"; //format the cart using a HTML table //iterate through the cart, the $product_id is the key and $quantity is the value foreach($_SESSION['cart'] as $product_id => $quantity) { //get the name, description and price from the database - this will depend on your database implementation. //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection $sql = sprintf("SELECT name, description, price FROM php_shop_products WHERE id = %d;", $product_id); $result = mysql_query($sql); //Only display the row if there is a product (though there should always be as we have already checked) if(mysql_num_rows($result) > 0) { list($name, $description, $price) = mysql_fetch_row($result); $line_cost = $price * $quantity; //work out the line cost $total = $total + $line_cost; //add to the total cost echo ""; //show this information in table cells echo "$name"; //along with a 'remove' link next to the quantity - which links to this page, but with an action of remove, and the id of the current product echo "$quantity X"; echo "$line_cost"; echo ""; } } //show the total echo ""; echo "Total"; echo "$total"; echo ""; //show the empty cart link - which links to this page, but with an action of empty. A simple bit of javascript in the onlick event of the link asks the user for confirmation echo ""; echo "Empty Cart"; echo ""; echo ""; }else{ //otherwise tell the user they have no items in their cart echo "You have no items in your shopping cart."; } //function to check if a product exists function productExists($product_id) { //use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection $sql = sprintf("SELECT * FROM php_shop_products WHERE id = %d;", $product_id); return mysql_num_rows(mysql_query($sql)) > 0; } ?> Continue Shopping