Click here to Skip to main content
16,022,060 members
Search within:


How do I add products in cart after clicking add to cart button
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
C#
this is product description page.

i have created cart page that contains gridview which will display details of products that is added to cart after clicking on the add to cart button

What I have tried:

C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;

public partial class Product_desc : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
    int id;
   // String product_name, product_detail;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Request.QueryString["product_Id"] == null)
        {
            Response.Redirect("gold.aspx");
        }

        else
        {

            id = Convert.ToInt32(Request.QueryString["product_Id"].ToString());
            con.Open();
            SqlCommand com = con.CreateCommand();
            com.CommandType = CommandType.Text;
            com.CommandText = "select * from product_master where product_Id=" + id + " ";
            com.ExecuteNonQuery();
            DataTable dt = new DataTable();
            SqlDataAdapter da = new SqlDataAdapter(com);
            da.Fill(dt);
            d1.DataSource = dt;
            d1.DataBind();
            con.Close();
        }
        }

        protected void Button1_Click(object sender, EventArgs e)
    {
        //add to cart code
        
    }
}
Posted
Updated 24-Feb-17 19:31pm
v2
Add a Solution
Comments
Richard Deeming 24-Feb-17 12:27pm    
NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

In this specific instance, since the parameter has been converted to an integer, you have avoided a SQL Injection[^] vulnerability. But it's still a bad habit to form, especially given how easy it is to do the right thing in .NET:
com.CommandText = "select * from product_master where product_Id = @id";
com.Parameters.AddWithValue("@id", id);


Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
Maciej Los 25-Feb-17 4:06am    
This seems to be an answer ;)
Richard Deeming 24-Feb-17 12:29pm    
As to your question, the answer depends on the structure of your database.

In generic terms, you will have a button on the page for the user to click to add the product. You then need to read the product ID, and add or update a line in the user's cart.

1 solution

read this completely and start
Shopping Cart | Microsoft Docs[^]
 
Share this answer
 
Posted
Comments
Maciej Los 25-Feb-17 4:29am    
+5
Karthik_Mahalingam 25-Feb-17 6:35am    
Thanks Maciej
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Cart is not updating to the cart when added
I want to change 'add cart' button to 'plus' , 'value', and 'minus' when click on "add cart" in shopping cart
Removing item from the cart
Making cart popup size as same with cart popup
The cart is updating incorrect values
Cart item not displaying added items
Show array in cart when add to cart button is clicked
Failed to update cart on javascript
How do I pass cart items to a checkout page?
Handling of cart session and user

Advertise
Privacy
Cookies
Terms of Use
Last Updated 25 Feb 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-07-22:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900