http://localhost/example.cart.6.php?1=12&2=13&3=6&update=Update+Quantities
This requests that the quantity of the first item in the cart be updated to 12 bottles, the second item to 13 bottles, and the third item to 6 bottles.
The script works as follows:
-
It untaints the user data using the
clean( )function and assigns the results into the arrayparameters. -
It uses the
foreachloop statement to iterate through each parameter. For each parameter that isn't theupdateparameter, it checks to ensure that theitem_idand the quantity are both numbers of less than four or three digits in length, respectively. If this test fails, a message is registered as a session variable and displayed after the script redirects back to the cart.2 script. -
If the quantity of the wine is zero, the item is deleted from the cart.
-
If the quantity is non-zero, the quantity is updated to the value passed as a parameter.
-
If the cart is now empty-which happens if all items are set to zero quantities- the cart is deleted by removing the cart row from the orders table.
-
The script redirects back to the cart.2 script.
Example 11-5. cart.6 updates the quantities of wines in the shopping cart
<?php
// This script updates quantities in the cart
// It expects parameters of the form aaa=bbb
// where aaa is a wine_id and bbb is the new
// quantity of that wine that should be in the
// cart
include 'include.inc';
set_error_handler("errorHandler");
// Re-establish the existing session
session_start( );
// Clean up the data, and save the results
// in an array
foreach($HTTP_GET_VARS as $varname => $value)
$parameters[$varname] = clean($value, 4);
// Did they want to update the quantities?
// (this should be true except if the user arrives
// here unexpectedly)
if (empty($parameters["update"]))
{
session_register("message");
$message = "Incorrect parameters to ".
"example.cart.6.php";
// Redirect the browser back to the calling page
header("Location: $HTTP_REFERER");
exit;
}
// Open a connection to the DBMS
if (!($connection = @ mysql_connect($hostName,
$username,
$password)))
showerror( );
if (!mysql_select_db($databaseName, $connection))
showerror( );
// If the user has added items to their cart, then
// the variable order_no will be registered
// Go through each submitted value and update the cart
foreach($parameters as $itemName => $itemValue)
{
// Ignore the update variable
if ($itemName != "update")
{
// The item's name must look like a wine_id
if (ereg("^[0-9]{1,4}$", $itemName))
{
// The update value must be a number
if (ereg("^[0-9]{1,3}$", $itemValue))
{
// If the number is zero, delete the item
if ($itemValue == 0)
$query = "DELETE FROM items
WHERE cust_id = -1
AND order_id = $order_no
AND item_id = $itemName";
else
// otherwise, update the value
$query = "UPDATE items
SET qty = $itemValue
WHERE cust_id = -1
AND order_id = $order_no
AND item_id = $itemName";
if (!(@ mysql_query ($query, $connection)))
showerror( );
} // if (ereg("^[0-9]{1,3}$", $itemValue))
else
{
session_register("message");
$message = "There was an error updating " .
"your quantities. Try again.";
}
} // if (ereg("^[0-9]{1,4}$", $itemName))
else
{
session_register("message");
$message = "There was an error updating " .
"quantities. Try again.";
}
} // if ($itemName != "update")
} // foreach($parameters as $itemName => $itemValue)
// The cart may now be empty. Check this.
$query = "SELECT count(*)
FROM items
WHERE cust_id = -1
AND order_id = $order_no";
if (!($result = @ mysql_query ($query, $connection)))
showerror( );
$row = mysql_fetch_array($result);
// Are there no items left?
if ($row["count(*)"] == 0)
{
// Delete the order
$query = "DELETE FROM orders
WHERE cust_id = -1
AND order_id = $order_no";
if (!(@ mysql_query ($query, $connection)))
showerror( );
session_unregister("order_no");
}
// Go back to the cart
header("Location: example.cart.2.php");
exit;
?>
We have now completed our discussion of the shopping cart implementation. Converting a shopping cart to an order is discussed in Chapter 12. In the next section, we discuss how redirection is managed in the winestore application.