473,326 Members | 2,805 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Shopping carts in PHP and security


I have had two clients recently ask me about shopping carts.
I have also been using PHP on a more regular basis and thought I could
find an open source shopping cart such as oscommerce.

It seems as though oscommerce requires "register globals" turned on.
I know this is a bad idea. Also my hosting company won't turn them on
(not that I would want that). This got me thinking about a few things
and I was wondering what others experience on the subject is. I could
find very little information about this subject on Google.

I apologize if this is not the correct forum to present these topics.
As a note: I have built enrollment and authentication systems in PHP,
just not a store site.

What are peoples experience on these topics?

1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?

2. Are there any solutions open source or paid that
have "register globals" turned off.

3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.

4. Is any downloadable PHP shopping cart preferred over another?

Enough said!

Thank you,
Darryl
--
--
Derrald V
Jul 17 '05 #1
3 2512
Darryl,

I don't know the answer to question 1, but as for question 2, I did a quick search in the osCommerce
forum and found the following contribution that allows you to keep the register globals setting off:

http://www.oscommerce.com/community/...gister+globals

My site is in a shared web-hosting environment. My host will probably not let me turn it on, so I'm
going to be incorporating this contribution in my "localhost" development copy of osC sometime
during the next two weeks.

Larry Kahm

"Derrald" <re****************@sbcglobal.not> wrote in message
news:re**************************************@news svr21-ext.news.prodigy.com...

I have had two clients recently ask me about shopping carts.
I have also been using PHP on a more regular basis and thought I could
find an open source shopping cart such as oscommerce.

It seems as though oscommerce requires "register globals" turned on.
I know this is a bad idea. Also my hosting company won't turn them on
(not that I would want that). This got me thinking about a few things
and I was wondering what others experience on the subject is. I could
find very little information about this subject on Google.

I apologize if this is not the correct forum to present these topics.
As a note: I have built enrollment and authentication systems in PHP,
just not a store site.

What are peoples experience on these topics?

1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?

2. Are there any solutions open source or paid that
have "register globals" turned off.

3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.

4. Is any downloadable PHP shopping cart preferred over another?

Enough said!

Thank you,
Darryl
--
--
Derrald V
Jul 17 '05 #2
> 1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?
I personally wouldn't use a shopping cart with register globals turned
on. The second issue is how the credit cards are handled. If your
using something like payflow LINK from verisign then the cc# probably
isn't stored or processed on your site.
2. Are there any solutions open source or paid that
have "register globals" turned off.
I think zen cart fits this description but I've never used it
personally.
3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.


I'm not sure what your asking here. As I said before, if your using
something like payflowLINK (not payflow pro) then you aren't handling
the credit cards anyway.
Jul 17 '05 #3
Thank you Larry and Jay.

I am definitely not processing the CC on my site.
Let me take a look at the option to shut off the globals and zen cart as
well.

Thanks,
Darryl


In article <9c**************************@posting.google.com >,
ja********@gmail.com (Jay Donnell) wrote:
1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?


I personally wouldn't use a shopping cart with register globals turned
on. The second issue is how the credit cards are handled. If your
using something like payflow LINK from verisign then the cc# probably
isn't stored or processed on your site.
2. Are there any solutions open source or paid that
have "register globals" turned off.


I think zen cart fits this description but I've never used it
personally.
3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.


I'm not sure what your asking here. As I said before, if your using
something like payflowLINK (not payflow pro) then you aren't handling
the credit cards anyway.

--
--
Derrald V
Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: rstuckart | last post by:
Many clients want changes made to shopping carts. I have always had a lot of trouble trying to modify osCommerce and Zen Cart. Does anyone know of any commercial shopping carts that are easy to...
2
by: Paul Bruneau | last post by:
Hi, I hope someone can help me make a working shopping cart, as a learning tool. If I have a "Product Demo" html page with a "Buy Me" button, there must be a simple javascript method of...
4
by: IntraRELY | last post by:
I want to gather some info on what everyone considers to be their favorite shopping cart...I am running VB/ASP.NET/SQL2000. TIA, Steve
0
by: Tulasi | last post by:
Hello, any one help me the problem due to Shopping cart. I am developping a project in that project,I want to connect shopping Carts in Vb.net.The shopping carts...
2
by: G.E.M.P | last post by:
High Level Session Handling Design for a Shopping cart 0) What am I missing? 1) How does OSCommerce do it? I'm thinking about building a shopping cart from scratch, using a library of dynamic...
7
by: verb13 | last post by:
I am trying to find an ASP shopping cart with the following properties: -free -unlimited number of product categories -as simple as possible (only few asp pages) I have seen many carts and I am...
3
by: Paulo | last post by:
Hi, beginner on asp.net 2.0 C# VS 2005, how can I use the shopping cart concept on my application? When the user clicks add item, it will be stored on some storage format, I dont know what is the...
0
by: Luke Hamilton | last post by:
Thanks... Do you happen to have anymore details?
6
by: frank | last post by:
can anyone point me to a free shopping-cart script?
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.