If you are developing or maintaining this script, ensure the following modern PHP standards are met: raft-medium-files.txt - GitHub
If the $num variable is passed directly into a database query to check for stock without sanitization, the application becomes vulnerable to SQL injection.
| Attribute | Details | |-----------|---------| | | num (could also be qty , quantity , product_qty ) | | Type | Integer | | Source | Usually sent via POST (or GET ) from a product form | | Validation Rules | Must be positive integer, >= 1, often capped at a max (e.g., 999) | | Default | If missing, defaults to 1 |
https://vintage-books.com/add-cart.php?num=12 add-cart.php num
connect_error) die("Connection failed: " . $conn->connect_error); // 2. Only allow POST requests for state changes if ($_SERVER['REQUEST_METHOD'] === 'POST') // 3. Validate and sanitize the 'num' input (Ensure it is a strict integer) if (isset($_POST['num']) && filter_var($_POST['num'], FILTER_VALIDATE_INT)) $product_id = (int)$_POST['num']; $quantity = isset($_POST['qty']) && filter_var($_POST['qty'], FILTER_VALIDATE_INT) ? (int)$_POST['qty'] : 1; if ($quantity <= 0) $quantity = 1; // 4. Use a Prepared Statement to fetch product verification from the database $stmt = $conn->prepare("SELECT id, name, price FROM products WHERE id = ?"); $stmt->bind_param("i", $product_id); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) $product = $result->fetch_assoc(); // Initialize the cart session array if it doesn't exist if (!isset($_SESSION['cart'])) $_SESSION['cart'] = []; // 5. Update or Add the item to the session cart if (isset($_SESSION['cart'][$product_id])) $_SESSION['cart'][$product_id]['quantity'] += $quantity; else $_SESSION['cart'][$product_id] = [ 'name' => $product['name'], 'price' => $product['price'], // Price sourced safely from DB, not user input 'quantity' => $quantity ]; // Redirect back to the cart or shop page with a success message header("Location: cart.php?status=success"); exit(); else // Product ID not found in database header("Location: index.php?error=invalid_product"); exit(); $stmt->close(); else // Invalid 'num' parameter format header("Location: index.php?error=bad_input"); exit(); else // Reject GET requests to prevent CSRF and accidental crawler triggers header("HTTP/1.1 405 Method Not Allowed"); echo "Method Not Allowed. Use POST."; $conn->close(); ?> Use code with caution. Key Best Practices Implemented Above
For production environments in 2026, raw PHP scripts are deprecated in favor of frameworks like or Symfony . Modern frameworks automatically handle the heavy lifting of security.
Discovery/Web-Content/raft-medium-files-lowercase.txt - GitLab Primary navigation * seclists. * Iterations. * Repository. about.gitlab.com Shop Product Php Id Shopping Php Id A And 1 1 If you are developing or maintaining this script,
| Test Case | Expected Behavior | Your Result | |-----------|------------------|--------------| | num=abc | 400 Bad Request / No change to cart | | | num=-5 | Ignored or default to 1 | | | num=1.5 | Reject as invalid integer | | | num=9999999 | Reject (max allowed quantity) | | | num=1%20OR%201=1 | No SQL error, no data leak | | | No num parameter | 400 Bad Request | | | Repeated requests to same num | Throttled after X requests/second | | | CSRF token missing | Cart not modified | |
| Symptom | Likely Cause | |---------|---------------| | Quantity always 1 | num not sent or empty, default triggers | | Quantity resetting | Session not started or cart overwritten | | Adding double | No check for existing cart item | | Negative stock | No stock validation before cart update |
// Vulnerable Code $quantity = $_GET['num']; // If user sends ?num=-5, this is accepted. Keeps the customer engaged on the category or
The num parameter is particularly sensitive because a clever attacker can manipulate it to steal merchandise, corrupt your database, or break your checkout process. Below are the most common and dangerous vulnerabilities related to the num parameter.
Keeps the customer engaged on the category or product landing page.