If you currently have add-cart.php?num= in production, stop reading and go audit it now. Your users’ data—and your business—depend on it.
if (!$product_id || !$quantity) http_response_code(400); die('Invalid request'); add-cart.php num