hi,
i want tutorials on shopping cart..
can u guide me in creating shopping cart...
shopping cart
Moderator: General Moderators
-
Newline2003
- Forum Newbie
- Posts: 7
- Joined: Wed Feb 06, 2008 10:59 pm
Re: shopping cart
What part do you need help with? A simple cart is at least 25 pages of code. A useable cart is around 100 pages. I am finishing up a new cart system, it has 41 folders and 651 files. Let me know what you need and I'll try to help
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: shopping cart
That sounds suspiciously monstrous. I think a small cart system would have the following pages:Newline2003 wrote:I am finishing up a new cart system, it has 41 folders and 651 files.
- List of products (maybe in a category)
- Product detail page
- Shopping cart
- Checkout - Address / Shipping
- Checkout - Credit Card / Verify order
- Checkout - Order Confirmation
- Checkout - Order Emails
- Admin - list of orders
- Admin - order detail
That's about 10, though obviously some of the pages would be used multiple times to display database product and order records. But there is quite a bit that goes into those pages.
(#10850)
-
Newline2003
- Forum Newbie
- Posts: 7
- Joined: Wed Feb 06, 2008 10:59 pm
Re: shopping cart
I am a little surprised by the moderator post. He writes "admin list of orders" as one page. The only thing with that is a basic admin is 25 to 30 pages. login page, login check page, lost password page, lost password check and send page and so on.
But I guess If you just want to add into a cart you could get it done with just a few pages. When I think of a cart, I try to think of everything that will make my life easier. Customer login, for checking invoices and such. Admin for adding products, coupons, shipping, pages and so much more. There is just so much involved in making a good shopping cart system. Look at oscommerce.com .I don't want to knock it but I find it very hard to edit and not so user friendly.
This is an old version of my add to cart but I might help. There are a few security issues, but overall it does work. Many of the feature can be removed to simplify the process.
The item page, You will hide all this information. Where the echo are you can just write in the info.
The hidden page we post into "add_cart.php"
Now to display the cart
Im sure its not the best way to run a cart but it works well for me.
But I guess If you just want to add into a cart you could get it done with just a few pages. When I think of a cart, I try to think of everything that will make my life easier. Customer login, for checking invoices and such. Admin for adding products, coupons, shipping, pages and so much more. There is just so much involved in making a good shopping cart system. Look at oscommerce.com .I don't want to knock it but I find it very hard to edit and not so user friendly.
This is an old version of my add to cart but I might help. There are a few security issues, but overall it does work. Many of the feature can be removed to simplify the process.
The item page, You will hide all this information. Where the echo are you can just write in the info.
Code: Select all
<form name="form_cart" method="post" action="store/add_cart.php">
<input type="hidden" name="goes_with" size="2" value="<?php echo $aidd;?>"> ///cookie
<input type="hidden" name="item_pic" size="2" value="<?php echo $item_pic;?>">
<input type="hidden" name="item_idd" size="2" value="<?php echo $item_num;?>">
<input type="hidden" name="item_name" size="2" value="<?php echo $item_name;?>">
<input type="hidden" name="item_number" size="1" value="<?php echo $item_number;?>">
<input type="hidden" name="item_price" size="1" value="<?php echo $item_price;?>">
<input type="hidden" name="item_price_whole" size="1" value="<?php echo $item_price_whole;?>">
<input type="hidden" name="item_pounds" size="1" value="<?php echo $item_pounds;?>">
<input type="hidden" name="item_ounces" size="1" value="<?php echo $item_ounces;?>">
</form>Code: Select all
<?php
define('DOCROOT', $_SERVER['DOCUMENT_ROOT']);
include(DOCROOT."/admin/dbc.php");
/////////////// Below we check to see if the users cookie exists
$timee = time();
if ( empty( $_REQUEST['aidd'] ) ) {
echo "There has been a problem";
die;
}
//////////////////////////////////////////////
/////////////////////// This information was sent from the item page
/////////////////////// We will use it to add info into the cart
//////////////////////////////////////////////
$item_pic = $_POST["item_pic"];
$item_name = $_POST["item_name"];
$item_number = $_POST["item_number"];
$item_price = $_POST["item_price"];
$item_stock = $_POST["item_stock"];
$item_featured = $_POST["item_featured"];
$goes_with = $_POST["goes_with"];
$goes_with_two = $_POST["goes_with_two"];
$item_des = $_POST["item_des"];
$item_pounds = $_POST["item_pounds"];
$item_ounces = $_POST["item_ounces"];
$goes_with = $_POST["goes_with"]; ////// is the users cookie
$item_idd = $_POST["item_idd"];
if ($item_stock == 'Out Of Stock') {
header("Location: /index.php?show=6&item_num=$item_idd&message=Sorry,+this+item+is+out+of+stock.");
die;
}
//////////////////////////////////////////////
/////////////////////// Here we see if the item is already in the cart
//////////////////////////////////////////////
$SQL = "SELECT * from CART WHERE goes_with = '$goes_with' and item_number = '$item_number'";
$result = mysql_query( $SQL );
while( $row = mysql_fetch_array( $result ) ) {
$item_weight = $row["item_weight"];
$item_pri = $row["item_price"];
$item_num = $row["item_number"];
$item_st = $row["item_qty"];
$cart_id = $row["cart_id"];
}
if ($item_num == $item_number) {
////////////// Updates the stock for this item only
$new_qty = $item_st + $item_stock;
////////////// Updates the price for this item only
$get_price = $item_price * $item_stock;
$final_price = $item_pri + $get_price;
////////////// Get the weight from the shopping cart for this item only
$get_shopping_cart_weight = $item_weight * 16;
////////////// Get from ounces getting posted, not from the cart
$new_ounces = $item_ounces * $item_stock;
////////////// Get from pounds getting posted, not from the cart
$get_pounds = $item_pounds * $item_stock;
////////////// Turn the pounds into ounces
$new_pounds = $get_pounds * 16;
////////////// Now we want to get the ounces from the cart and the post
$add_all_ounce = $new_pounds + $new_ounces + $get_shopping_cart_weight;
////////////// Now we turn everything in to pounds
$new_weight = $add_all_ounce / 16;
$final_weight = ceil($new_weight);
$sql = "UPDATE CART SET
item_qty = '$new_qty' ,
item_price = '$final_price' ,
item_weight = '$final_weight'
WHERE cart_id = '$cart_id'";
$query = mysql_query($sql) or die("Cannot query the database." . mysql_error());
}
else {
$new_ounces = $item_ounces * $item_stock;
$get_pounds = $item_pounds * $item_stock;
$new_pounds = $get_pounds * 16;
$add_all_ounce = $new_pounds + $new_ounces;
$new_weight = $add_all_ounce / 16;
$final_weight = ceil($new_weight);
$final_price = $item_price * $item_stock;
$sql ="INSERT INTO CART SET goes_with = '$goes_with' , item_name = '$item_name' , item_number = '$item_number' , item_idd = '$item_idd' , item_weight = '$final_weight' ,
item_price = '$final_price' , item_des = '$item_des' , unit_price = '$item_price' , item_qty = '$item_stock' , item_pic = '$item_pic'";
$query = mysql_query($sql) or die("Cannot query the database." . mysql_error());
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<script language="JavaScript">
<!--
function MM_goToURL() { //v3.0
var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}
//-->
</script>
</head>
<body bgcolor="#FFFFFF" text="#000000" onLoad="MM_goToURL('parent','../../index.php?show=7');return document.MM_returnValue">
<p><font face="Verdana" size="2"><b>Please wait....</b></font></p>
</body>
</html>Code: Select all
<table border='1' cellpadding='3' style='border-collapse: collapse' bordercolor='#C0C0C0' height='1' cellspacing='3' width="451">
<?
include 'admin/dbc.php';
echo "<tr>
<td width='25%' height='27'><b><font face='Tahoma' size='2' color='#333333'>
Item</font></b></td>
<td width='25%' height='27'><b><font face='Tahoma' size='2' color='#333333'>
Price</font></b></td>
<td width='25%' height='27'><b><font face='Tahoma' size='2' color='#333333'>
Qty</font></b></td>
<td width='25%' height='27'><b><font face='Tahoma' size='2' color='#333333'>
Total</font></b></td>
</tr>";
$color1 = "#F9F9F9";
$color2 = "#ffffff";
$row_count = 0;
$sql = "SELECT * FROM CART where goes_with = '$aidd' and sold = 'NO' ORDER by cart_id DESC";
$query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error());
while($row = mysql_fetch_array($query)) {
$item_name = $row["item_name"];
$item_number = $row["item_number"];
$item_weight = $row["item_weight"];
$item_price = $row["item_price"];
$unit_price = $row["unit_price"];
$qty = $row["item_qty"];
$item_pic = $row["item_pic"];
$cart_id = $row["cart_id"];
$item_idd = $row["item_idd"];
$row_color = ($row_count % 2) ? $color1 : $color2;
echo "<tr>
<td width='63' bordercolor='#C0C0C0' bgcolor='$row_color' height='1' valign='top'>
<form name='form_cart' method='post' action='store/update_cart.php'>
<input type='hidden' name='cart_id' size='2' value='$cart_id'>
<table border='0' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%' height='1'>
<tr>
<td width='100%' height='13'>
<font face='Arial' color='#333333'><a href='index.php?show=6&item_num=$item_idd'>
<font color='#111111' style='font-size: 9pt'>$item_name</font></a></font><p style='margin-top: 0; margin-bottom: 0'>
<font face='Arial' size='1' color='#333333'><b>Item #</b> $item_number</font></td>
</tr>
<tr>
<td width='100%' height='1'>
<img height='1' src='images/blk_blank.gif' width='181' border='0' hasbox='10'></td>
</tr>
</table>
</td>
<td width='123' bordercolor='#C0C0C0' bgcolor='$row_color' height='1' valign='top'>
<table border='0' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='58%'>
<tr>
<td width='100%'>
<font face='Tahoma' size='2' color='#333333'>$$unit_price</font></td>
</tr>
<tr>
<td width='100%'>
<img height='2' src='images/blk_blank.gif' width='61' border='0' hasbox='10'></td>
</tr>
</table>
</td>
<td width='133' bordercolor='#C0C0C0' bgcolor='$row_color' height='1' valign='top'>
<table border='0' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='56%' height='16'>
<tr>
<td width='100%' height='12' valign='top'>
<table border='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%'>
<tr>
<td width='23%' rowspan='2' valign='top'>
<input type='text' name='item_qty' size='1' value='$qty'></td>
<td width='30%' align='center'>
<p style='margin-top: 0; margin-bottom: 0'>
<font face='Arial' style='font-size: 8pt'>
<input type='image' alt='Update' align='middle' src='images/arrow_gy.gif' border='0' Value='modify' name='m'></font>
</font></td>
<td width='47%'><font face='Arial' style='font-size: 8pt'>Update</font></td>
</tr>
<tr>
<td width='30%' align='center'><font face='Arial' style='font-size: 8pt'>
<a href='store/remove_item.php?cart_id=$cart_id'><img alt='X' src='images/btn_x_red.gif' align='absMiddle' border='0' width='15' height='15'></a>
</font></td>
<td width='47%'><font face='Arial' style='font-size: 8pt'>Remove</font></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width='100%' height='4'>
<img height='2' src='images/blk_blank.gif' width='101' border='0' hasbox='10'></td>
</tr>
</table></td>
<td width='2' bordercolor='#C0C0C0' bgcolor='$row_color' height='1' valign='top'>
<table border='0' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='56%'>
<tr>
<td width='100%'>
<p align='left' hasbox='2'>
<b>
<font face='Tahoma' size='2' color='#336699'>$$item_price</font></b></td>
</tr>
<tr>
<td width='100%'>
<img height='2' src='images/blk_blank.gif' width='66' border='0' hasbox='10'></td>
</tr>
</table></form>
</td>
</tr>";
$row_count++;
}
?>
</table>
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: shopping cart
I agree that login page(s) and access control code would certainly be a part of the site. I don't consider them specifically part of the shopping cart, but general to websites. I think you would need to add a lot of features to get from the several optional pages you list to 25-30 pages.Newline2003 wrote:I am a little surprised by the moderator post. He writes "admin list of orders" as one page. The only thing with that is a basic admin is 25 to 30 pages. login page, login check page, lost password page, lost password check and send page and so on.
I agree. There are many more pages in an ecommerce site to do the things that you mention. But even with the additional pages you list, there are still only 20-30 pages for a usable ecommerce site.Newline2003 wrote:But I guess If you just want to add into a cart you could get it done with just a few pages. When I think of a cart, I try to think of everything that will make my life easier. Customer login, for checking invoices and such. Admin for adding products, coupons, shipping, pages and so much more. There is just so much involved in making a good shopping cart system. Look at oscommerce.com .I don't want to knock it but I find it very hard to edit and not so user friendly.
I would not recommend using these pages as is because they do not filter and escape request variables. That makes them open to SQL injection attacks. I would also recommend separating the application code from where PHP is used as a template language. Certainly the the algorithms and calculations would be useful to use, as Newline2003 has already done a lot of the hard work of getting the cart to function.Newline2003 wrote:The hidden page we post into "add_cart.php"
Now to display the cart
(#10850)
-
Newline2003
- Forum Newbie
- Posts: 7
- Joined: Wed Feb 06, 2008 10:59 pm
Re: shopping cart
Like I said the cart is not very secure. But If you could explain more with an example that would help us newbies
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: shopping cart
Filtering and/or escaping input is probably the most important thing:
This will limit the inputs to only the characters you intend to accept. It will also escape the values with the database specific functions. Additionally this code uses what is sometimes called Defense in Depth, in that is escapes and filters all values and does those things at specific points in the code. An example of that idea in this example is that even though $item_number is converted to an integer in this example and does not need to be escaped, if the client requires that you change $item_number to be alphanumeric it is possible to forget to add the escaping further down the code. Here each step of the process assumes the worst, so things don't slip through the cracks.
For separation of the template code from the application code I would simply put the form into a separate file and include it. It may seem like a small change but once you start modularizing you can start to see where you can implement DRY more easily.
I think that cart has some very nice code in it. That is functionality that is of interest to many people. Perhaps it would be worthwhile to refactor that code in this thread to add some security, modularity and best practices improvements to it?
Code: Select all
$goes_with = preg_replace('/[^a-zA-Z0-9\ \-\\\']', '', $_POST["goes_with"]);
$item_number = intval($_POST["item_number"]);
$SQL = "SELECT * from CART WHERE goes_with = '" . mysql_real_escape_string($goes_with) . "' and item_number = '" . mysql_real_escape_string($item_number) . "'";
For separation of the template code from the application code I would simply put the form into a separate file and include it. It may seem like a small change but once you start modularizing you can start to see where you can implement DRY more easily.
I think that cart has some very nice code in it. That is functionality that is of interest to many people. Perhaps it would be worthwhile to refactor that code in this thread to add some security, modularity and best practices improvements to it?
(#10850)