PHP

Updating the Shopping Cart Quantities

The cart.6 script, which updates the quantities of items in the shopping cart, is shown in Example 11-5. The script is requested by the cart.2 script and expects GET method parameters of item_id and update quantity pairs. For example, consider the following request for the script:

http://localhost/example.cart.6.php?1=12&2=13&3=6&update=Update+Quantities

This requests that the quantity of the first item in the cart be updated to 12 bottles, the second item to 13 bottles, and the third item to 6 bottles.

The script works as follows:

  1. It untaints the user data using the clean( ) function and assigns the results into the array parameters.

  2. It uses the foreach loop statement to iterate through each parameter. For each parameter that isn't the update parameter, it checks to ensure that the item_id and the quantity are both numbers of less than four or three digits in length, respectively. If this test fails, a message is registered as a session variable and displayed after the script redirects back to the cart.2 script.

  3. If the quantity of the wine is zero, the item is deleted from the cart.

  4. If the quantity is non-zero, the quantity is updated to the value passed as a parameter.

  5. If the cart is now empty-which happens if all items are set to zero quantities- the cart is deleted by removing the cart row from the orders table.

  6. The script redirects back to the cart.2 script.

Example 11-5. cart.6 updates the quantities of wines in the shopping cart
<?php
   // This script updates quantities in the cart
   // It expects parameters of the form aaa=bbb
   // where aaa is a wine_id and bbb is the new
   // quantity of that wine that should be in the
   // cart
   include 'include.inc';
   set_error_handler("errorHandler");
   // Re-establish the existing session
   session_start(  );
   // Clean up the data, and save the results
   // in an array
   foreach($HTTP_GET_VARS as $varname => $value)
           $parameters[$varname] = clean($value, 4);
   // Did they want to update the quantities?
   // (this should be true except if the user arrives
   // here unexpectedly)
   if (empty($parameters["update"]))
   {
      session_register("message");
      $message = "Incorrect parameters to ".
                 "example.cart.6.php";
      // Redirect the browser back to the calling page
      header("Location: $HTTP_REFERER");
      exit;
   }
   // Open a connection to the DBMS
   if (!($connection = @ mysql_connect($hostName,
                                     $username,
                                     $password)))
      showerror(  );
   if (!mysql_select_db($databaseName, $connection))
      showerror(  );
   // If the user has added items to their cart, then
   // the variable order_no will be registered
   // Go through each submitted value and update the cart
   foreach($parameters as $itemName => $itemValue)
   {
      // Ignore the update variable
      if ($itemName != "update")
      {
         // The item's name must look like a wine_id
         if (ereg("^[0-9]{1,4}$", $itemName))
         {
            // The update value must be a number
            if (ereg("^[0-9]{1,3}$", $itemValue))
            {
               // If the number is zero, delete the item
               if ($itemValue == 0)
                  $query = "DELETE FROM items
                            WHERE cust_id = -1
                            AND order_id = $order_no
                            AND item_id = $itemName";
               else
                 // otherwise, update the value
                 $query = "UPDATE items
                           SET qty = $itemValue
                           WHERE cust_id = -1
                           AND order_id = $order_no
                           AND item_id = $itemName";
               if (!(@ mysql_query ($query, $connection)))
                  showerror(  );
            } // if (ereg("^[0-9]{1,3}$", $itemValue))
            else
            {
              session_register("message");
              $message = "There was an error updating " .
                         "your quantities. Try again.";
            }
         } // if (ereg("^[0-9]{1,4}$", $itemName))
         else
         {
           session_register("message");
           $message = "There was an error updating " .
                      "quantities. Try again.";
         }
      } // if ($itemName != "update")
   } // foreach($parameters as $itemName => $itemValue)
   // The cart may now be empty. Check this.
   $query = "SELECT count(*)
             FROM items
             WHERE cust_id = -1
             AND order_id = $order_no";
   if (!($result = @ mysql_query ($query, $connection)))
      showerror(  );
   $row = mysql_fetch_array($result);
   // Are there no items left?
   if ($row["count(*)"] == 0)
   {
      // Delete the order
      $query = "DELETE FROM orders
                WHERE cust_id = -1
                AND order_id = $order_no";
      if (!(@ mysql_query ($query, $connection)))
         showerror(  );
      session_unregister("order_no");
   }
   // Go back to the cart
   header("Location: example.cart.2.php");
   exit;
?>

We have now completed our discussion of the shopping cart implementation. Converting a shopping cart to an order is discussed in Chapter 12. In the next section, we discuss how redirection is managed in the winestore application.