When I click on Add to cart hyperlink, cart.php page is not responding (it's not echoing the add variable. Hyperlink looks fine. However, there is something wrong in cart.php. Any response is appreciated. Thanks in advance.
<html>
<head>
</head>
<body>
<table>
<tr>
<td><?php echo $row['ISBN']; ?></td>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['title']; ?></td>
<td><?php echo $row['year']; ?></td>
<td><?php echo $row['price']; ?></td>
<td><?php echo $row['publisher']; ?></td>
<td> <a href="cart.php?add=abc">Add to cart</a></td>
<td><?php echo $row['ISBN']; ?></td>
</tr>
</table>
</body>
</html>
cart.php page:
<?php
//
session_start();
$page = 'search.php';
$lpage = 'cart.php';
$db = new mysqli('localhost', 'root', '', 'cheapbook') or die('Error connecting to MySQL server.');
mysqli_set_charset($db, 'utf8');
if (isset($_GET['add'])) {
echo $_GET['add'];
$pieces = explode(":", $_GET['add']);
$quantity = mysqli_query('SELECT ISBN, title from book WHERE ISBN=$pieces[0]');
$result = mysqli_query($db, $quantity);
while ($quantity_row = mysqli_fetch_array($result)) {
if ($quantity_row['quantity'] != $_SESSION['cart_' . $_GET['add']]) {
$_SESSION['cart_' . $_GET['add']] += 1;
}
}
if ($pieces[1] == 'SearchByBookTitle') {
header('location:' . $page . 'SearchByBookTitle=' . $pieces[2]);
}
if ($pieces[1] == 'SearchByAuthor') {
header('location:' . $page . 'SearchByAuthor=' . $pieces[2]);
echo $pieces[1];
} else {
header('location:' . $lpage);
}
}
if (isset($_GET['remove'])) {
$_SESSION['cart_' . $_GET['remove']]--;
header('location:' . $page);
}
if (isset($_GET['delete'])) {
$_SESSION['cart_' . $_GET['remove']]--;
header('location:' . $page);
}
if (isset($_GET['cart'])) {
cart();
}
function cart()
{
foreach ($_SESSION as $name => $value) {
if ($value > 0) {
if (substr($name, 0, 5) == 'curt_') {
$total = 0;
$id = substr($name, 5, (strlen($name) - 5));
$get = mysql_query("SELECT ISBN, title, price FROM book where id='.$id.'");
$result = mysqli_query($db, $get);
while ($get_row = mysqli_fetch_array($result)) {
$sub = $get_row['price'] * $value;
echo $get_row['title'] . 'X' . $value . '@Dollar' . $get_row['price'] . '=' . $sub . '<a href="cart.php?remove=.$id.">[-]</a><a href="cart.php?add=.$id.">[+]</a><a href="cart.php?delete=.$id.">[Delete]</a>';
}
$total += $sub;
}
}
if ($total == 0) {
echo "Your cart is empty";
} else {
echo "Paypal button";
}
}
}
?>
This query coded like this of course will not work as expected
$quantity = mysqli_query('SELECT ISBN, title
from book
WHERE ISBN=$pieces[0]');
You need a double quoted string to use variable expansion, it does not work in a single quoted string.
You also need to add single quotes around the text varibale parameter value
$quantity = mysqli_query("SELECT ISBN, title
from book
WHERE ISBN='$pieces[0]'");
In future you would be well advised to add some error checking code after you attempt to execute a query and also use prepared and parameterised queries to avoid SQL Injection
$sql = "SELECT ISBN, title from book WHERE ISBN=?";
$stmt = mysqli_prepare($sql);
if ( ! $stmt ) {
echo mysqli_error();
exit;
}
$stmt->bind_param('s', $pieces[0] );
$stmt->execute();