In the second demo site for my book “[intlink id=”1578″ type=”page”]Effortless E-Commerce with PHP and MySQL[/intlink]”, customers are able to make purchases without logging in. Although this isn’t a standard approach for many e-commerce sites, it’s actually a better way to go in terms of increasing profits. Simply put, requiring registration will inevitably hurt sales. I know there have been times when I stopped going through with a sale because I didn’t feel the need to register at a site I’m not likely to shop at again. But without a login system, it’s a bit more challenging to let customers view previous orders (e.g., to check the status of an existing order or to review older orders). There are two solutions.
The first solution is to provide a registration option. Then registered users could login and see existing orders but other customers could place orders without having to register. But what if you wanted any customer to be able to view their orders?
Without a registration system, the best way to allow customers to access their orders is by creating a pseudo-login, using information that would be unique to the customer and not publicly known. Logical options include any of the following: the customer’s email address, the order number, the order amount, the order date, the shipping zip code, and so forth. For example, using the email address and order number are the most practical choices. Simply create a form that takes these two pieces of information. Validate that the email address is of the proper email address format (perhaps using the Filter extension) and that the order number is a positive integer. Then, if both pieces of data passed the validation tests, you’d do a SELECT query like
SELECT * FROM customers AS c, orders AS o WHERE c.email=’$email’ AND o.id=$oid
If that query returns one record, the order information can be displayed. Note that a more complicated query is required to fetch the details of the order, similar to the one used to show the items in the customer’s cart or wish list (see the book for details). Also, as the second example in the book relies upon stored procedures, my inclination would be to write a stored procedure that accepts an email address and an order ID and returns either FALSE or the order contents, depending upon the validity of the submitted values.
And that’s all there is to extending this particular example site to add this nice feature.