session_start(); if (!isset($_SESSION['user_id'])) // Redirect to login or use guest cart
In the world of e-commerce, the shopping cart is the engine of revenue. Every click of the "Add to Cart" button triggers a series of backend scripts, with add-cart.php being one of the most common file names in the PHP ecosystem.
❌ → Allows denial‑of‑stock by adding 9999+ items.
The most classic attack on add-cart.php?num= is . Because HTTP requests are stateless and client-side, the user has full control over the num value. add-cart.php num
| Attribute | Details | |-----------|---------| | | num (could also be qty , quantity , product_qty ) | | Type | Integer | | Source | Usually sent via POST (or GET ) from a product form | | Validation Rules | Must be positive integer, >= 1, often capped at a max (e.g., 999) | | Default | If missing, defaults to 1 |
You must pass the product ID and the quantity to the backend.
Below is a technical blueprint showing how to properly handle a incoming quantity request ( num ) utilizing standard PHP Sessions. session_start(); if (
The fluorescent lights of the QA lab hummed at a frequency that usually gave Elias a headache, but tonight, the silence of the empty office was louder. It was 2:00 AM. He was staring at a line of logs that shouldn’t exist. POST /checkout/add-cart.php?item_id=9021&num=-1
Elias felt the blood drain from his face. The item_id wasn't a product anymore. It was his employee record. And the num was dropping.
// Redirect back to previous page or product page $redirect = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'products.php'; header("Location: $redirect"); exit; ?> The most classic attack on add-cart
"Your code is vulnerable to SQL injection via the $category variable which is user supplied ($_POST['category']) and then put into the query."
// If num should be an integer quantity $quantity = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT); if ($quantity === false || $quantity < 1) die('Invalid quantity');
Many older tutorials and legacy systems implement add-cart.php using insecure coding practices. If you search for this exact footprint online, you often find examples exposed to the following risks: 1. SQL Injection (SQLi)
if (isset($_SESSION['cart'][$product_id])) $_SESSION['cart'][$product_id] += $quantity; else $_SESSION['cart'][$product_id] = $quantity;
