What is a more secure way of going about adding an item to a cart that does not include adding the $id of an item to the URL?
This is my current PHP code for adding an item to the cart
Code that adds to cart:
if(isset($_GET['id'])){
addToCart($_GET['id']);
}
Code that displays button "Add to cart"
echo "</br><a href='index.php?id={$item->getItemID()}'><button>Add To Cart</button></a></br>";
Your code needs to know what the user selected, whichever solution you come up with. Your PHP has to know somehow which change the user made.
This info orginates from the client (they select/click/change/submit something). You could encrypt it clientside, but the "bad guy" could still just alter the ID with any console tool, and your code will encrypt that nice and neatly and continue as if it where normal.
Instead, think of a way to secure this bit of data. Most common solution for protecting data transer is via https, now you at least know the data is only know to you and the client. And possibly build extra checks (like max 10 items).
If this is to avoid bots, just add a hidden input at the confirmationstep of your cart (the step that actually stores/sends/processes the cart data). Use javascript to fill it to some value (ex 'banana') and check serverside if that value has been set. If not -> 'twas a bot.