$ip' and p_id='$pro_id'";
        
        $run_check = mysqli_query($con, $check_pro);
        
        if(mysqli_num_rows($run_check)>0){
            
            echo "";
            
        }
        else {
                
            $insert_pro = "insert into cart (p_id,ip_add) values ('$pro_id','$ip')";
            
            $run_pro = mysqli_query($con, $insert_pro);
            
            echo "<script>window.open('index.php','_self')</script>";
        
        }
    
}    
}

 

The database connection is not written in this, but it does work for the other functions, like adding products for example.

 

 

I am running Windows 10, with MySQL, Apache, PHP5.

I cannot go any further until I resolve this.

Please help.

Thank you.

[mac_gyver]

do you have php's error_reporting set to E_ALL and display_errors set to ON (preferably in the php.ini) on your development system, so that php will help you by reporting and displaying all the errors it detects?

 

do you have any error handling for the mysqli statements, so that you will know if and why they are failing? if you enable exceptions for the mysqli extension (there are examples in the php.net documentation showing how to do this), combined with the above two php settings, will cause any mysqli errors to throw an exception that php will catch and then display the actual error information.

 

the above two items will get your code to tell you when and why it is failing.

 

next, there are some problems and security issues with the code -

 

1) you cannot successfully use the ip address to identify a visitor. several people can share the same ip address and the ip address can change during one visit to a site (a cable/dsl modem gets reset for example.) you need to generate a cart id, store it in a session variable, and use it in the cart data. the easiest way of generating a cart id is to have an 'orders' table and insert a row into the table, with a status value that indicates a 'pending' order, i.e. a cart, and then get the last insert id and use this as the cart id.

 

2) you should not put data values directly into sql query statements. you should use prepared queries, with place-holders in the sql query statement, then supply the data values when you execute the query. the mysqli and PDO extensions both support prepared queries, but the PDO extension is much easier to use. if you can, you should switch all your code to use the PDO extension.

 

3) function names should indicate what the function does. a function named cart() could display the cart, add an item to the cart, update item(s) in the cart, or delete item(s) from the cart. the name should give a hint to anyone reading the code what the function does.

 

4) variable names and database columns names should also be descriptive.

 

5) any inputs a function needs should be passed as call time parameters.

 

6) you should use a post method form when you cause an action on the server, such as creating, updating, or deleting data. your add to cart should use $_POST, not $_GET.

 

7) you should validate data before using it. what happens if the 'add_cart' value is set but it's empty? it's not a number? it's not a valid product id?

 

your cart needs a quantity column, so that someone can select more than one of something.

 

9) you need to define what your code is going to do for each possible combination of inputs and existing data. what should your code do if an item is already in the cart? should it output a message, replace the existing quantity with a one, or add one to the existing quantity?

 

10) your database table holding the cart contents should have the cart id and product/item id defined as a composite unique index so that you can only insert any item once in a cart. doing this will also allow you to use an INSERT ... ON DUPLICATE KEY UPDATE ... query to manage inserting a new item or updating the quantity of an existing item using a single sql query.

 

 

 

 

 

 

 

 

Edited March 17, 2017 by mac_gyver

[Jacques1]

Long story short: The online course you got your code from sucks and isn't worth your money. They're actively teaching you wrong and dangerous practices which you will have to unlearn if you ever want to have a real website.

 

Personally, I'm very sceptical about those paint-by-numbers tutorials where they walk you through a (pseudo) project. The quality is usually piss-poor, and even if they get it right, what do you really learn? In my experience, not much. What I recommend is to learn the basics (SQL, PDO, sessions etc.) and then write your own applications, preferrably ones you actually want to use.