hi guys, i'v been stuck on this for a while...i have a function that returns a string formatted in html of the contents of a user's shopping cart. i'm trying to then pass this string ($cart) through form that gets emailed. the function looks like this. function showCart() { global $db; $cart = $_SESSION['cart']; if ($cart) { $items = explode(',',$cart); $contents = array(); foreach ($items as $item) { $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } $output[] = '<table align="center" cellpadding="0" border="0">'; $output[] = '<tr><td>'; $output[] = '<form action="cart.php?action=update" method="post" id="cart">'; $output[] = '<table align="center" cellpadding="10" width="820" border="0">'; foreach ($contents as $id=>$qty) { $sql = "SELECT * FROM item WHERE uniq_ID='$id'"; $result = $db->query($sql); $row = $result->fetch(); extract($row); $output[] = '<tr>'; $output[] = '<td style="border:1px solid #999;"><a href="cart.php?action=delete&id='.$id.'" class="r">Remove</a></td>'; $output[] = '<td width="400" style="border:1px solid #999;">'.$name.' in '.$color.'</td>'; $output[] = '<td style="border:1px solid #999;">$'.$price.'</td>'; $output[] = '<td style="border:1px solid #999;"><input type="text" name="qty'.$id.'" value="'.$qty.'" size="3" maxlength="3" /></td>'; $output[] = '<td style="border:1px solid #999;">$'.$price * $qty.'</td>'; $total += $price * $qty; $output[] = '</tr>'; } $output[] = '</table>'; $output[] = '<p>Subtotal: <strong>$'.$total.'</strong></p>'; $output[] = '<div><button type="submit" id="mysubmit">Update cart</button></div>'; $output[] = '</form>'; } else { $output[] = '<p>Your cart is empty.</p>'; } $output[] = '</td></tr>'; $output[] = '</table>'; return join('',$output); } Code (markup): then i make assign the return value to variable. $cart = ShowCart(); Code (markup): after this i'm trying to pass $cart through a from via post. <?php echo "<form action='SubmitOrder.php?order=$cart' method='POST'>"; ?> Code (markup): submitorder.php looks something like this $order=$_POST['order']; if(isset($_POST['submit'])) { $to = "xxx@gmail.com"; $name_field = $_POST['name']; $email_field = $_POST['email']; $message = $_POST['message']; $subject = "New Order From $name_field"; $headers = "From: $name_field <order@xxxcom> \r\n"; $body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message \n $order"; echo "Data has been submitted to $to!"; mail($to, $subject, $body, $headers); } else { echo "email failed"; } Code (markup): this method does not work. i'm a newb, so this seems logical to me, but obviously it's not...how can i pull this off?
ahhh, this is easy. You don't want to add the shopping cart to the querystring of the action, well I guess you can but I wouldn't. By adding the cart to the querystring brings up some problems, like: Security Risks, querystrings being truncated and so on. Here is a simple update to your posted code. echo "<form action='SubmitOrder.php' method='POST'>"; echo "<input type="hidden" value="$cart" name="order">"; PHP: **By the way, when you want something from the querystring, you will want to use $_GET[]; and not $_POST[];
it's really weird, if i echo the the hidden input, it actually displays some stuff on the page and messes up. i found another way though...through <textarea name="order" rows="10" cols="35" style="display:none;"><?php echo $cart;?></textarea> Code (markup): this works like a charm.
I actually see a flaw in my code also. For the quotes I should of used single quotes ' or escape the quotes with a /