The Workshop is designed to help you anticipate possible questions, review what you've learned, and begin learning how to put your knowledge into practice.
1: | When removing an item from the cart, why do you suppose the query validates the session id of the user against the record? |
A1: | Users should only be able to remove their own items. |
2: | What would be a reason not to store the price in a hidden field when adding to the cart? |
A2: | If you stored the price in a hidden field, a rogue user could change that value before posting the form, therefore, writing whatever price they wanted into the store_shoppertrack table, as opposed to the actual price. |