Page 1 of 1

remove items from shopping cart session

Posted: Wed Oct 03, 2007 5:25 pm
by benracer
hi all,
i have a shopping cart that works but i want to add an option to delete a product. here is what i have tried so far...

The ADD to cart bit....

Code: Select all

<?php 
session_start(); 

if (count($_SESSION["cart"]) < 1) { 
    $_SESSION["cart"] = array(); 
} 

$_SESSION["cart"][] = $_POST["itemid"]; 


header("location:cart.php"); 

?>
the carts remove item button


the form on the cart that send the id of the product selected.

Code: Select all


<form id="id" name="id" method="post" action="/remove_item.php">
       <input name="id" type="hidden" id="id" value="<? echo $info['id']; ?>" />
       <input name="Submit" type="submit" class="formbox" value="Remove" />
</form>
Then the php script that it posts to is...

Code: Select all

<?php 
$_SESSION['cart'][] = $itemid; 
$id=$_POST['id']; 
unset($_SESSION['cart'][$id]); 
header("location:cart.php");
?>
though no error is displayed and the script is receiving the id from the form???

any help would be appreciated,
cheers

Posted: Wed Oct 03, 2007 5:28 pm
by feyd
Your code doesn't add elements to the array with a key that is the item's ID.

Posted: Wed Oct 03, 2007 6:01 pm
by benracer
so how can i get this to work ?
thanks a lot :lol:

Posted: Wed Oct 03, 2007 7:00 pm
by feyd
If you unwind my previous response, you get the answer.

Either add the elements using the item's ID or change your removal code to properly find and remove the item in question.

Posted: Wed Oct 03, 2007 9:15 pm
by Stryks
When you are displaying your form, how are you displaying the cart items?

If you're going something like

Code: Select all

foreach($_SESSION['cart'] as $slot_id=>$slot_item) {
   // output a row from the cart
}
Then you should be using $slot_id as the id to use in the delete script.

Also ... What is this line supposed to be doing?

Code: Select all

$_SESSION['cart'][] = $itemid;
Last point ... and it's not really here or there, but is ther any reason you are POSTing the id, and not just passing it as an argument on the submit URL?

ie.

Code: Select all

<form id="id" name="id" method="post" action="/remove_item.php@id=<?php echo $slot_id; ?>">

Posted: Wed Oct 03, 2007 9:44 pm
by feyd
Removing an item from a cart alters the state of something. Under various "rules" that means we must use POST.

Posted: Wed Oct 03, 2007 10:13 pm
by Stryks
Really? What 'rules' are these, and whats the logic there?

There doesn't seem to be much benefit with POSTing the value. It's still a user supplied variable, so has no more trust than a GET variable.

I'd be interested to know any other reasons, as I've always done it with GET variables and never thought much of it. Might have to have a re-think if there are other reasons.

Posted: Wed Oct 03, 2007 10:28 pm
by feyd
It's not a matter of trust. It's simply a matter of choosing to have state altering decisions posted so the browser alerts the user if they attempt to do it again accidentally.

Posted: Wed Oct 03, 2007 10:48 pm
by Stryks
Sorry, last post on this ... not meaning to derail this thread.

I generally post back to the same page and do the processing in the code block at the top. On success, I generally make a header() call to go back to either an earlier page or the same page without the URL arguments.

From there, hitting back will skip the argumented URL entirely, and refresh will simply refresh the current view. By doing this, don't I bypass this issue anyhow?

Just out of interest, I also do a header redirect after form submits so that form submissions cant be backed into at all. I normally also couple that with form tokens to prevent form re-use if the user does happen to back over the submission and into the form itself.

It's a good point though, and definitely worth some thought.

Thanks