mysql - Shopping cart with PHP and SQL -

i have various number of files , database tables including artist, album , tracks.

on webpage user can choose artist, album , songs or albums buy.

the desired functionality is: when user selects buy album, tracks added shopping cart.

here php code chunk link buying album:

<p>?php      session_start(); <br>     $albumid=$_post["albumid"]; <br>     echo "<p>going buy album $albumid</p>";     echo "<p><a href=\"shopfortracks.php\">click here continue</a></p>";  ?></p> 

i have got other files db queries etc. in them.

there 1 artist letter, 1 album artist. then, shopping, show basket, show purchases, add basket , checkout files.

any problem appreciated.

additional code gettracksbyalbum.php

?php include ("dbconnect.php"); $albumid=$_get["id"]; $dbquery="select id,title tracks albumid='$albumid' order tracknumber      asc"; $dbresult=mysql_query($dbquery); echo $albumid."\n"; echo mysql_num_rows($dbresult)."\n"; while ($dbrow=mysql_fetch_array($dbresult)) {   echo $dbrow["id"]."_".$dbrow["title"]."\n"; }   ?> 

additional code showbasket.php

<?php   if (isset($_session["currentuserid"])) {   $dbquery="select * basket paid='n' , userid=".$_session["currentuserid"];  $dbresult=mysql_query($dbquery);  $numtracks=mysql_num_rows($dbresult);  }     ?>     <a href="login.php">logout <?php echo $_session["currentuser"]; ?></a> |      <a href="shopfortracks.php">shop tracks</a> |     <a href="showbasket.php">show basket</a> <?php echo "($numtracks)"; ?> |     <a href="checkout.php">checkout</a> |      <a href="showmypurchases.php">show purchases</a>    <hr>   <?php  $dbquery="select tracks.title, albums.title, artists.name, basket.id ".      "from basket,tracks,albums,artists ".      "where basket.userid=".$_session["currentuserid"]." ".      "and basket.paid='n' ".      "and basket.trackid=tracks.id ".      "and albums.id=tracks.albumid ".      "and artists.id=tracks.artistid";    $dbresult=mysql_query($dbquery);  $numtracks=mysql_num_rows($dbresult);   if ($numtracks==0)    echo "<h3>your basket empty</h3>";   else {   ?> 

i'm not sure other information needed, don't understand , there's lot of it. using -

$query = mysql_query("select song_id song album = '".$_post['albumid']."'")   $_session['id] = array();     while($album = mysql_fetch_array($query)    {     $_session['basket'][] = $albums['track_id']   } 

to try , work out - i'm lost :(

based on last piece of code, need similar following piece of code in shoffortracks.php

// album add via `albumid` parameter $query = mysql_query("select song_id song album = '".mysql_real_escape_string($_get['albumid'])."'")  // add line cart per track of album. construct query pieces $insert = "insert basket (userid, paid, trackid) values "; $template = "(" . mysql_real_escape_string($_session['currentuserid']) . ", 'n', %d)";  // add value line each track in array `$tracks` $tracks = array() while($track = mysql_fetch_array($query)     $tracks[] = sprintf($template, $track['song_id']);  // add lines insert query  // "insert ... values (id, 'n', 1), (id, 'n', 3)" $insert .= implode(", ", $tracks); mysql_query($insert); 

note :

• you must escape data sent user. never trust user input (e.g. $_post, $_get, ...). existing code vulnerable sql injection.
• you use deprecated mysql_* functions. switch mysqli or pdo. see this , that , that.
• the piece of code above is not secure as-is. using simple http get request add stuff cart can lead security vulnerabilities, xss
• sorry, of code, don't seem ready code real-life (meaning real-money) shopping site (yet anyway). still got lot learn security essential web transactions. own sake, don't let people trust money if you're not absolutely confident in security of code. hey, i'm saying. if you're coding stuff exercise, there's occasion familiarize concepts :)