// Validate that the ID is not empty after sanitization if (empty($product_id)) header("Location: products.php?error=invalid_id"); exit();
// Fetch price from DB $stmt = $pdo->prepare("SELECT price FROM products WHERE id = ?"); $stmt->execute([$item_id]); $product = $stmt->fetch(); add-cart.php num
: Forcefully converts and validates the num variable into a clean integer before it ever interacts with database logic. // Validate that the ID is not empty