Suggestion for shopping cart update
I am working on a shopping on a online store for my brother. I am stuck in the in the process where the buyers cart is updated when he adds items to the basket . I want to 开发者_如何转开发know how to remember the buyer (as my bro wants user can buy without sign in,so no case of user id etc)? Should I create a session for him and save it to database?
Yes, you will have to create a session to remember them between clicks, otherwise you will have to tack on some sort of id in the GET parameters.
Take a look at session_start()
and the examples they give you: http://php.net/manual/en/function.session-start.php
Small warning, native PHP sessions have a vulnerability to session fixation, which could easily to session hijacking (they would need the session id, but after that, they could fix a session). It is always better to create a wrapper and do your best to ensure the user is who they say they are (via the session id) by comparing IPs and User Agents from previous clicks, stored in $_SESSION
, to the current IP and User Agent they are presenting.
I personally recommend setting session.use_only_cookies
to 1 to prevent information leaking via the session ID being passed in GET.
The standard way is indeed to use a session and the link SamT gave should suffice. But no need to store it to the database (yet).
精彩评论