Add-cart.php Num 〈1080p〉

add-cart.php?num=5
add-cart.php?num=PROD123:2

When an attacker sees add-cart.php?num=, they see a playground. Here is what they can do.

<?php
session_start();
// Initialize cart if not exists
if (!isset($_SESSION['cart'])) 
$_SESSION['cart'] = [];

// Get product ID and quantity from request
$product_id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
$quantity = isset($_GET['num']) ? (int)$_GET['num'] : 1;
// Validate inputs
if ($product_id <= 0) 
header('Location: products.php?error=invalid_product');
exit;

if ($quantity <= 0) 
$quantity = 1;

// Optional: Fetch product details from database to validate
// $product = getProductById($product_id);
// if (!$product) 
//     header('Location: products.php?error=product_not_found');
//     exit;
// 
// Add to cart logic
if (isset($_SESSION['cart'][$product_id])) 
// Product exists, update quantity
$_SESSION['cart'][$product_id] += $quantity;
 else 
// New product, add to cart
$_SESSION['cart'][$product_id] = $quantity;

// Optional: Set success message
$_SESSION['cart_message'] = "Product added to cart successfully!";
// Redirect back to previous page or product page
$redirect = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'products.php';
header("Location: $redirect");
exit;
?>
 add-cart.php num

<!DOCTYPE html>
<html>
<head>
    <title>Products</title>
    <style>
        .cart-badge 
            position: fixed;
            top: 20px;
            right: 20px;
            background: red;
            color: white;
            padding: 10px 15px;
            border-radius: 50%;
.product-card 
            border: 1px solid #ddd;
            padding: 15px;
            margin: 10px;
            display: inline-block;
.notification 
            position: fixed;
            top: 20px;
            left: 50%;
            transform: translateX(-50%);
            padding: 10px 20px;
            border-radius: 5px;
            z-index: 1000;
.notification-success 
            background: green;
            color: white;
.notification-error 
            background: red;
            color: white;
</style>
</head>
<body>
    <div class="cart-badge">
        Cart Items: <span class="cart-count"><?php echo isset($_SESSION['cart']) ? array_sum($_SESSION['cart']) : 0; ?></span>
    </div>
<div class="product-card">
    <h3>Product 1</h3>
    <p>Price: $29.99</p>
    <input type="number" id="qty-1" value="1" min="1">
    <button class="add-to-cart-btn" data-product-id="1">Add to Cart</button>
</div>
<div class="product-card">
    <h3>Product 2</h3>
    <p>Price: $49.99</p>
    <input type="number" id="qty-2" value="1" min="1">
    <button class="add-to-cart-btn" data-product-id="2">Add to Cart</button>
</div>
<script>
    // Include the JavaScript code from above
</script>

</body>
</html>

Do not rely on a single num parameter. Instead, use a clear, explicit design: add-cart

If you must keep ?num=, document its exact format and validate rigorously.

Imagine a add-cart.php file that looks like this:

<?php
session_start();
$product_id = $_GET['num'];
$_SESSION['cart'][$product_id] += 1;
header('Location: cart.php');
?>

This code is a disaster waiting to happen. It trusts user input implicitly, has no CSRF protection, no inventory check, and no ownership validation.

// If num should be an integer quantity
$quantity = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT);
if ($quantity === false || $quantity < 1) 
    die('Invalid quantity');
// Limit maximum quantity
$quantity = min($quantity, 99);

Regardless of where num is used (validation, logging, or cart logic), use parameterized queries: When an attacker sees add-cart

$stmt = $pdo->prepare("SELECT stock FROM products WHERE id = :id AND min_order <= :num");
$stmt->execute(['id' => $id, 'num' => $quantity]);