Archives For e-commerce

In the second demo site for my book “[intlink id=”1578″ type=”page”]Effortless E-Commerce with PHP and MySQL[/intlink]”, customers are able to make purchases without logging in. Although this isn’t a standard approach for many e-commerce sites, it’s actually a better way to go in terms of increasing profits. Simply put, requiring registration will inevitably hurt sales. I know there have been times when I stopped going through with a sale because I didn’t feel the need to register at a site I’m not likely to shop at again. But without a login system, it’s a bit more challenging to let customers view previous orders (e.g., to check the status of an existing order or to review older orders). There are two solutions.

The first solution is to provide a registration option. Then registered users could login and see existing orders but other customers could place orders without having to register. But what if you wanted any customer to be able to view their orders?

Without a registration system, the best way to allow customers to access their orders is by creating a pseudo-login, using information that would be unique to the customer and not publicly known. Logical options include any of the following: the customer’s email address, the order number, the order amount, the order date, the shipping zip code, and so forth. For example, using the email address and order number are the most practical choices. Simply create a form that takes these two pieces of information. Validate that the email address is of the proper email address format (perhaps using the Filter extension) and that the order number is a positive integer. Then, if both pieces of data passed the validation tests, you’d do a SELECT query like

SELECT * FROM customers AS c, orders AS o WHERE c.email=’$email’ AND o.id=$oid

If that query returns one record, the order information can be displayed. Note that a more complicated query is required to fetch the details of the order, similar to the one used to show the items in the customer’s cart or wish list (see the book for details). Also, as the second example in the book relies upon stored procedures, my inclination would be to write a stored procedure that accepts an email address and an order ID and returns either FALSE or the order contents, depending upon the validity of the submitted values.

And that’s all there is to extending this particular example site to add this nice feature.

The second example site developed in my “Effortless E-Commerce with PHP and MySQL” book is now online. You can view it at http://ecom2.dmcinsights.com. This is a fully functioning site, at least in terms of what you learn how to do in the book. It is hooked up to a payment gateway (Authorize.net), in test mode. Test credit card numbers are listed for you to use. The code for the site can be downloaded from the book’s corresponding Web site. I’m going to figure out a reasonable way to make the administrative side of the site usable, too.

My “Effortless E-Commerce with PHP and MySQL” book is going to the printer on Tuesday (I believe). Barring any last minute changes, below you will find the complete table of contents. Those that have being paying attention to this book throughout the writing process may notice that Part Four: Extras has up and gone. This is entirely in part because I ran out of pages (I’m only allotted so many) and in part because many of the topics I was going to discuss separately in Part Four got moved into the other chapters. Five of the eleven chapters end with 3-7 pages of additional ideas, note, PHP code, MySQL tables, and so forth. I may develop some of these ideas further in this blog (both examples are very modular and extend-able). Edit: Unfortunately, due to page constraints, all of the bonus material had to be pulled from the chapters. I’ll make it all, plus some extra extras, available online. My apologies (but it’s completely out of my hands).

I’m in the process of completing the book’s corresponding Web site, as well as putting the second e-commerce example online. I’ll post those URL’s in the next couple of days.

As always, thanks for your interest in my work!

  • Introduction

  • Part 1: Fundamentals

  • Chapter 1: Getting Started
    • Identifying Your Business Goals
    • Researching Legal Issues
    • Choosing Web Technologies
    • Selecting a Web Host
    • Using a Payment System
    • The Development Process
  • Chapter 2: Security Fundamentals
    • Security Theory
    • PCI Requirements
    • Server Security
    • Using Secure Transactions
    • Common Vulnerabilities

  • Part 2: Selling Virtual Products

  • Chapter 3: First Site: Structure and Design
    • Database Design
    • Server Organization
    • Connecting to the Database
    • The Config File
    • The HTML Template
  • Chapter 4: User Accounts
    • Defining Helper Functions
    • Registration
    • Logging In
    • Logging Out
    • Managing Passwords
    • Improving the Security
  • Chapter 5: Managing Site Content
    • Creating an Administrator
    • Adding Pages
    • Displaying Page Content
    • Adding PDFs
    • Displaying PDF Content
    • Recommended Alterations
  • Chapter 6: Using PayPal
    • About PayPal
    • Testing PayPal
    • Integrating PayPal
    • Testing the Site
    • Using IPN
    • Renewing Accounts
    • Going Live

  • Part 3: Selling Physical Products

  • Chapter 7: Second Site: Structure and Design
    • About the Site
    • Database Design
    • Server Setup
    • Helper Files
    • The HTML Template
    • Newer MySQL Features
  • Chapter 8: Creating a Catalog
    • Preparing the Database
    • Shopping by Category
    • Listing Products
    • Indicating Availability
    • Showing Sale Prices
    • Highlighting Sales
    • Potential Alterations
  • Chapter 9: Building a Shopping Cart
    • Defining the Procedures
    • Defining the Helper Functions
    • Making a Shopping Cart
    • Making a Wish List
    • Calculating Shipping
    • Potential Alterations
  • Chapter 10: Checking Out
    • About Authorize.net
    • Creating a Test Account
    • Preparing the Site
    • Taking the Shipping Information
    • Taking the Billing Information
    • Processing Credit Cards
    • Completing the Order
    • Emailing Receipts
    • Testing the Site
    • Going Live
    • For Your Consideration
  • Chapter 11: Site Administration
    • Setting Up the Server
    • Adding Products
    • Adding Inventory
    • Creating Sales
    • Viewing Orders
    • Shipping Orders
    • Alterations and Additions

I’m very pleased to say that I’m in the process of wrapping up my next book, “Effortless E-Commerce with PHP and MySQL”. I’ve  completed the writing of all eleven chapters. Now I’m in the process of reviewing the PDF layouts of the chapters, which I’ll finish over the weekend (the book goes to the printer on Tuesday). Overall I think the book turned out quite well, although you’d expect me to say that! Unfortunately I did have to cut a couple of “bonus” chapters out, as I ran out of pages (the publisher institutes a hard limit on a book’s length), but I should be able to explain most of the bonus materials in blog postings here. I’ll post the final table of contents separately, and I still need to put the code for the second example online (actually, I need to create the official Web site for the book, too), but I wanted to quickly mention some of the book’s highlights, in no particular order:

  1. The book uses a free-flowing format. Most of the books I write are in Peachpit Press’s Visual QuickPro Guide or Visual QuickStart Guide series, which is fairly structured (two-column layout, etc.). This book is under the New Riders label, so it’s not pre-scripted in any way. This means that complicated bits of code get developed in a series of steps, with explanations; simple bits of code and very basic scripts just get presented in their entirety.
  2. There are two complete e-commerce example sites developed in the book. The two have very few overlapping features, so you’ll see lots of ways to do things. For example, how you perform MySQL queries using PHP is presented three different ways: the standard, direct method; using prepared statements; and using stored procedures. How to address the HTML-PHP relationship is also presented in two different ways. You’ll see how to do a site that requires registration and one that does not. You’ll manage inventory for physical products, create virtual content, setup repeating payments, and authorize credit card holds to be debited later. It’s very much a buffet of ideas, allowing you to pick and choose those you like best or are most appropriate for your e-commerce sites.
  3. You’ll get both the bigger picture (of the process, finding a host, developing a site, etc.) and lots of specific code and recommendations. The book teaches not just how to do things, but why you would want to do them this way or another way. In other words, there’s a larger proportion of theory discussed.
  4. Security is hammered constantly. The second chapter is all about security, from a general approach to preventing common attacks. All of the other chapters also use secure techniques but, just as importantly, indicate simple things you might casually have done, that have terrible security implications.
  5. The examples use third-party libraries for extra features. You’ll see how to integrate a WYSIWYG editor into a form so that an administrator can add HTML content. You’ll also apply three different, but simple, uses of the jQuery framework. And the Zend_Mail component of the Zend Framework is used so that an HTML or plain text version of an order receipt can be sent to the customer upon completing his or her order.
  6. Secure uploading of PDF and image files.
  7. The second e-commerce example uses an MVC (Model-View-Controller) approach to development, without tapping into a framework or requiring object-oriented programming. There’s a huge security and performance benefit by placing almost all of the database logic within the database (i.e., the Model). And all of the HTML is written into separate files (the View). The remaining PHP code (the Controller) is sparse and clean.
  8. I developed two versions of a really nice user-defined function for creating form elements, with the ability to handle both existing values (i.e., to make the form “sticky”) and error reporting.
  9. PHP’s relatively new Filter extension is used to validate many values.
  10. There are tons of recommendations for how you can modify and extend the examples. I think about half the chapters conclude with 3-5 pages of ideas, including that specific HTML, PHP, and MySQL, required to accomplish those alterations.

So there you have a somewhat random ten highlights of the book. Having written nearly 20 books over the past 10 years, over half of them involving PHP and MySQL in some capacity, I worry about giving readers something new and interesting. If you’re paying $20-30 for a book, you should feel like you’re not just getting a different wrapper on something I’ve already written. I think I really succeeded on that note here. And I hope you’ll feel the same.

My thanks, as always, to everyone who has provided feedback on this book idea and have expressed their interest in it. The book is currently listed at Amazon.com for $23.09 (the MSRP is $34.99). I’ll continue to post updates about its status here.

Choosing a Payment Gateway

September 16, 2010

In my forthcoming “Effortless E-Commerce with PHP and MySQL” book (which is pretty much my only focus these days), I wanted to use two different payment systems. This was part of my overall approach of trying to present as big of a picture as possible as to what “e-commerce” is. For the book’s first example, I wanted to use PayPal. Many developers don’t like PayPal, but for customers, it’s the most recognizable name, and that’s critical when it comes to customers being comfortable spending money at a site. People traditionally think of PayPal’s as a system where the customer leaves the e-commerce site, goes to PayPal’s site, and hopefully returns to the original e-commerce site after making the purchase. This is formally called PayPal’s Website Payments Standard, and is demonstrated in my book. In that example, I make use of PayPal’s IPN (Instant Payment Notification) system, so that the site is notified as soon as the payment is made, whether or not the customer actually returns to the e-commerce site immediately thereafter. Tapping into IPN makes the use of PayPal more professional and reliable for the site itself.

For the second example in the site, I wanted to use a true payment gateway: a system that can be integrated into a site so that the customer never leaves. A secondary, but big, benefit of a payment gateway is that the funds get transferred to the site’s merchant bank account, instead of to a PayPal account. (To be clear, PayPal’s Website Payments Pro works as a payment gateway that can be integrated into a site, but I believe the funds still go into one’s PayPal account.) I’ve used several different gateways over the years, but rarely made the selection myself (normally it’s the client making the choice, based upon their merchant bank account). So I spent some time researching payment gateways to find the one that would be best for the book. Many readers also provided their recommendations (thanks!). Here’s how that search went for me… Continue Reading…