|
|
Posted by Richard Lynch on 05/14/05 08:54
On Fri, May 13, 2005 8:26 pm, mayo said:
> I'm making my first shopping cart in PHP. I'm concerned about the
> security of my session variables, concerned about people altering data
> (lowering the price). Is there anything I should pay attention to.
There are approximately 247 other PHP shopping carts out there. Maybe
you'd be better off just installing one of them.
Certainly, you should read the source code to several.
Your session variables are at-risk on a shared server, usually; And not so
much on a dedicated server. Or, more properly, on a dedicated server, if
your session data isn't safe, you've got MUCH bigger problems than just
your session data.
As far as changing the price goes, just don't take the price as an INPUT
from your cart/form. The only variables you need to accept from the user
in the shopping cart itself are: $product_id and $quantity.
For the fulfillment, maybe some location data like $country, $region,
$postal to calculate shipping, and then their credit card info.
Honestly, setting up a script to accept people's credit card numbers as
your very first PHP project is probably not a particularly Good Idea...
You can't absorb all the ins and outs of security overnight... Just my
opinion.
Perhaps you would be better served to install a pre-existing PHP shopping
cart, and focus on making it secure and safe, rather than trying to write
your own from scratch as well.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|