Queries the database for product details (price, name, stock). Updates the user's $_SESSION['cart'] array.
By following these steps, you can create a reliable and secure cart system that properly handles item quantities, enhancing user experience and site functionality 2.2.3 . add-cart.php num
$id = $_GET['num']; $query = "SELECT * FROM products WHERE id = " . $id; Use code with caution. Queries the database for product details (price, name,
// Initialize cart if (!isset($_SESSION['cart'])) $_SESSION['cart'] = []; $id = $_GET['num']; $query = "SELECT * FROM
$stmt = $conn->prepare("SELECT price, stock FROM products WHERE id = ? AND active = 1"); $stmt->bind_param("i", $product_id); $stmt->execute();
In a vulnerable application, the add-cart.php script simply takes the num (quantity) provided in the URL or POST body and adds it directly to the user's session or database cart without validation.
// CSRF check if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'] ?? '')) die('Invalid request');