can anyone help me to check and correct the code??thanks in advance..
remove.php
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;
$cartid = $_SESSION['cartid'];
$id = $_SESSION['id'];
$username = $_SESSION['username'];
$pid=$_REQUEST['pid'];
$pname=$_REQUEST['pname'];
$uprice=$_REQUEST['uprice'];
$exactQuantity=$_REQUEST['quantity'];
$removeQuantity = 0;
$query = 'SELECT quantity FROM cart WHERE id = "'. mysql_real_escape_string($id) . '"
AND pid = "'. mysql_real_escape_string($pid) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result)){
$exactQuantity = $data->quantity;
if($removeQuantity > $exactQuantity){
echo"<script>alert(\"You only have" . $data->quantity . " quantity for this item.\")</script><script>window.location='viewCart.php?id=$id'</script>";
}
else if($removeQuantity < $exactQuantity){
$newQuantity = 0;
if($data1 = mysql_fetch_object($result)){
$newQuantity = $data1->quantity;
$newQuantity -= $removeQuantity;
$query1 = 'UPDATE cart set quantity ="'.$newQuantity.'" WHERE id = "'. mysql_real_escape_string($id) . '"
AND pid = "'. mysql_real_escape_string($pid) . '"';
$result1 = mysql_query($query1);
echo"<script>alert(\"Updated Successfully!\")</script><script>window.location='viewCart.php?id=$id'</script>";
}
}
else{
$query2 = 'DELETE FROM cart WHERE pid = "'. mysql_real_escape_string($pid) . '"';
$result2 = mysql_query($query2);
echo"<script>alert(\"Deleted Successfully!\")</script><script>window.location='viewCart.php?id=$id'</script>";
}
}
?>