http://localhost/example.cart.6.php?1=12&2=13&3=6&update=Update+Quantities
This requests that the quantity of the first item in the cart be updated to 12 bottles, the second item to 13 bottles, and the third item to 6 bottles.
The script works as follows:
-
It untaints the user data using the
clean( )
function and assigns the results into the arrayparameters
. -
It uses the
foreach
loop statement to iterate through each parameter. For each parameter that isn't theupdate
parameter, it checks to ensure that theitem_id
and the quantity are both numbers of less than four or three digits in length, respectively. If this test fails, a message is registered as a session variable and displayed after the script redirects back to the cart.2 script. -
If the quantity of the wine is zero, the item is deleted from the cart.
-
If the quantity is non-zero, the quantity is updated to the value passed as a parameter.
-
If the cart is now empty-which happens if all items are set to zero quantities- the cart is deleted by removing the cart row from the orders table.
-
The script redirects back to the cart.2 script.
Example 11-5. cart.6 updates the quantities of wines in the shopping cart
<?php // This script updates quantities in the cart // It expects parameters of the form aaa=bbb // where aaa is a wine_id and bbb is the new // quantity of that wine that should be in the // cart include 'include.inc'; set_error_handler("errorHandler"); // Re-establish the existing session session_start( ); // Clean up the data, and save the results // in an array foreach($HTTP_GET_VARS as $varname => $value) $parameters[$varname] = clean($value, 4); // Did they want to update the quantities? // (this should be true except if the user arrives // here unexpectedly) if (empty($parameters["update"])) { session_register("message"); $message = "Incorrect parameters to ". "example.cart.6.php"; // Redirect the browser back to the calling page header("Location: $HTTP_REFERER"); exit; } // Open a connection to the DBMS if (!($connection = @ mysql_connect($hostName, $username, $password))) showerror( ); if (!mysql_select_db($databaseName, $connection)) showerror( ); // If the user has added items to their cart, then // the variable order_no will be registered // Go through each submitted value and update the cart foreach($parameters as $itemName => $itemValue) { // Ignore the update variable if ($itemName != "update") { // The item's name must look like a wine_id if (ereg("^[0-9]{1,4}$", $itemName)) { // The update value must be a number if (ereg("^[0-9]{1,3}$", $itemValue)) { // If the number is zero, delete the item if ($itemValue == 0) $query = "DELETE FROM items WHERE cust_id = -1 AND order_id = $order_no AND item_id = $itemName"; else // otherwise, update the value $query = "UPDATE items SET qty = $itemValue WHERE cust_id = -1 AND order_id = $order_no AND item_id = $itemName"; if (!(@ mysql_query ($query, $connection))) showerror( ); } // if (ereg("^[0-9]{1,3}$", $itemValue)) else { session_register("message"); $message = "There was an error updating " . "your quantities. Try again."; } } // if (ereg("^[0-9]{1,4}$", $itemName)) else { session_register("message"); $message = "There was an error updating " . "quantities. Try again."; } } // if ($itemName != "update") } // foreach($parameters as $itemName => $itemValue) // The cart may now be empty. Check this. $query = "SELECT count(*) FROM items WHERE cust_id = -1 AND order_id = $order_no"; if (!($result = @ mysql_query ($query, $connection))) showerror( ); $row = mysql_fetch_array($result); // Are there no items left? if ($row["count(*)"] == 0) { // Delete the order $query = "DELETE FROM orders WHERE cust_id = -1 AND order_id = $order_no"; if (!(@ mysql_query ($query, $connection))) showerror( ); session_unregister("order_no"); } // Go back to the cart header("Location: example.cart.2.php"); exit; ?>
We have now completed our discussion of the shopping cart implementation. Converting a shopping cart to an order is discussed in Chapter 12. In the next section, we discuss how redirection is managed in the winestore application.