Basket Quantity passed via URL or by script


I am designing a PHP script basket that stores information about what the customer has purchased in a MySQL Database. I am intending to pass the quantity in the URL so if you click add to basket the link would be:

<a href="cart.php?action=add_item&productid=<?php echo $row["productid"]; ?>&quantity=1">Add Item</a>

I have also seen a PHP script which DOES NOT store the information about the customer in a MySQL Database and this calculates the quantity separately (not via the URL). I could incorporate this a basket that passes info. to the MySQL Database?

I am considering not using the URL to pass the quantity and store the quantity in the MySQL Database in the script rather than passing quantities into the script via the URL.

What is best practice? Is it quicker loading with or without the quantity passed in the URL? Considering I am going to pass the ‘basket action’ and productid in the URL is it overkill to also add the quantity to the URL?


It’s not overkill to send it via URL. Using MySQL for every petty thing is. MySQL takes time to process requests!

With all due respect, please untangle your post. In all probability, I answered the wrong question, I’m sorry if that’s the case - but the post is pretty confusing.

Hi adityamenon90,

You say

“Using MySQL for every petty thing is (overkill). MySQL takes time to process requests!”

As far as I am aware the idea of using PHP templates means using MySQL for everything. How can I limit the use of MySQL? Like I say I plan to use PHP templates so that means about 3 pages for about 1,000 - 2,000 pages and then separate/individual pages for contact.php. homepage.php, aboutus.php, basket.php, etc.

Look forward to your comments,



You can store stuff in the $_SESSION array instead which is available to any script as the data is basically written to a file on the disk. Each user gets their own session so they will never contaminate each other. Just store the order in the session rather than using mysql and then you’ll make the above poster happy.

Personally i’d not worry about it. Whatver works, works! If you prefer to use mysql to permanently store the order details then thats your preference. As long as you clean up things nicely when the order is complete (EG move from pending_orders table to completed_orders or mark a boolean in there to show its complete etc) then it will work. Basically what i’m saying is you need a way to finalize the order and tell the difference in your systems. Using mysql to store baskets is a good idea if you need to be able to see incomplete orders, ordersin progress etc as reading a ton of sessions isn’t straight forward.

With regards to your original point, theres nothing wrong with passing the quantity in the URL but never pass anything sensitive like the price in the URL. Reason? Well you could let someone order a $600 TV for $1 (If you think people don’t take advantage of things like that think again - by the time you’ve audited your accounts and tracked down the customer they’ll be long gone). Always pull prices from your DB and display them on the webpage. Don’t accept them from anywhere but your own DB.


I think I will stick with the cookie way of doing things. Store customer details in the MySQL Database and pass the quantity via URL.

Out of interest, is there a way that $_SESSION can be used throughout. And then when the customer places the order the $_SESSION sends all the information to the MySQL Table. I am thinking about customers whom disable cookies. It might be worth incorporating purchases the way I describe, if it is possible and if it is a sensible idea. What do you think?


$_SESSION can be used any way you want. It is available to all scripts along with the data inside it. If you set $_SESSION[‘var’] = ‘this’; in script a.php then script b.php will be able to read that same value from the session.

Can’t really comment on the cookie side of things. I don’t use them, i think they’re an evil menace that php coders shouldn’t need to worry about. I don’t say that because of the anti-cookie-and-privacy brigade, i just say it because users who turn off cookies require a webmaster to make a whole lot of work for themselves so i just use sessions for everything. If they reject a php session cookie then thats their loss although its easier to work with from the php side of things.

Your idea of tracking everything via mysql is certainly capable of covering the disabled cookie scenario and it could cover it very well provided you do it the right way and do it cleanly. I know a lot of people moan about efficiency and limiting SQL requests etc but sometimes to do things the bomb proof way you have to use a few more resources and its not like mysql isn’t capable because it is.

I will need to think a bit more about whether to just be happy with using cookies. Might well be worth using Sessions as it does not matter if cookies are enabled or not…

I am also confused about the use of the function

$items = explode(',',$cart);

Does this work like a MySQL Query asking for all products. Does it work like a left, inner or right join? Why use explode? It looks quite efficient from the code I am looking at, which is:

function showCart() {
	global $db;
	$cart = $_SESSION['cart'];
	if ($cart) {
		$items = explode(',',$cart);
		$contents = array();
		foreach ($items as $item) {
			$contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
		$output[] = '<form action="cart.php?action=update" method="post" id="cart">';
		$output[] = '<table>';
		foreach ($contents as $id=>$qty) {
			$sql = 'SELECT * FROM products WHERE productid = '.$id;
			$result = $db->query($sql);
			$row = $result->fetch();
			$output[] = '<tr>';
			$output[] = '<td><a href="cart.php?action=delete&productid='.$id.'" class="r">Remove</a></td>';
			$output[] = '<td>'.$name.' by '.$productid.'</td>';
			$output[] = '<td>&pound;'.$price.'</td>';
			$output[] = '<td><input type="text" name="qty'.$id.'" value="'.$qty.'" size="3" maxlength="3" /></td>';
			$output[] = '<td>&pound;'.($price * $qty).'</td>';
			$total += $price * $qty;
			$output[] = '</tr>';
		$output[] = '</table>';
		$output[] = '<p>Grand total: <strong>&pound;'.$total.'</strong></p>';
		$output[] = '<div><button type="submit">Update cart</button></div>';
		$output[] = '</form>';
	} else {
		$output[] = '<p>You shopping cart is empty.</p>';
	return join('',$output);

This code does not feed info. back and forth between a MySQL database, but maybe it is useful in my case and can be adapted to work with a MySQL Database. Or is explode never used when using a MySQL Database to store info.?

explode() just splits a string by a character. In the example you provided it will divide up the string by the , character and put everything either side of each one into an array:

$String = 'this,is,a,test';
$Array = explode(',', $String);

//$Array will now be an array of words in the same order as the string without the , character.

You can use explode where ever you wish to break up a string into parts by an identifiable character. It isn't something you must or must not use with mysql.