You are here: RE: [PHP] Shopping Cart, security concerns « PHP « IT news, forums, messages
RE: [PHP] Shopping Cart, security concerns

Posted by Mayo on 05/16/05 03:52

No, I would not have prices in the hidden fields. :-)
Thanks though for the concern.

I do have a few questions about easiest / best way to write this.
Especially as I don't have PHP experience, meaning it takes me longer to
write the code and more importantly I might miss something important.

======

Shopping Cart display

Item Qty (allow user to change or delete)
Item ID (added to session variable by hidden field)
Item Name (added to session variable by hidden field)
Item Desc Short (added to session variable by hidden field) Item Price
(hardcoded. I hate this but it would be pulled from a file or hardcoded
- an if else clause. If itemID = 1 then price = x)


Page 1 (Shipping Info: Name, Address...)

Info forwarded to page two in hidden fields)

Page 2 (Billing Address: Name, Address ...)

Info forwarded to page three in hidden fields

Page 3 - confirmation page

Page 4 (CC info)

Page 5 (Hidden from consumer Security Check Page)

Qty * Price = Qty
Tax recalculated
Shipping recalculated

Relevant data sent to merchant and distributor company

Thanks





-----Original Message-----
From: Richard Lynch [mailto:ceo@l-i-e.com]
Sent: Saturday, May 14, 2005 10:52 PM
To: mayo
Cc: 'php'
Subject: RE: [PHP] Shopping Cart, security concerns

On Sat, May 14, 2005 6:30 am, mayo said:
> I have to say it's a pretty simple project. The don't want to keep any
> information in a db. (!!??!!) Info will be sent to a merchant services
> account and to the distributor which will process the form.
>
> Info will be kept in hidden fields <input type="hidden" ...> and in
> session variables then sent off.

Don't put anything you *NEED* to be correct/accurate in type="hidden"

The web surfer can *CHANGE* that in about 5 seconds and send whatever
they
want.

All your prices, all you shipping costs, all the weights, etc had better
be in your PHP source code, as arrays, I guess...

You'd really be better off just using a database with an existing cart.

The amount of code you'll have to write to do this correctly is insane.

> They have three products (it may rise to 5) and everything will be
> hardcoded as there are no size or color variations. I told them that
> it's not advisable to have everything hardcoded but the client insists
> there is no reason to pull anything from a database. The on-site
> graphics/web designer person will make the changes. He is competent to
> do that and did a good job with the basic design.

But you CANNOT put your prices in type="hidden" fields!!!

That's EXACTLY how you get a shopping cart where the user changes the
price!

> This is not my very first foray into PHP but first time doing
something
> more complicated than
>
> 1. if person has this permission then show A else show B
>
> or
>
> 2. if person is on page 1 then show page 1 as bold else show page 1 as
> normal

--
Like Music?
http://l-i-e.com/artists.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация