Page 1 of 1

Shopping Cat?

Posted: Mon Nov 15, 2004 5:28 pm
by Mr Tech
Hey there,

What is the best way to record information in a customers shopping cart?

Cookies and MySQL Database would eb the best do you think?

Thanks for yuor input.

Posted: Mon Nov 15, 2004 10:37 pm
by rehfeld
depends on the functionality desired.

but yeah most carts use cookies along w/ a db, or just sessions/cookies

Posted: Mon Nov 15, 2004 10:51 pm
by Mr Tech
Well basically all I want it to do is allow customers to add and delete items from the shopping cart and when they are happy, they click order.

What is more secure and reliable do you think?

Cookies and MySQL DB
Sessions and Cookies
Thanks

Posted: Tue Nov 16, 2004 4:36 am
by phpScott
again it depends on what you want to do.
If a user close's the brower do you want to keep the cart alive?
Allow them to return to the cart later if they don't purchase right away?

I have seen systems work both ways of have a combination of sessions/cookies or db's

If you don't care about keeping the cart alive then sessions/cookies will work fine as long as you record the order in a db once they want to purchase.
If you want to keep the cart between sessions then recording everything in a db as they add and delete items or update quantities is the best way to go IMHO.

Never store CC detials as that just posses all sorts of security issues that very few people want to deal with and I personally would never use a site if I knew that they where storing my CC detials.

Posted: Tue Nov 16, 2004 4:19 pm
by Mr Tech
Thanks Scott,

What does IMHO mean?

Thanks

Ben

Posted: Tue Nov 16, 2004 5:08 pm
by John Cartwright
What does IMHO mean?
In My Honest Opinion..


I believe..

Posted: Tue Nov 16, 2004 5:39 pm
by timvw
imho: in my humble opinion
imnsho : in my not so humble opinion

OR google "internet jargon imho" (2nd hit)
http://www.fone.net/support/genhelp/jargon.html

Posted: Tue Nov 16, 2004 7:22 pm
by Mr Tech
LOL thanks guys

Posted: Tue Nov 16, 2004 7:29 pm
by Mr Tech
Oh and while I think of it:

If the shopping cart has lets say for example 100 items in it, how would I confirm that to the MySQL DB that they have paid?

After paying, should I just redirect them page to one of my pages, and use the cookie to identify the customer, and to say to the database that they have paid?

What is a secure way to do this because there can be 1 to 10,000 products in the shopping cart?

Posted: Tue Nov 16, 2004 7:44 pm
by rehfeld
personally i wouldnt redirect and then tell the db that they have paid. i would do it in the same script that finds out firsthand if they paid or not.

reason is, if not done carefully, you might leave a hole open where people could fake having paid, or paid, but it doesnt get recorded, and both are very bad.

but you could redirect them to a thank you page, where a cookie identifies them, and then php finds thier record based on that cookie and then says thank you etc...i just wouldnt have the thank you page be the one to actually modify the db.

as far as how to do things, id recomend you look at the source of some working shopping cart scripts.
a long time ago i took a look at this one, i found it pretty helpfull
http://mymarket.sourceforge.net/

Posted: Tue Nov 16, 2004 8:14 pm
by Mr Tech
OK i'll have a look... If anyone else has any sugegstions please let me know :)

Posted: Tue Nov 16, 2004 8:35 pm
by Mr Tech
That script you gave stored the CC in the DB... I'm not doing that so it doesn't really help...

Would this be secure:

Customer clicks order and confirms everything.
The browser sends them to the remote payment processor for them to fill out the form.
The processor sends them to the page that says they have paid in the MySQL DB (eg: mydomain.com/paid.php)
And then paid.php uses header("location: thanks.php") to send them to the thank you page...

What do you think?

Posted: Tue Nov 16, 2004 8:53 pm
by Mr Tech
I just found what I'm looking for.

My payment processor has an XML payment gateway... So the customer doesn't even leave the site to pay, it uses XML to send the data to my payment processor allowing me to add paid the the MySQL DB. All i need is an SSL certificate.

Thanks for your help any guys.

If anyone does know what to do about recording payments when the customers have to go to the payment processors website to enter their CC details, I'm sure it would help others.