|
Post by ddcpitt on Nov 27, 2012 15:08:44 GMT -5
For my final project, I am doing an online audio equipment store. I have two questions.
First is about the shopping cart. Is it acceptable to use session variables to store information regarding the contents of the cart, or should PHP cookies be used so the cart contents remain persistent through multiple browser sessions?
Second, I plan on having a store admin login where the store owner can manage inventory and view sales. Do I also need to have a user login where the customers can create an account so their address and payment information is on file, or is it acceptable to have customers enter that information each time they wish to purchase something, sort of like a permanent guest checkout?
Thank you!
|
|
|
Post by Bob P on Nov 27, 2012 15:14:21 GMT -5
Well, there is no definitive answer here. You definitely need to do something for one browser session so a person can put an item in a cart add a second and delete the first. Whether you save session or cookie is fine
Well, pretty bad store if I have to write my address every time I buy something. I think once a user logs in, the system should do an sql query of the user table and if the user has an acct then all the pertinent info should be available. Now, you may not keep credit card info because of security issues and they have to type that in. And, most accts allow for multiple shipping addresses.
Bob
|
|
|
Post by ddcpitt on Nov 27, 2012 19:34:33 GMT -5
Okay thank you, that helps.
Regarding the credit card info, what should I do with that when the customer enters that into a form field? I do not want to store it and will not be passing it through a payment gateway like PayPal or Google Checkout. Should I just do nothing with the info and note in the code comment that it would usually be passed onto some sort of payment gateway?
I guess I am just not sure what to do with the credit card info when it is entered, since I will not be storing it anywhere.
Thanks, again!
|
|
|
Post by Bob P on Nov 27, 2012 20:13:56 GMT -5
You can just pretend it's being sent to a payment gateway..... Once a person puts in credit card info run some basic checks on it to make sure it "looks" like a credit card number and not an sql injection or script then tell the user either the card was accepted or rejected due to fund availability.....just make it up. maybe every five times it's rejected. now don't accept cards that are past due the expiration date etc Bob
|
|