Jump to content
Larry Ullman's Book Forums

Making Sure Product Exists When Adding To Cart

Recommended Posts



I had a question about the shopping cart in the Example 2 site. I have implemented a similar shopping cart using your code and it works fine. I have discovered a potential problem though.


When a user adds an item to the shopping cart it does check to make sure that it has a product id that is a positive integer and a type that is either set to 'coffee' or 'goodies' but, it does not make sure that the product actually exists in the 'general_coffees', 'specific_coffees', or 'non_coffee_products' tables. Of course, this shouldn't happen under normal circumstances, but if a user were to try and change the product id in the get request for adding a product to the cart, this might cause a problem. I think it would be fine for displaying the cart, because any product id not found in any of those tables won't return a result and therefore won't be displayed. However, when the user goes to checkout, it might generate an error.


Is it good to add another query to the 'add_to_cart' stored procedure which first checks to see that the product actually exists before adding it to the carts table? Also, should we check to make sure the product exists again when displaying the cart at checkout?


Doing this will slow the process down a bit, but will help data integrity!


I have also found a way to combine both the insert and select queries together, so that it will only insert a product if the id is found in the result set of the select subquery.


What do you think?





Link to comment
Share on other sites

Hey Matt,

  I think you should check if your id is correct. It is just too easy for them to change a Get or Post parameter.

For my one item at a time website I am using a Session for my id's, so I don't have to access the database a second or even third time.

I have one slight problem with mine. When  charge is successful, I decrement the inventory for that product but if I should have an error, for some odd reason such as server is down or whatever, then the order is placed but the inventory is off.

I don't consider this fatal so everything works if I take that slight risk.



Link to comment
Share on other sites



The thanks for the reply! With my site, I am actually dealing with people's services. At any time they can choose to stop providing their services or be blocked if they are doing something they shouldn't be doing. I need to make sure that everything is current at all times, especially during checkout. That being the case, I think I am going to check that the person is available when I add them to the shopping cart and process the customer's order at checkout.


I also thought about using sessions, however, once the user closes their browser all shopping data in the session will lost, so I went with the cookie and database solution Larry uses in his book.


If you are having problems with orders being placed and put into the orders table, but inventory not being updated correctly when the server is down, then you should probably be using transactions for this. This sounds like it could cause some serious problems with data integrity.



Link to comment
Share on other sites

I will keep thinking about this inventory issue.

I doubt it will be a big problem just because it won't happen very often.

The problem isn't one of the tables out of synch.

The customer has successfully paid and I must ship the order, but my table was not updated.

I send myself email when the database can't be updated so I can look into it.

And also, the worst that can happen is someone orders and it should be available but it is not so I have to backorder.

The only thing is, all these are manual work instead of auto but if it doesn't happen very often...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...