By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,569 Members | 1,386 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,569 IT Pros & Developers. It's quick & easy.

Shopping carts in PHP and security

P: n/a

I have had two clients recently ask me about shopping carts.
I have also been using PHP on a more regular basis and thought I could
find an open source shopping cart such as oscommerce.

It seems as though oscommerce requires "register globals" turned on.
I know this is a bad idea. Also my hosting company won't turn them on
(not that I would want that). This got me thinking about a few things
and I was wondering what others experience on the subject is. I could
find very little information about this subject on Google.

I apologize if this is not the correct forum to present these topics.
As a note: I have built enrollment and authentication systems in PHP,
just not a store site.

What are peoples experience on these topics?

1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?

2. Are there any solutions open source or paid that
have "register globals" turned off.

3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.

4. Is any downloadable PHP shopping cart preferred over another?

Enough said!

Thank you,
Darryl
--
--
Derrald V
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Darryl,

I don't know the answer to question 1, but as for question 2, I did a quick search in the osCommerce
forum and found the following contribution that allows you to keep the register globals setting off:

http://www.oscommerce.com/community/...gister+globals

My site is in a shared web-hosting environment. My host will probably not let me turn it on, so I'm
going to be incorporating this contribution in my "localhost" development copy of osC sometime
during the next two weeks.

Larry Kahm

"Derrald" <re****************@sbcglobal.not> wrote in message
news:re**************************************@news svr21-ext.news.prodigy.com...

I have had two clients recently ask me about shopping carts.
I have also been using PHP on a more regular basis and thought I could
find an open source shopping cart such as oscommerce.

It seems as though oscommerce requires "register globals" turned on.
I know this is a bad idea. Also my hosting company won't turn them on
(not that I would want that). This got me thinking about a few things
and I was wondering what others experience on the subject is. I could
find very little information about this subject on Google.

I apologize if this is not the correct forum to present these topics.
As a note: I have built enrollment and authentication systems in PHP,
just not a store site.

What are peoples experience on these topics?

1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?

2. Are there any solutions open source or paid that
have "register globals" turned off.

3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.

4. Is any downloadable PHP shopping cart preferred over another?

Enough said!

Thank you,
Darryl
--
--
Derrald V
Jul 17 '05 #2

P: n/a
> 1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?
I personally wouldn't use a shopping cart with register globals turned
on. The second issue is how the credit cards are handled. If your
using something like payflow LINK from verisign then the cc# probably
isn't stored or processed on your site.
2. Are there any solutions open source or paid that
have "register globals" turned off.
I think zen cart fits this description but I've never used it
personally.
3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.


I'm not sure what your asking here. As I said before, if your using
something like payflowLINK (not payflow pro) then you aren't handling
the credit cards anyway.
Jul 17 '05 #3

P: n/a
Thank you Larry and Jay.

I am definitely not processing the CC on my site.
Let me take a look at the option to shut off the globals and zen cart as
well.

Thanks,
Darryl


In article <9c**************************@posting.google.com >,
ja********@gmail.com (Jay Donnell) wrote:
1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?


I personally wouldn't use a shopping cart with register globals turned
on. The second issue is how the credit cards are handled. If your
using something like payflow LINK from verisign then the cc# probably
isn't stored or processed on your site.
2. Are there any solutions open source or paid that
have "register globals" turned off.


I think zen cart fits this description but I've never used it
personally.
3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.


I'm not sure what your asking here. As I said before, if your using
something like payflowLINK (not payflow pro) then you aren't handling
the credit cards anyway.

--
--
Derrald V
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.