I don't know much about PHP, but I do know that it is dangerous to put information like a price, credit card data or password in a URL. It is so easy to understand what the parameter 'price' stands for. So every visitor can change '&price=75' into 'price=1' and give themselves a nice discount.

I assume you are using php and the coldfusion url is just an example?

You select the values needed for the url from the db and then you echo/print them into the href="".

What about the code snippet of the bit that is giving you trouble? It may be just a small thing.

Thanks for the advice tagaki but it doesn't really answer the question I asked :)

I can assure you that there is no danger of prices being altered by the customer without me knowing, I know what I am selling and at what price.

Karl

I'm not sure what you're code looks like but I'd do something like this...
$url = 'http://www.cartaddress.com/cf/add.cfm?userid=' . $userid . '&product=' . $row_rs_recordset['p20'] . '&price=' . $row_rs_recordset['pr20']

This way with the single quote you don't have to worry about escaping all the special characters.

jatar_k

I have been working through a tutorial that is very old and very short and lacks a full explanation, the example given to use is :

ht*tp://ww3.shoppingcart.com/cf/add.cfm?userid=username&
product=$item&price=$price&return=www.yourdomain.com\

but when I put this directly in the database and query it, all I get displayed on the page is the above, when it is supposed to be a link to add the product to the cart.

Thanks

Karl

Just for clarification... I read it that the Mals Shopping Cart is in Cold Fusion and you're making a php page to administer the addition of new products.

Take a look at what Timotheos has there that would be the proper way to display it, a little explanation then.

$userid would be either the username or userid from the cookie/cart/session. How you get the value depends on where it is stored.

$row_rs_recordset would be the row returned from a function such as mysql_fetch_array [ca.php.net]

p20 is the product column from the db
pr20 is the price column from the db

Timotheos

Thanks for that :)

"Just for clarification... I read it that the Mals Shopping Cart is in Cold Fusion and you're making a php page to administer the addition of new products."

Mals cart is in coldfusion, what I am doing is pulling items from a databse and then adding them to Mals cart from a php page with a link like the one I am trying to make

jatar_k

$userid

Is me, this value does not change it always remains the same

$row_rs_recordset

Is the database table I am pulling from

p20 is the product column from the db
pr20 is the price column from the db

Exactly :)

Thanks

Karl

do you have a snippet of code for the sql query?

$row_rs_recordset = mysql_query(?);

how you are trying to display it?
while ($row = mysql_fetch_array($query)) {
some code
}

The userid could be set in a config file or something then and reused every time you need it.

I'm not sure what you're code looks like but I'd do something like this...
$url = 'http://www.cartaddress.com/cf/add.cfm?userid=' . $userid . '&product=' . $row_rs_recordset['p20'] . '&price=' . $row_rs_recordset['pr20']

Another way that also works when you're dealing with array values would be:
$url = "http://www.cartaddress.com/cf/add.cfm?userid={$userid}\
&product={$row_rs_recordset['p20']}&price={$row_rs_recordset['pr20']}";

The curly brackets force interpolation even though the square brackets and quotes in your array references would otherwise be interpretted as the end of the variable name. Sometimes, I find this much more readable than a long series of concatenations.

Then you can just make the link with something like
echo "<a href=\"{$url}\">{$url}</a>";

Unless, of course, I'm mis-understanding the problem. That's a distinct possibility.

[edited by: dingman at 6:26 pm (utc) on June 26, 2003]

Code Snippet

mysql_select_db($database_connglobal, $connglobal);
$query_rs_timax = sprintf("SELECT * FROM timax_catalogue WHERE model LIKE '%%%s%%' AND make LIKE '%%%s%%' ORDER BY timax_catalogue.model", $txtmodel_rs_timax,$txtmake_rs_timax);
$query_limit_rs_timax = sprintf("%s LIMIT %d, %d", $query_rs_timax, $startRow_rs_timax, $maxRows_rs_timax);
$rs_timax = mysql_query($query_limit_rs_timax, $connglobal) or die(mysql_error());
$row_rs_timax = mysql_fetch_assoc($rs_timax);

Does this help? :)

Thanks

Karl

(getting a strong feeling I may be ribbed for using DWMX :))

only a little friendly ribbing, hehe, I thought there was something strange about that style.

so, to use dingman's style, he has much more class than DWMX :)

$url="http://www.cart.com/cf/add.cfm?userid={$userid}&product={$row_rs_timax['p20']}&price={$row_rs_timax['pr20']}";

where $userid would be your userid taken from a config file or written explicitly.

echo "<a href=\"{$url}\">Anchor Text here</a>";

You could echo the product name where it says "Anchor Text here". I think that is right.

he has much more class than DWMX

Why, thank you :)

Thanks folks :)

I'm back at work now and going to give it a try later this morning.

I'll let you know what happens :)

Thanks a bundle.

Karl