try // Begin Transaction for data integrity $pdo->beginTransaction(); // The Query // This attempts to insert the row. // If the user_id + product_id combo already exists, it updates the quantity instead. $sql = "INSERT INTO cart_items (user_id, product_id, quantity) VALUES (:user_id, :product_id, 1) ON DUPLICATE KEY UPDATE quantity = quantity + 1";
An attacker writes a simple script that calls add-cart.php?product_id=123&num=9999 every second until all stock is reserved in abandoned carts. add-cart.php num