$price = $_POST['product_price']; // Trusting client input $update_cart = "UPDATE cart SET price='$price' WHERE id=1";
While functional, using raw IDs in URLs opens the door to several "classic" web vulnerabilities: php id 1 shopping
usually represents the first entry in a "products" table. A PHP script captures this value using $_GET['id'] $price = $_POST['product_price']