Session("Cart") = cart Response.Redirect("view_cart.asp") %> <% cart = Session("Cart") total = 0 %> <table border="1"> <tr><th>Product</th><th>Price</th><th>Qty</th><th>Subtotal</th><th></th></tr> <% For i = 0 To UBound(cart) subtotal = cart(i, 2) * cart(i, 3) total = total + subtotal %> <tr> <td><%=cart(i,1)%></td> <td><%=FormatCurrency(cart(i,2))%></td> <td> <form method="post" action="update_cart.asp"> <input type="hidden" name="idx" value="<%=i%>"> <input type="number" name="qty" value="<%=cart(i,3)%>" min="0" style="width:60px"> <input type="submit" value="Update"> </form> </td> <td><%=FormatCurrency(subtotal)%></td> <td><a href="remove_item.asp?idx=<%=i%>">Remove</a></td> </tr> <% Next %> <tr><td colspan="3">Total</td><td><%=FormatCurrency(total)%></td><td></td></tr> </table> <a href="checkout.asp">Checkout</a> 5. Update cart ( update_cart.asp ) <% Dim idx, new_qty, cart idx = CInt(Request("idx")) new_qty = CInt(Request("qty")) cart = Session("Cart") If idx >= 0 And idx <= UBound(cart) Then If new_qty > 0 Then cart(idx, 3) = new_qty Else ' remove item For i = idx To UBound(cart) - 1 cart(i) = cart(i + 1) Next ReDim Preserve cart(UBound(cart) - 1) End If End If
<% ' insert into Orders table ' then insert into OrderItems table Session("Cart") = Array() ' clear cart Response.Redirect("thankyou.asp") %> | Issue | Fix | |--------|------| | Empty cart | Check UBound(Session("Cart")) >= 0 | | Negative quantity | Validate input, set min=0 | | Price tampering | Never trust price from client. Store price in DB, retrieve by ProductID | | Session expiration | Redirect to login or save cart in DB for registered users | | SQL injection | Use parameterized queries (ADODB.Command) | 9. Example product list ( products.asp ) <% Set rs = conn.Execute("SELECT id, name, price FROM products") Do While Not rs.EOF %> <form method="post" action="add_to_cart.asp"> <%=rs("name")%> - <%=FormatCurrency(rs("price"))%> <input type="hidden" name="id" value="<%=rs("id")%>"> <input type="hidden" name="name" value="<%=rs("name")%>"> <input type="hidden" name="price" value="<%=rs("price")%>"> Qty: <input type="number" name="qty" value="1" min="1" size="3"> <input type="submit" value="Add to Cart"> </form> <% rs.MoveNext Loop %> 10. Database schema (minimal) Products table id (auto) | name (text) | price (currency)
Session("Cart") = cart Response.Redirect("view_cart.asp") %> At checkout, copy cart to database , then clear Session: vp asp shopping cart
order_id | user_id | order_date | total
Session("Cart") = cart Response.Redirect("view_cart.asp") %> Same as update with qty=0, or simpler: Session("Cart") = cart Response
Sub Session_OnStart Session("Cart") = Array() End Sub : Array(ProductID, ProductName, Price, Quantity) 3. Add to cart ( add_to_cart.asp ) <% Dim pid, pname, price, qty, cart, found, i pid = Request("id") pname = Request("name") price = CDbl(Request("price")) qty = CInt(Request("qty")) If qty < 1 Then qty = 1
' Loop to find if product already in cart For i = 0 To UBound(cart) If cart(i, 0) = pid Then cart(i, 3) = cart(i, 3) + qty found = True Exit For End If Next Example product list ( products
If Not found Then ReDim Preserve cart(UBound(cart) + 1) cart(UBound(cart)) = Array(pid, pname, price, qty) End If