some problems with simple online store

@memeApr 30.2007

Hi,

I am designing a simple online store and I am now facing 2 problems.

1) after the user make their selection they go to a page “fillform.php” where they fill in billing and shipping details. when the form is validated and submitted they go to a page “confirm.php” which inserts the order into the right tables, confirms the order and redirects them to a transaction processing website for credit card validation. The problem is that if the user clicks the browser back button at the confirm.php page they go back to the fillform where the form is already filled. If they click submit again, the same order is inserted again into the database. How can I prevent this?

2) How can I prevent the user from taking the url of any page of the buying process and accessing it using another browser.

By the way, I am not using sessions, I am still reading about them and I am not sure if they are related to the problems I am having but I need to fix the above quickly as my deadline is approaching fast.

thank you

to post a comment

PHP

7 Comments(s) _↴

@DARTHTAMPONApr 30.2007 — #

1. you cant. Unfortunatly you cabnnot stop stupidity. I work for a company that always has this issue because users like to hit the back button after they submit their order to make sure everything was filled out correctly. We have had people submit the same order up to 9 times befor.

the best solution I have come up with is to store the information into a temp table for 5-10 minutes befor processing the order. At the end of that timestamp compare to see if there are any identical orders. The problem with this is that users want to know that they have had a successful order right away. 2nd solution is to write a cookie with their basic order that expires a few minutes from when they checkout. Check the cookie on each new load to see if they have had an identical order recently. Problem with this is some people turn off cookies. Same can be handled with sessions but you may run into memory issues depending on the size of the site and howlong the session lasts for the user.

2. use posts instead of gets

@TaschenApr 30.2007 — #Thankfully there are two simple solutions to this problem:

A. (the simplest) send the correct header [205 - Reset Content]

(see: http://www.ilovejackdaniels.com/apache/http-status-codes-explained)

B. Set a SESSION on succesful form submission.

No offence DARTHTAMPON it isn't your users who are stupid. Some questions do need to be asked of the developers of your companies website though.

@memeauthorApr 30.2007 — #Thank you for clarifying.

I think the only thing that users won't do is make payment more than once. I have a field in my tables for card payment authorisation, the value is returned from the card transaction processing website. So, as long as the value is true for this column for all entries (i.e. payment is made for each order) we don't mind shipping the same product more than once to the same user ?

thanks for the clue for point 2

@memeauthorApr 30.2007 — #wow, interesting, I will read more in the website you posted about how to use different status codes (e.g. 205)

regarding ?, I am not sure this is applicable to my online store as the form is filled out after the order is made. In fact, I've just realised I may need to be using sessions from the top so that the data in the tables is inserted correctly (i.e. we know which order belongs to which customer)

@launchpad67aApr 30.2007 — #In my opinion, and the way that most stores work is in this order:

1) Select Product

2) Fill in Shipping Info ect...

3) Click Purchase

4) Send to Credit Card processor

5) Upon successful credit processing, send Back to website

6) The page they are sent Back to then writes the Order to the database.

You should Never write the order to the database Before the credit card has been processed.

@memeauthorMay 01.2007 — #This makes sense thanks Mike. I just don't know where to store the information until the info is back from the credit card processor. The credit caard processor needs only the order total. This is why I thought I should store the order details before credit card validation and on successful validation, there's a status field that shows whether payment is authorised.

are there any examples or guidance on how to store the information or how to create the code according to the order you described below?

@launchpad67aMay 01.2007 — #The CC processor may only need the $ordertotal but you can pass ALL your variables to them (don't have to change anything on their site either). They will stay intact until sent back to your site. Trust me, it works like a dream!!

What CC merchant are you using?

* I shouldn't say there is nothing to change on the merchant site. There are usually 3 things. A checkbox stating whether you are sending them a "script" (cgi, php, ect...) also a "successful page", and a "failure page".

The path to your "successful page" would be where you will gather all the variables/values and write your database entry.

The path to your "failure page" would simply say "Sorry there was a problem...blah..blah" and it wouldn't even have code to gather the variables or write to the DB.

Understand?

Also in #PHP _↴

Stupid Reg Ex Problem hide download link [RESOLVED] Sum and If Statements

Success!

Help @meme spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.4,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...

some problems with simple online store

7 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

some problems with simple online store

7 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

7 Comments(s) _↴

Also in #PHP _↴