Hi JakeJ!
Thanks for the reply.
$_GET retains the values after submitting a form
isnt it the $_POST that retains the values after sub a from?
Here you can see a part of the code wich creates a table with al the items and for each item a link to order it. (
Code: Select all
echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";
)
Code: Select all
mysql_query($query); // execute the defined $query.
$result = mysql_query($query); // $result is given the mysql_query($query) value (this is sort of array).
$num = mysql_num_rows($result); // we need to know how many rows there are in the $result.
mysql_close();
//----------------------------------------------------------------------------------------------- create the items table
<table>
$i=0;
while ($i < $num) {
$merk = mysql_result($result,$i,"PublisherName");
$beschrijving = mysql_result($result,$i,"Description");
$prijs = mysql_result($result,$i,"PricePersonal_Eur");
$recupel = mysql_result($result,$i,"RecupelEUR");
$stock = mysql_result($result,$i,"Stock");
$id = mysql_result($result,$i,"ArtID");
$prijsexcl = (round($prijs*$_SESSION ['marge'],0) + $_SESSION ['levering']);
$prijsincl = ((round($prijs*$_SESSION ['marge'],0)*$_SESSION ['btw']) + $_SESSION ['levering']);
echo "<tr>";
echo "<td>" . $merk . "</td>";
echo "<td>" . utf8_encode($beschrijving) . "</td>";
echo "<td>" . $prijsexcl . "</td>";
echo "<td>" . $prijsincl . "</td>";
echo "<td>" . $recupel . "</td>";
echo "<td>" . $stock . "</td>";
echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";
}
echo "<tr>";
$i++;
}
?>
</table>
When a customer clicks to order, they go to
http://localhost/phpsite/shop.php?&artid=1518605
I use the variable $_GET['artid'].
With isset i check wether $_GET['artid'] is set, and when it is set, ik use $_GET['artid'] to write some values into a mysql database:
Code: Select all
if (isset ($_GET["artid"])){ //if is set, starts adding item to cart table of the database.
if (isset ($_SESSION['user_account'])) { // checks is user is logged in. If true, data is added to the cart table
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO cart VALUES ('','".$_SESSION['user_email']."','".$_GET['merk']."','".$_GET['beschrijving']."','".$_GET['prijsexcl']."','".$_GET['prijsincl']."','".$_GET['recupel']."','".$_GET['stock']."','" . $_GET["artid"] . "')"; // al the $_GET variables and the $_SESSION variable are put into the cart table.
mysql_query($query);
mysql_close();
} else { // if user isnt signed in, a message is displayed
$_SESSION['warning'] = "gelieve U eerst aan te melden!";
echo "<div align=\"center\" style=\"color:#C00\">".$_SESSION['warning']."  </div><br>";
}
}
This works, but when i refresh the browser page, he execute it again, so the item gets written a second time into the mysql database... i dont want that
Not that a customer will refresh a page much, but its something i dont want to be possible to happen...
So i'm looking for a way that when a page refresh is executed, it doesnt execute the code again. But is has to execute the code again when a item is ordered...
Since i use
Code: Select all
echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";
in the table, i cant use $_POST.
I have read that i can only use POST with a form. I use a table to list all the shop items...
How can i make sure that when a user accidentally refreshes the page, the item isnt added a second time...
As for the security reason, there are indeed some security holes. The good this is, that the customer money has to be on our money account before we order it... and the customer has to be registered and veryfied before they can oder something... i this this take care of the most security issues? or are there other that i'm not aware off?
Hope i'm explaining it in an understandable manner...
The short story:
I use a get variable in the url to put data in a mysql database.
When refreshing the page, its added again because the get variable is still set. i dont want that
Thanks!