Posted by Richard Lynch on 05/15/05 05:52

On Sat, May 14, 2005 6:30 am, mayo said:
> I have to say it's a pretty simple project. The don't want to keep any
> information in a db. (!!??!!) Info will be sent to a merchant services
> account and to the distributor which will process the form.
>
> Info will be kept in hidden fields <input type="hidden" ...> and in
> session variables then sent off.

Don't put anything you *NEED* to be correct/accurate in type="hidden"

The web surfer can *CHANGE* that in about 5 seconds and send whatever they
want.

All your prices, all you shipping costs, all the weights, etc had better
be in your PHP source code, as arrays, I guess...

You'd really be better off just using a database with an existing cart.

The amount of code you'll have to write to do this correctly is insane.

> They have three products (it may rise to 5) and everything will be
> hardcoded as there are no size or color variations. I told them that
> it's not advisable to have everything hardcoded but the client insists
> there is no reason to pull anything from a database. The on-site
> graphics/web designer person will make the changes. He is competent to
> do that and did a good job with the basic design.

But you CANNOT put your prices in type="hidden" fields!!!

That's EXACTLY how you get a shopping cart where the user changes the price!

> This is not my very first foray into PHP but first time doing something
> more complicated than
>
> 1. if person has this permission then show A else show B
>
> or
>
> 2. if person is on page 1 then show page 1 as bold else show page 1 as
> normal

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]