Add-cart.php | Num

| Usage | Example | Meaning | |-------|---------|---------| | Quantity only | ?num=3 | Add 3 units of a predefined product | | Product ID | ?num=SKU456 | Add 1 unit of product SKU456 | | ID:Quantity | ?num=101:2 | Add 2 units of product ID 101 | | Encoded value | ?num=eyJpZCI6MjN9 | Base64‑encoded JSON |

Server Logic: The server processes the cart update.

The Result: The cart now shows a negative total (a credit). If the checkout logic does not validate that the total is positive, the attacker might "purchase" an item while having money credited to their account or reducing the total cost of other items to zero.

Fixing this requires a complete rewrite of the logic. Here is the secure, production-grade approach. add-cart.php num