That's the code below, It will get the ids variable from the url coming from page1.php,
http://www.stores.com/cart.php?action=add_item&ids=1&qty=1®ister=0&id=4
then it will either add, update or remove the item you can see the ids in each of the cases along witht he qty and id variable as well found int he url as below: then the script will develop the function AddItem, UpdateItem and RemoveItem. In each of those functions the scrip will either SELECT, UPDATE or DELETE from the database the info acourding to the existance of the id inside the database if I am not wrong. Then there is a big query below that will query the results in tables dkb and cdkb according to the id in the table cart If I am not wrong not clear on that. But the thing is that there is a second page call page2.php that has a slightly differences and it is the idc variable in it instead of ids.
http://www.stores.com/cart.php?action=add_item&idc=1&qty=1®ister=0&id=4
I might be wrong on building these two url to signal the script to display the results coming from page1.php in a different way and display the results of page2.php in another way.
<?php
function ShowCart()
{
$result = mysql_query("SELECT
cart.id cart_id,
cart.id cart_id,
cart.cartId cartId,
cart.cookieId cookie_Id,
cart.qty qt_y,
cdkb.id cdkb_id,
cdkb.name name,
cdkb.image image,
cdkb.price price,
dkb.id dkb_id,
dkb.name name1,
开发者_StackOverflow dkb.image image1,
dkb.price price2,
dbl.product_id product_id,
dbl.price price3,
dbl.variety variety,
dbl.description description
FROM
cart
LEFT OUTER JOIN cdkb
ON cart.id = cdkb.id
LEFT OUTER JOIN dkb
ON cart.id = dkb.id
LEFT OUTER JOIN dbl
ON dbl.id = dkb.id
WHERE
cart.cookieId ='" . GetCartId() . "' ' ORDER BY cdkb.name AND dkb.name ASC");
<div id="cart">
<div id="group">
<div id="quantity">Qty</div>
<div id="cartpic">Pic</div>
<div id="product">Product</div>
<div id="cartprice">Price</div>
<div id="remove">Remove</div>
</div>
<?php
$totalCost=0;
while($row = mysql_fetch_array($result))
{
// Increment the total cost of all items
$totalCost += ($row["qt_y"] * $row["price1"]);
?>
<div id="cart1">
<select name="<?php echo $row["ckb_id"];?>" onChange="UpdateQty(this)">
<?php print($row["ckb_id"]);?>
<?php
for($i = 1; $i <= 30; $i++)
{
echo "<option ";
if($row["qt_y"] == $i)
{
echo " SELECTED ";
}
echo ">" . $i . "</option>";
}
?>
</select>
</div>
<div id="cart2">
<img src="images/logopic.gif"<?php /*?><?php echo $row["image1"]; ?><?php */?> alt="we" width="60" height="50" />
</div>
<div id="cart3"><p><?php echo $row["dishname1"]; ?></p></div>
<div id="cart4"><p>
$<?php echo number_format($row["price3"], 2, ".", ","); ?></p></div>
<div id="cart5">
<p><?php
printf('<a href="cart.php?action=remove_item&id=%d&idc=%d®ister=%s">Remove</a>', $_GET['id'], $row['ckb_id'], $_GET['register']);
?></p></div>
<hr size="1" color="red" >
<script language="JavaScript">
function UpdateQty(item)
{
itemId = item.name;
newQty = item.options[item.selectedIndex].text;
document.location.href = 'cart.php?action=update_item&id='+itemId+'&qty='+newQty;
}
</script>
<?php
}
?>
<font face="verdana" size="2" color="black" style="clear:right;">
<b>Total: $<?php echo number_format($totalCost, 2, ".", ","); ?></b></font></td>
<?php
}
?>
You are getting quantity and other stuff from url, that is not good practice in my view, url tampering can be done (although you are not putting anything secret in url), XSS attacks are common taking place from both urls and input fields. I would suggest you to use session instead. Of course nothing is perfect, but it makes it less vulnerable.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论