On Fri, May 13, 2005 8:26 pm, mayo said: > I'm making my first shopping cart in PHP. I'm concerned about the > security of my session variables, concerned about people altering data > (lowering the price). Is there anything I should pay attention to. There are approximately 247 other PHP shopping carts out there. Maybe you'd be better off just installing one of them. Certainly, you should read the source code to several. Your session variables are at-risk on a shared server, usually; And not so much on a dedicated server. Or, more properly, on a dedicated server, if your session data isn't safe, you've got MUCH bigger problems than just your session data. As far as changing the price goes, just don't take the price as an INPUT from your cart/form. The only variables you need to accept from the user in the shopping cart itself are: $product_id and $quantity. For the fulfillment, maybe some location data like $country, $region, $postal to calculate shipping, and then their credit card info. Honestly, setting up a script to accept people's credit card numbers as your very first PHP project is probably not a particularly Good Idea... You can't absorb all the ins and outs of security overnight... Just my opinion. Perhaps you would be better served to install a pre-existing PHP shopping cart, and focus on making it secure and safe, rather than trying to write your own from scratch as well. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
