remove items from shopping cart session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
benracer
Forum Newbie
Posts: 2
Joined: Wed Oct 03, 2007 5:20 pm

remove items from shopping cart session

Post by benracer »

hi all,
i have a shopping cart that works but i want to add an option to delete a product. here is what i have tried so far...

The ADD to cart bit....

Code: Select all

<?php 
session_start(); 

if (count($_SESSION["cart"]) < 1) { 
    $_SESSION["cart"] = array(); 
} 

$_SESSION["cart"][] = $_POST["itemid"]; 


header("location:cart.php"); 

?>
the carts remove item button


the form on the cart that send the id of the product selected.

Code: Select all


<form id="id" name="id" method="post" action="/remove_item.php">
       <input name="id" type="hidden" id="id" value="<? echo $info['id']; ?>" />
       <input name="Submit" type="submit" class="formbox" value="Remove" />
</form>
Then the php script that it posts to is...

Code: Select all

<?php 
$_SESSION['cart'][] = $itemid; 
$id=$_POST['id']; 
unset($_SESSION['cart'][$id]); 
header("location:cart.php");
?>
though no error is displayed and the script is receiving the id from the form???

any help would be appreciated,
cheers
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Your code doesn't add elements to the array with a key that is the item's ID.
benracer
Forum Newbie
Posts: 2
Joined: Wed Oct 03, 2007 5:20 pm

Post by benracer »

so how can i get this to work ?
thanks a lot :lol:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If you unwind my previous response, you get the answer.

Either add the elements using the item's ID or change your removal code to properly find and remove the item in question.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

When you are displaying your form, how are you displaying the cart items?

If you're going something like

Code: Select all

foreach($_SESSION['cart'] as $slot_id=>$slot_item) {
   // output a row from the cart
}
Then you should be using $slot_id as the id to use in the delete script.

Also ... What is this line supposed to be doing?

Code: Select all

$_SESSION['cart'][] = $itemid;
Last point ... and it's not really here or there, but is ther any reason you are POSTing the id, and not just passing it as an argument on the submit URL?

ie.

Code: Select all

<form id="id" name="id" method="post" action="/remove_item.php@id=<?php echo $slot_id; ?>">
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Removing an item from a cart alters the state of something. Under various "rules" that means we must use POST.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

Really? What 'rules' are these, and whats the logic there?

There doesn't seem to be much benefit with POSTing the value. It's still a user supplied variable, so has no more trust than a GET variable.

I'd be interested to know any other reasons, as I've always done it with GET variables and never thought much of it. Might have to have a re-think if there are other reasons.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It's not a matter of trust. It's simply a matter of choosing to have state altering decisions posted so the browser alerts the user if they attempt to do it again accidentally.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

Sorry, last post on this ... not meaning to derail this thread.

I generally post back to the same page and do the processing in the code block at the top. On success, I generally make a header() call to go back to either an earlier page or the same page without the URL arguments.

From there, hitting back will skip the argumented URL entirely, and refresh will simply refresh the current view. By doing this, don't I bypass this issue anyhow?

Just out of interest, I also do a header redirect after form submits so that form submissions cant be backed into at all. I normally also couple that with form tokens to prevent form re-use if the user does happen to back over the submission and into the form itself.

It's a good point though, and definitely worth some thought.

Thanks
Post Reply