Prevent Duplicate Items from Being Added to a Shopping Cart with the Header Redirect

For the longest time, I've been ignoring header redirects. They typically seem to be used for processing form requests. One page collects the form data and if everything checks out, the script redirects visitors to a confirmation page. Otherwise, the visitor is redirected back to the form. This is a perfectly acceptable way to build forms, but my preference has been to keep everything under the same page. Using a series of if constructs makes this possible. Lately, however, the header redirect has been sneaking into my scripts. In case I'm not the only one shying away from the header() function, let's talk about one possibility.

Background

A project recently crossed my desk where a shopping cart system needed an overhaul. One goal was to reduce its dependency on JavaScript. The trick was to allow customers to add items to their cart while preventing them from accidentally getting added twice.

The old solution used JavaScript to store the items into a shopping cart cookie. Once done, the customer would be brought to the shopping cart page. If the browser's refresh button was clicked or if the back button was used during a customer's shopping experience, a duplicate item wouldn't be added accidentally.

Many options were considered for the new solution, but the header() function seemed like a good way to prevent duplication.

New Solution

Adding items to the cart is done by clicking links like the following:

<a href="cart.php?itemID=3429">Add to Cart</a>

The cart.php script goes through the typical verification process to make sure the request is valid. Once complete, the item's ID is stored in the shopping cart and the customer is redirected back to the cart.

<?php
$_SESSION['cartItems'][] = $_GET['itemID'];
header("Location: cart.php?new={$_GET['itemID']}");
?>

Note that the GET variable in the redirected URL was changed. This prevents duplication caused by someone hitting the refresh button after adding an item to the cart. And since we're using a server-side redirect, the back button isn't going to be problematic either.

Example Code

To get a better idea of how the solution works, start a blank page called "cart.php" and add the code below. Try clicking each of the links, hitting the refresh button, using the back button, etc.

<?php
//START SESSION
session_start();
 
//IF ADDING AN ITEM TO THE CART
if(isset($_GET['itemID'])) {
     $_SESSION['cartItems'][] = $_GET['itemID'];
     header("Location: cart.php?new={$_GET['itemID']}");
}
 
//IF AN ITEM WAS JUST ADDED, LET CUSTOMER KNOW
if(isset($_GET['new'])) {
     print "<p>Item #{$_GET['new']} has been added</p>";
}
 
//IF SESSION VARIABLE SET, DISPLAY SHOPPING CART ITEMS
if(isset($_SESSION['cartItems'])) {
     print '<p>Items in cart: ' . implode('|', $_SESSION['cartItems']) . '</p>';
}
 
//SAMPLE ITEMS
?>
<ul>
     <li><a href="cart.php?itemID=3429">Add Item 3429 to Cart</a></li>
     <li><a href="cart.php?itemID=8034">Add Item 8034 to Cart</a></li>
</ul>

Conclusion

As you may have noticed, the code needs quite a bit of work to make it a fully-functional shopping cart. The code was only meant to provide a general idea of how the header() function could help eliminate duplicate shopping cart entries. If you have questions or suggestions, please enter them in the comments below.