Roll Out Your Cart
By Ray Argus and Jerid Freeland
Perhaps the most ubiquitous Web application is the venerable shopping cart. Recently, a small client of ours wanted a shopping cart that could be customized. After evaluating many possible solutions, we decided to make our own shopping cart using PHP. Along the way, we learned a lot of lessons about sessions, secure servers, and credit cards.
The Problems
When creating a shopping cart, developers will most likely come across a number of standard problems. One of the first we had to deal with for our client's application was that of keeping "state." The cart has to keep track of what the customer has ordered as he or she moves from page to page on the Web site. That means you must be able to monitor the user's state throughout the session. Prior to PHP4 you needed an external library like PHPLIB to track state. However, PHP4 has session handling built in, so we decided to use that. (We did borrow a database class from PHPLIB, however.)
The other major problem is getting the script to operate properly within the restrictions of a secure server. You want to protect your customers' credit card and personal information, but you don't want your entire site on a secure server because the extra processing time slows site speed. Another concern is that if your secure server and your main server are physically located on separate machines, then tracking state will be close to impossible.
Fortunately, the only page that has to be secure is the one receiving the credit card information.
