The workshop is designed to help you anticipate possible questions, review what you've learned, and begin learning how to put your knowledge into practice.
| 1: | When removing an item from the cart, why do you suppose that the query validates the session ID of the user against the record? |
| 2: | What would be a reason not to store the price in a hidden field when adding to the cart? |
| A1: | Users should be able to remove only their own items. |
| A2: | If you stored the price in a hidden field, a rogue user could change that value before posting the form, therefore, writing whatever price he wanted into the store_shoppertrack table, as opposed to the actual price. |