Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2009

    Unanswered: transfer data from one page to another

    <td><"a href=cart.php?ProductId=$row[ProductId]>Add Item</a></td>

    Im trying to get the above code to transfer data from one page to another. I have different items for sale on the page, the information comes from a database and i want it to transfer all the data from a selected item onto the cart page.

    I thought the above code would put a link on the page saying Add item, for each item then when i user clicks on the link it will take them to the cart page and i then want it to display the information for the item they selected.

    I was also wondering what the code would be that i would put on the cart page to show the result. I want to be able to see three other fields in the database on the cart page aswell.
    Last edited by MizzHellz; 03-25-09 at 19:51.

  2. #2
    Join Date
    Mar 2007
    Look at using sessions.
    PHP: Introduction - Manual

  3. #3
    Join Date
    Aug 2005
    Quote Originally Posted by MizzHellz
    <td><"a href=cart.php?ProductId=$row[ProductId]>Add Item</a></td>
    You can use this method also to transfer product id to cart page

    <td><a href="cart.php?ProductId=<?php echo $row[ProductId]; ?>">Add Item</a></td>

    Then on cart.php page you can get ProductId using $_REQUEST['ProductId'] variable and further run a database query using this id for other fields from table.

  4. #4
    Join Date
    May 2009
    Hi All!

    MizzHellz, if you want to implement a useful cart (which you can add 2 or more items), you will need to use sessions (as recommended by aschk).
    Additionally you will be passing (HTTP variables) between pages (as recommended by ashish_mat1979).

    But I warn you about the security of your application. Don't forget to sanitize all user input, be it taken from forms or urls.

    For example, from the code recommended by ashish_mat1979, you should sanitize the ProductID like:
    // Cast the product id to integer.
    $prodID = (int)$_REQUEST["ProductID"];
    Casting the product id to integer avoids SQL Injection.

    Beware of these pontetial threats to your application:
    1. SQL Injection
    2. Cross Site Scripting (XSS).

    If you need more information about (web) application security, please let me know!

    Leonel Machava

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts