Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/wreyesus/Sencillo_Carrito_de_Compras_en_PHP/llms.txt

Use this file to discover all available pages before exploring further.

detalles.php is the single-product view page for the YUME|TEC store. It receives a product identifier via the id_producto GET parameter, uses the Dreamweaver-generated GetSQLValueString helper to safely cast the value to an integer, and then runs a SELECT against the productos table to fetch the matching row. The page then renders the product’s full name, multi-line description, and a large detail image, alongside an Add to Cart form that POSTs directly to carrito.php.

URL and parameters

Every product in the catalog links here from both the category listing pages and the thumbnail images. The only required parameter is id_producto:
detalles.php?id_producto=1
The value maps to the productos.id_producto primary key column in the database. If no id_producto is present in $_GET, the script defaults $colname_detalle_proce to "-1", which returns no rows and renders an empty detail layout.

Database query

The product lookup is handled through the Dreamweaver GetSQLValueString utility, which casts the raw GET value to an integer before it is spliced into the query string:
$colname_detalle_proce = "-1";
if (isset($_GET['id_producto'])) {
    $colname_detalle_proce = $_GET['id_producto'];
}
$query_detalle_proce = sprintf(
    "SELECT * FROM productos WHERE id_producto = %s",
    GetSQLValueString($colname_detalle_proce, "int")
);
$detalle_proce = mysql_query($query_detalle_proce, $tienda) or die(mysql_error());
$row_detalle_proce = mysql_fetch_assoc($detalle_proce);
mysql_fetch_assoc returns the first (and only expected) row as an associative array keyed by column name. All subsequent output on the page is drawn from $row_detalle_proce.

Displayed fields

The detail layout is built as a single-column HTML table with four rows, one for each piece of displayed data:
FieldColumn in productosNotes
nombrenombreDisplayed as a paragraph inside .producto_titulo
descripciondescripcionPassed through nl2br() so line breaks render in the browser
imagenimagenLoaded from imagenes/productos/detalle/ at 200 × 200 px
precioprecioEmbedded as a hidden field in the Add to Cart form
The description rendering in the source looks like this:
<p><?php echo nl2br($row_detalle_proce['descripcion']); ?></p>
Using nl2br is important because product descriptions stored in bd.sql use plain newline characters (\n) to separate specification lines. Without it, all specs would appear on a single line in the browser.

Add to Cart form

The purchase button at the top of the detail table is an <input type="image"> element, which submits the form on click just like a standard submit button. Three hidden fields carry the product data to carrito.php:
<form name="form1" method="post" action="carrito.php">
  <input type="image" src="imagenes/comprar.gif">
  <input name="nombre"   type="hidden" value="<?php echo $row_detalle_proce['nombre']; ?>">
  <input name="precio"   type="hidden" value="<?php echo $row_detalle_proce['precio']; ?>">
  <input name="cantidad" type="hidden" value="1">
</form>
The quantity is hard-coded to 1 on the first add. Once the item appears in the cart (carrito.php), the shopper can adjust the quantity or remove the item from there. Note that nombre and precio — not id_producto — are what get posted to the cart; the cart therefore stores product names and prices directly rather than looking them up again by ID.

GetSQLValueString helper

GetSQLValueString is a Dreamweaver-generated utility function defined inline at the top of detalles.php (and each category listing page). It performs two jobs: it strips magic-quote escaping when the PHP version is below 6, and it normalises and type-casts the value before injection into a query string.
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
    if (PHP_VERSION < 6) {
        $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    }

    $theValue = function_exists("mysql_real_escape_string")
        ? mysql_real_escape_string($theValue)
        : mysql_escape_string($theValue);

    switch ($theType) {
        case "text":
            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
            break;
        case "long":
        case "int":
            $theValue = ($theValue != "") ? intval($theValue) : "NULL";
            break;
        case "double":
            $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
            break;
        case "date":
            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
            break;
        case "defined":
            $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
            break;
    }
    return $theValue;
}
For the "int" type used in detalles.php, the function calls intval() on the value, which means any non-numeric input (including SQL injection strings) evaluates to 0 rather than being executed. An empty string produces the literal NULL.
The detail images are stored in imagenes/productos/detalle/ (larger versions used on this page) while the catalog thumbnails displayed on the category listing pages are in imagenes/productos/ (smaller versions). Both directories share the same filename — for example, acc393.jpg — so the only difference is the directory path used when constructing the <img src> attribute. Product entries in bd.sql store only the bare filename in the imagen column, not the full relative path.

Build docs developers (and LLMs) love