Search code examples
phpsqlmysqlishopping-cart

PHP Shopping Cart Add Items

I'm currently working on a shopping cart using PHP, and I'm trying to figure out how to add items to the cart itself using the code I have written. The items from my database are being displayed correctly, but only the last array under $item is being added to the cart. The following displays the items.

$result = mysqli_query($cxn,$sql) or die("<p class='error'>Couldn't connect to server.</p>");
while($row = mysqli_fetch_assoc($result))
{
    $product[] = $row;
}
foreach($product as $item)
{
    echo "<div class='product'><form method='post'><div class='img_spacer'><div class='image'>";
    include "images.inc";
    echo "</div></div><div class='name'><h2>".$item['product']."</h2></div>";
    echo "<div class='description'><p>".$item['description']."</p></div>";
    echo "<div class='price'><p>".$item['price']."</p></div>";
    echo "<div class='add_cart'><input type='hidden' name='add' value='yes'>
    <input type='submit' name='add_cart' value='Add to Cart'>
    </div></form></div>";
}

The following code is for the shopping cart itself. I have it currently set to print_r the sent variables so I can see what information is being posted.

<?php
if(isset($_POST['add']) and $_POST['add'] == 'yes')
{
    $selected = "select product_ID, product, price from product where product_ID='".$item['product_ID']."'";
    $result2 = mysqli_query($cxn,$selected);
    while($row2 = mysqli_fetch_assoc($result2))
    {
        print_r($row2);
    }
}
?>

I also tried adding the $item['product_ID'] variable to make the 'add' input unique, using 

<input type='hidden' name='".$item['product_ID']."_add' value='yes'>

but I couldn't figure out how to add another variable to the $_POST array. I should also mention that I'm using sessions for this project, and I'm not quite sure how to add their shopping cart to the $_SESSION variable. How can I fix this?

Solution

  • You'll want to add more hidden fields to your form. At least:

    <input type='hidden' name='product_ID' value='".$item['product_ID']."'>

    This will add another variable to the $_POST array when the user clicks Add to Cart.

    At the start of each page, you should have a call to session_start();. Then, simply assign the values for your cart to session variables like so:

    if(isset($_POST['add']) and $_POST['add'] == 'yes') {
    if (!isset($_SESSION['cart'])) {
        $_SESSION['cart']=array();
    }
    array_push($_SESSION['cart'], $_POST);
}

    Then (when the user places the order) you would scrub the input, to prevent SQL injection, and add a new SQL query, perhaps something like;

    //submit selected items
foreach ($_SESSION['cart'] as $cart_item) {
    $pid=scrub($cart_item['product_ID']);
    $amount=scrub($cart_item['amount']);
    $inserted = "INSERT INTO orders (user, product_id, amount, when) VALUES (".$uid.", ".$pid.", ".$amount.", NOW())";
    $result3 = mysqli_query($cxn,$inserted);
}

    Of course, you'll have to create the function scrub to scrub your input, but that's outside the scope of the question.