Post a session variable to a shopping cart table.

Report · Dec 07, 2010

I am trying to post a session variable generated from a login page to to a shopping cart so that I can then filter the contents of the cart by user. The cart is a table in a MYSQL/PHP database.

I have very little experience in php/mysql so I am probably doing some thing fundamentally wrong.

At present, a user has to login before adding a product to the cart - this has been set up in the behaviours panel.
A form has been set up on my product page so that when the "buy" button is clicked, the product_id, quantity of the item etc is inserted into the shopping cart table.
I have tried to use the bindings panel to additionally add the username which I beleieve has been set up as a session variable from the login page and have included it in a hidden field on the form but when I look at the table in phpMyAdmin the following appears in my session variabe column:
Notice: Undefined variable: _SESSION in C:\wamp\www\boutique_wines\wine.php on line 114
Line 114 reads as follows: <input name="username" type="hidden" id="username" value="<?php echo $_SESSION['MM_Username']; ?>" />

Please help

Mark

Report · Dec 07, 2010

Mark,

Basically you're saying this: My car won't start. I want it to start but when I put the key in all I see is a check engine light. Please help.

It makes it difficult to help if you don't show us what's under the hood.

I assume the session is not started on the page, resulting in the error message of an undefined variable. Also it's not a good idea to insert dynamic info into a hidden field if you're just using the hidden field to insert the info into a database. Form fields can be hacked. What's to stop someone from visiting your page, copying your form source, altering the hidden field value, uploading the altered form to their server, and submitting the altered form to your processing script? Bypass the hidden field method and simply insert the username session variable directly into the database through a query to avoid input field manipulation.

Report · Dec 07, 2010

shocker

Thanks for your reply, apologies if there isn't enough information on there, let me know what else you need and I'll supply it. I'm really very new to this kind of stuff.

Do I need to start the session on every page then?

How do I input directly with a query?

Thanks

Mark

Report · Dec 07, 2010

Do I need to start the session on every page then?

Yes you need to start the session on every page that calls a session variable. Do this by adding this to the very first line of your .php page that uses session variables in the page:

How do I input directly with a query?

Input directly into a query by using a code like the following example that is inserting the logged in users username and IP address into table_name


if (isset($_SESSION["MM_username"])) {
  $insertSQL = sprintf("INSERT INTO table_name (user_name, ip_address) VALUES (%s, %s)",
  GetSQLValueString($_SESSION['MM_username'], "text"),
  GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));
}

Report · Dec 07, 2010

Thanks Shocker the session_start worked a treat.

I'm not sure how I would implement the other code though. The form I have set up has the following fields product_id (which is hidden), qty (which is the number of the item to buy). There are two other columns in the table, one of which is the username session variable and the the other is a datestamp. How do I integrate these together?

Thanks again

Mark

Report · Dec 07, 2010

I edited my previous post and accidentally omitted the session start code. For other viewers of this thread the code to start a session is the following:

<?php session_start(); ?>

Sorry I'm really busy right now and can't walk you through the process of inserting dynamic variables directly into a query. You should be able to take the example provided and use the techniques to insert session variable directly into your query.

Post a session variable to a shopping cart table.

1 Correct answer