Based on your last piece of code, you need to do something similar to the following piece of code in shofForTracks.php
// We get the album to add via the `albumID` GET parameter
$query = mysql_query("SELECT song_id FROM song WHERE album = '".mysql_real_escape_string($_GET['albumID'])."'")
// We add a line to the cart per track of the album. We construct the query by pieces
$insert = "INSERT INTO basket (userID, paid, trackID) VALUES ";
$template = "(" . mysql_real_escape_string($_SESSION['currentUserID']) . ", 'N', %d)";
// Add a value line for each track in the array `$tracks`
$tracks = array()
while($track = mysql_fetch_array($query)
$tracks[] = sprintf($template, $track['song_id']);
// Add the lines to the insert query
// "INSERT INTO ... VALUES (ID, 'N', 1), (ID, 'N', 3)"
$insert .= implode(", ", $tracks);
mysql_query($insert);
Note that :
- You must properly escape the data sent from the user. Never Trust User Input (e.g.
$_POST
,$_GET
, ...). Your existing code is vulnerable to SQL injection. - You use the deprecated
mysql_*
functions. Switch tomysqli
or PDO. See this and that and that. - The piece of code above is NOT secure as-is. Using a simple HTTP
GET
request to add stuff to your cart can lead to security vulnerabilities, like XSS - Sorry, but by the look of your code, you don't seem ready to code a real-life (meaning real-money) shopping site by yourself (yet anyway). You still got a lot to learn about security which is essential to web transactions. For your own sake, don't let people trust you with their money if you're not absolutely confident in the security of your code. But hey, I'm just saying. If you're coding this stuff as an exercise, well there's an occasion to familiarize yourself with those concepts :)