This works functionally, but it is a disaster waiting to happen.
?>
The attacker uses Burp Suite to fuzz the num parameter with a payload list: 1 , 1.1 , -1 , 999999 , 1 UNION SELECT 1 , 1%00 . add-cart.php num
else $_SESSION['cart'][$product_id] = $quantity; This works functionally, but it is a disaster
add-cart.php?id=100&num=-999