Add-cart.php Num -

We will use PDO (PHP Data Objects) for database interactions because it supports Prepared Statements, which are mandatory for preventing SQL Injection attacks.

session_start();
if (!isset($_SESSION['user_id'])) 
    // Redirect to login or use guest cart

// Expected format: "123:2"
$num = $_GET['num'] ?? '';
if (!preg_match('/^(\d+):(\d+)$/', $num, $matches)) 
    die('Invalid format. Use ID:QTY');
$productId = (int)$matches[1];
$quantity   = (int)$matches[2];
if ($quantity < 1 || $quantity > 50) 
    die('Quantity out of range');
// Verify product exists and is in stock

Even if a negative number slips into the cart database, the final checkout script must enforce business rules:

<!DOCTYPE html>
<html>
<head>
    <title>Products</title>
    <style>
        .cart-badge 
            position: fixed;
            top: 20px;
            right: 20px;
            background: red;
            color: white;
            padding: 10px 15px;
            border-radius: 50%;
.product-card 
            border: 1px solid #ddd;
            padding: 15px;
            margin: 10px;
            display: inline-block;
.notification 
            position: fixed;
            top: 20px;
            left: 50%;
            transform: translateX(-50%);
            padding: 10px 20px;
            border-radius: 5px;
            z-index: 1000;
.notification-success 
            background: green;
            color: white;
.notification-error 
            background: red;
            color: white;
</style>
</head>
<body>
    <div class="cart-badge">
        Cart Items: <span class="cart-count"><?php echo isset($_SESSION['cart']) ? array_sum($_SESSION['cart']) : 0; ?></span>
    </div>
<div class="product-card">
    <h3>Product 1</h3>
    <p>Price: $29.99</p>
    <input type="number" id="qty-1" value="1" min="1">
    <button class="add-to-cart-btn" data-product-id="1">Add to Cart</button>
</div>
<div class="product-card">
    <h3>Product 2</h3>
    <p>Price: $49.99</p>
    <input type="number" id="qty-2" value="1" min="1">
    <button class="add-to-cart-btn" data-product-id="2">Add to Cart</button>
</div>
<script>
    // Include the JavaScript code from above
</script>

</body>
</html>

This is the most crucial logic block. If a user clicks "Add to Cart" twice for the same product, you generally don't want two separate rows in your database. You want to increase the quantity of the existing row. add-cart.php num

There are two ways to handle this:

We will use the efficient MySQL approach: INSERT ... ON DUPLICATE KEY UPDATE. We will use PDO (PHP Data Objects) for

Note: For this to work, you need a Unique Index on user_id and product_id combined in your database table.

    try 
        // Begin Transaction for data integrity
        $pdo->beginTransaction();
    // The Query
    // This attempts to insert the row.
    // If the user_id + product_id combo already exists, it updates the quantity instead.
    $sql = "INSERT INTO cart_items (user_id, product_id, quantity) 
            VALUES (:user_id, :product_id, 1)
            ON DUPLICATE KEY UPDATE quantity = quantity + 1";
$stmt = $pdo->prepare($sql);
// Bind Parameters (Prevents SQL Injection)
    $stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
    $stmt->bindParam(':product_id', $product_id, PDO::PARAM_INT);
$stmt->execute();
// Commit changes
    $pdo->commit();
// Redirect user back to cart or product page
    header("Location: cart.php?success=added");
    exit();
catch (PDOException $e) 
    // Rollback if error occurs
    $pdo->rollBack();
    error_log("Cart Error: " . $e->getMessage());
    header("Location: products.php?error=database_error");
    exit();