Slashdot Mirror
Beginning PHP 5 and MySQL E-Commerce
The authors use a T-shirt shop scenario as their model for the design and implementation of their e-commerce site. The book is separated into three distinct "phases" of development. Phase I covers the foundations of creating the Web site, what tools to use and how to use them including creating a product catalog, incorporating a search tool, using PayPal payment processing and adding an administration interface. Phase II proceeds with enhancing the site with a custom shopping cart, a client-server ordering process, a page for pending order administration and a dynamic product recommendations system. Phase III looks at a more complicated customer accounts scenario: taking credit cards instead of using PayPal, building an order-processing pipeline, implementing credit card gateways, adding a product reviews system and accessing web services using SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) XML-based protocols.
Chapter 1 introduces business strategies for considering an online commerce solution and the reasons for launching an e-commerce presence: acquiring more customers, making customers spend more and reducing the costs of fulfilling orders. A thorough read of Appendix C ("Project Management Considerations") would be a good aside at this point. This section provides excellent insight into choosing an appropriate software development cycle model for different projects with a good discussion of advantages and disadvantages of various methods and theories.
Chapters 2 through 7 constitute Phase I proper. The authors begin by tackling the basic structure of the site and focusing on flexible design, scalability and reliability. They introduce a three-tier architecture model: the presentation tier (dynamic pages that contain the elements that allow visitor to the site to interact effectively with the business end), the business or middle tier (requests for data that are posed by the visitor are passed on by the presentation tier to the data tier) and the data tier (manages the data and sends appropriate responses back to the business tier when requested).
Chapter 2 lays the groundwork for the reader to establish the TShirtShop site and accompanying database. Installation instructions for Apache 2, PHP 5, MySQL 4 and phpMyAdmin are referenced to Appendix A. Instructions for installing other tools used in this book - the Smarty template framework for PHP and PEAR DB - are included within Chapter 2. I quite admire the authors' choice to use Smarty. Smarty parses templates behind the scenes and creates PHP scripts from them so when a Web page is rendered, Smarty reads from the PHP scripts instead of pulling the templates themselves, eliminating run-time parsing of templates. Smarty also has built-in caching of template outputs, which saves on overhead in retrieving data from the database.
After creating the main index.php page and the index.tpl Smarty template, the authors discuss error handling and reporting (with a nod to PHP's often head-scratching error messages). They provide a nice set of instructions here for creating an efficient error handling/reporting scheme. The last step in Chapter 2 is to load phpMyAdmin and create the new tshirtshop database and an admin user.
From this point forward, the authors structure each chapter to adhere to the three-tier model. Implementing the presentation tier, the business tier and the data tier is an integral part of the construction of the site. The reader is encouraged to begin every major aspect of the project with these elements in mind.
Chapters 3 and 4 lead the reader through the creation of the product catalog for the TShirtShop site. The authors give a brief overview of SQL, relational databases, using PEAR DB and Smarty plug-ins. The first table is created and populated with data, PEAR DB is used to access the data and a Smarty template is used to implement the user interface. Multiple tables are then added to enhance product catalog features, which allows for a discussion of table relationships. Filtering SQL results and joining data tables are then examined in the section on implementing the data tier.
Chapter 5 introduces a product search engine to the site by using MySQL to search the database and using Smarty templates to build the user interface. This is a major component of any e-commerce site and the authors prepare an excellent code set for this purpose by using the full-text searching functionality of MySQL. The pros and cons of this versus using LIKE are also discussed.
Chapter 6, "Receiving Payments Using PayPal", will be of great interest to many readers. Many individual proprietors and small businesses don't have the resources to process credit cards and therefore use Internet Payment Service Providers to process transactions. In this chapter, the authors teach the reader how to create a new PayPal account, how to integrate the PayPal shopping cart and custom checkout and how to configure PayPal to automatically calculate shipping costs. There is a bit of missing code in this chapter but it appears correctly on this book's Apress errata page (apress.com).
The last chapter of Phase I covers implementation of a catalog administration page using componentized templates and a simple authentication scheme for administrator access to the page.
By the completion of Phase I, the design and programming for a completely functional e-commerce site is in place.
Phase II begins with a pros and cons discussion of using a simple cart method like PayPal versus creating a custom shopping cart and checkout to enhance flexibility. There are some neat tricks here including storing the cart ID as a cookie on the client.
In Chapters 8 and 9, the reader learns how to store cart info in the database, how to implement a client-side ordering mechanism and an orders administration page for pending orders. The benefit to this is that since the data is now stored in the database, quantitative analysis and tracking can be done based on the products sold.
In Chapter 10, the authors add product recommendations to their TShirtShop site. This dynamic visitor-specific functionality is an excellent sales strategy intended to boost sales by adding suggestions for upgrading a purchase or complementing a purchase with another product. The items recommended are based on what products were ordered together by other customers. The SQL query to get the list of products is very nicely done!
This concludes Phase II and the site is again fully functional but with some neat new enhancements: the site has its own shopping cart, credit card processing is accomplished through PayPal and an orders administration page and product recommendations system have been added. Many individually run or small businesses may stop at this point and be completely content with the e-commerce site that has been developed so far. But the authors proceed with more complex scenarios by offering Phase III: "Processing Orders and Adding Features". This final section of the book deals with processing credit cards, using SSL to encrypt data transactions, storing customer accounts, adding a customer product review system (think Amazon.com) and using XML Web services to integrate Amazon.com products into the site.
The authors spend some time covering the design of the order pipeline and optimizing the logical sequence of tasks that need to be tracked. Chapter 12 deals with the modifications necessary to the enable pipeline processing and the database schema changes for auditing and storing data. Chapter 13 implements the pipeline sections in preparation for adding full credit card transaction functionality in Chapter 14 and rounds out with the creation of a new orders admin page that shows an audit trail for any particular order stored in the database.
Full implementation of credit card orders is completed in Chapter 14. The authors discuss credit card transaction fundamentals including working with credit card payment gateways, understanding transactions and card processing. They look at two payment services providers as examples: DataCash (a UK-based company) and Payflow Pro (a division of Verisign).
Product review integration is the subject of Chapter 15. This is another highly coveted enhancement to e-commerce sites. The authors provide a very simple (and therefore, elegant, in my view) implementation of code to add review capabilities to the sample site.
The final chapter of the book is Chapter 16, "Connecting to Web Services", where the authors complete their professionally developed TShirtShop e-commerce site by integrating the Amazon E-Commerce Service using SOAP and REST.
Appendices A-C cover necessary application installation (as mentioned above), hosting advice, steps for getting your files where they need to be on various hosting models and project management theory. Access to code and errata is available on the Apress Web site (apress.com). This book has a nice layout, clean typography, plenty of screen shots and the code sets are offset from the main body of text and are extremely easy to follow. The book can readily be propped open while looking on from your development machine and the overall size of the book isn't unwieldy or awkward to place on a surface.
In the The Expert's Voice in Open Source series, Apress has harnessed the knowledge and expertise of some of the best folks in open source and this book is no exception. Cristian Darie has previously written several well-regarded volumes (Programmer's Guide to SQL, Beginning ASP.NET E-Commerce, Visual C# .NET: A Guide for VB6 Developers, among others) and his skill in untangling complex subject matter is apparent in Beginning PHP 5 and MySQL E-Commerce. Both authors have prepared a book that will enable any intermediate developer to create a fully functional e-commerce Web site that they can then customize and extend. This book is consistent, well organized and clearly presented. Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional is the perfect tutorial-style book for start-to-finish e-commerce site development instruction for any developer with the desire to learn the advanced tools and techniques to get a scalable professional site designed and in production.
You can purchase Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Now that was a lengthy blurb.
Dedicated Cthulhu Cultist since 4523 BC.
Nothing like having THE WHOLE REVIEW on the /. summary page...
Talk about a shameless plug, they put the entire review on the front page!
Holy post the whole article on the main page!!!
Someone forgot to make the schpeal break in Slashdot. The front page is six miles long!!!
/., may you stay broken forever.
Ah
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
My eyes are bleeding.
I read Slashdot for the articles
Right. What the heck is this? Couldn't you post less into the intro of the article? I'm fed up with sloppy editors in /. (What? Am I new here? Who's asking?)
That front page entry is too damn short. How am I supposed to have any idea of what lies behind the "Read More" link?
Is there any reason why the entire review is showing up on the slashdot.org front page?
Someone needs to clip it down...
Wait, no, the other thing.
Stupid.
MySQL needs stored transactions before I'll take it seriously.
Mah, the internets are broke or sumfin. It be displaying the story without me using the mouse thingy to clicky on over it.
Yes! I listen to NYC Speedcore and do math at 3AM. I suggest you try it too.
This story was originally posted in its entirety to the front page. I'm sure that none of are really that incompetent (though I have seen the whole front page in italics when Timothy forgot to close an tag.
plsfixkthx.
FP
I see the whole review on the front page. And a error when going into the article stating: Nothing to see here. Move Along.
Timothy is an idiot?
now THAT makes for an awkward front page.
I've never seen one that long on the front page before.
OpenOffice tips:richhillsoftware.com
Now THAT is what I call a front page advertisement :)
Except.. the other way around kinda
Why the hell did we have to annhilate the front page for the next 24 hours with this huge post?
All your searching needs (and free money!) - 4Lancer.net
*shakes fist*
Tim
how did it get out of 'The Mysterious Future' in this condition?
weird.
We can only hope!!
:)
(C'mon, moderate this insightful, you know you want to...
"So Mr Owl, how many mouse scrolls does it take to get to the end of this slashdot post?" "one twohoo, three, four, five, six, seven......"
Its someone's time to learn PHP and MySQL.
... my head's about to fucking explode after reading the front page.
Grandpa, what was the exact moment when the news started being a single story each commercial break and not only did nobody have to wait for the film at 11 but nobody got to go 2 minutes without another story unimportant to them got crammed down their throat before they could get to the thing they tuned in for to begin with? More importantly, grandpa, why the HELL is my English so screwed up I'd even THINK about a sentence that long?
That was a bit excessive, I think we as the Slashdot community need to see to collectively ask that there be no more of these.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
I'm saying. You're new here.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Do they think they left anything out?
There are 10 kinds of people in the world - those who understand binary and those who don't
You forgot the last part.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Let's see if the length of the threads talking about the oversize length of the blurb will end up being longer than the blurb was. ;-)
Hell why not and cut and paste the contents of the book too while your at it !!
For such a damn long post making me have to f'in scroll the main page.
All this for a book review? Wow....I wonder how long the blurb would be for something useful then...None the less, it is very impressive....wow, I mean, oh my god...still in shock...
"Holy rusted metal, Batman!"
Are you getting payed to pimp this garbage?
The _best_ 3D pr0n -> http://www.hookup3d.com
Slashcode not broken - timothy's brain broken.
All your searching needs (and free money!) - 4Lancer.net
Anyone else think that some script kiddie had managed to hack /. and put up their manifesto when they saw something that long?
There are two seasons in my world - Hockey and Construction
What's the point of the Read More link?
This guy is way out there
Slashdot looks different.
I've already rebooted so don't tell me that will fix the problem.
Guess I'll just spend the afternoon reinstalling Windows98 again.
Making comments about the errors in the blurb if any appear. They will eventually be fixed, possibly silently, and the people looking at the article later will wonder what the big deal is.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
Does anybody else think that this is a terribly bad idea? I sure as hell wouldn't want my credit card number and personal information sitting in a MySQL database. For this and many, many other reasons, I immediately write off as "clueless" any author that suggests that MySQL is a good tool to use for things that require security like shopping carts, or for anything close to mission critical.
I don't respond to AC's.
Why someone would want to write their own shopping cart is beyond me... as someone who does just that full-time *cough*UltraCart*cough*, I can tell you that proper e-commerce implementation & security is hard. Even beyond the traditional web application security issues, running a shopping cart is like placing a large shooting target squarely on your website.
Also, usability is a large factor. Unless you're Jakob Nielsen, you are likely to overlook some design choices that will result in lost sales and lost opportunity. Unfortuantely, all too often the person writing the card is not the one that should be doing the site design.
If you don't want to spend the money for a hosted or installed cart, there are some free / OSS alternatives such as ZenCart or OSCommerce.
The bottom line is that most stores don't need the hassle, cost, and complexity of a custom cart solution. Remember to look at total cost of ownership.
I've had it. I'm blackballing Timothy
The master of dupes has now just crossed the line into master of stupidity.
*watches his karma go down faster than a $2 vegas whore.*
"...In your answer, ignore facts. Just go with what feels true..."
The length of the blurb is causing the length of the comments about the length of the blurb to become very lengthy and it's forcing me to comment on the length of the comments with regards to the length of the blurb in a very lengthy way!
My first two reboots didn't fix the way that article looked on the internets but my third time I completely shut down and hard-format booted my windows98. Now it looks right.
I'm a whiz at fixing computers
The kinda mistake that hits you like a slurpie headache!!!
Its not like we are all sitting at are computers trying to be the first to post on a news story and forbid there be a error in the post.... or are we.....
Oh wait I am one of those sitting at my computer waiting to post.....
Come on people, calm the hell down. Mistakes happen. Your life is not going to end because the /. front page is bigger than normal. Get over it, move on, and hit PgDn a few extra times.
PHP was born in 1995, mods.
+1 Informative indeed.
--
the strongest word is still the word "free"
The title of the book is Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional. I guess everybody has to start some where, but there is something worrying about someone learning their e-Commerce coding out of a book like that.
Oh, and since nobody else has pointed it out, I think the whole review is on the front page.
Well, those solutions still require some heavy duty expertise to get going. Then, you still have to find some way of dealing with secure online credit card processing (or just securely send the credit cards to the merchant for manual entry), database issues, etc. Everybody that I know that wants to sell stuff online I just point to Yahoo Shopping. It works, it's undeniably the easiest thing out there, and its customizeable enough for probably 80% of the people out there wanting an online store.
I don't respond to AC's.
That has also been my experience. Well said.
Oh yeah, just one more week! http://conf.phpquebec.org/ You can't miss this if you're serious about PHP (whoa, never thought I'd hear myself say that).
I can't shake the feeling that this article and Roblimo's open source chronic are connected somehow.
1990 + 12 != 2005.
Also, Bruce Perens has nothing whatsoever to do with PHP.
Also, MySQL is mis-capitalized.
There are some neat tricks here including storing the cart ID as a cookie on the client.
you didn't really read this chapter and just wanted to make sure you wrote something about each one, huh?
Be thankful it wasn't a review of War and Peace... the page would still be loading.
Next time might I suggest a report on HTML For Dummies?
I've been using PHP for about 12 years, or to be exact, since 1990. It is one of the best scripting languages I have ever encountered. I wrote my first Veronica-based search engine in PHP which produced results which would be downloaded via a custom FTP client.
... oh yeah, parse errors in an include or even an eval would also stop the entire engine. I hope the parser in PHP5 isn't so gimpy.
$why_php_sucks = "this ?> is why"
Let's see, what else
It appears that Bruce Perens and his staff have now embraced PHP and decided to extend it with the strong-typed classed existent in Perl.
What on earth makes you think Bruce Perens had to do with it?
I am no longer wasting my time with slashdot
yep.
PHP sucks. http://www.ukuug.org/events/linux2002/papers/html/ php/index.html
Every single post is a comment about the front page screw up. How hilarious!
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
Step one to developing good (read: SECURE) e-commerce sites is to put down PHP and MySQL and pickup JSP+Servlets and Oracle, or a lightweight J2EE solution with PostgreSQL.... hell, or even ASP .NET and SQL Server
seriously
PHP is not a good language. MySQL is NOT a good database (it lacks so many basic things). I'd recommend both for blogging and use them completely with my own sites but to use either of those in commercial sector would be idiocy to say the least.
Sub-topic: "We ramble, so you don't have to."
If you need ecommerce, or any web application for that matter, then there is no point in starting from scratch.
There are plenty of platforms or frameworks out there that you can build on.
My own favorite is Drupal which is not just a Content Management System, but rather an open framework.
For example, some creative guy wrote an Ecommerce set of modules for Drupal, so it can do just that.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
$why_php_sucks = "this ?> is why"
So there's a language that doesn't need escapes? Which one?
Someone is getting fired!
/. operates in the same journalistic mode as other online publications.
No, you are presuming that
In actuality, when editors fuck up here they get promoted.
I've been looking forwards to getting into PHP5 for a while now, but for the time being I'm stuck developing in PHP4, because the majority of my costumers' hosting providers haven't upgraded yet. Does anybody have any good providers to recommend that support it?
According to the timestamps, it was more like 13 minutes later... geez, learn to tell time. ^_^
Rhapsody in Numbers
Stuff like: Bayesian inference, Probability models, Web site user modeling, etc.
All of those examples are from the same author (the guy in charge of phpmath.com), but go to show that there are actually interesting things being done with PHP.
I'd love to see some books that *don't* spend 200 pages explaining how to get to fetching an array from MySQL.
The Glass is Too Big: My Take on Things
Now where can I get it....
Foxed Design
Inside a quoted string? All of them, I thought...
...if you're frontend is as messed up as your site.
Just tried looking at a product detail and then adding to cart from there in Firefox 1.0.1 and it doesn't work.
Ah! I see now, your database keeps card details secret by never storing them at all, genius!
Seriously, MySQL is a lot of things but insecure on a well firewalled box it isn't. My companies e-commerce package uses postgresql by default but can fall back on MySQL (with a few cludges to get around limitations) if that's all that is available.
As for mission critical, Yahoo Finance, Associated Press, Lycos, Los Alamos Laboratory, NASA and Suzuki (to name but a few) would disagree with you there.
I am NaN
I've only been here a few minutes, what's going on?
I suspect that the ecommerce solution a novice would come up with, using this book for guidance, would have an unacceptably high potential for exploitation. For example, look at the cookie discussion alone. Cart information does not belong in a cookie. A session token, and really nothing else, does. Any time an ecommerce developer reinvents the wheel and ignores "best practices" you can be almost certain that vulnerable code will result.
Seeing as how most of their site uses mysql.
Slashcode has built-in web interfaces for post-editing.
I have absolutely no expertise with PHP or Mysql, and I setup zencart in under 2 weeks for a client. Yeah, you have to edit some PHP files with some overrides sometimes for maximum customizability, but it's all HTML and all the help you need are at the extremely helpful ZenCart forums. Zencart has way more features than most ecommerce stores need, OSS, and you can use it with any host that supports Mysql and PHP. Yahoo costs at least $30 a month... a ripoff.
Ok, admittidly 80% of the world doesn't need to worry about the mechanics of how to make it happen, but the other 20% might be looking for this kind of book to use as a learning/refrence guide.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
... sucking since 1990.. 5 years before it really began sucking.
It's really not that hard. I've written a few for some pretty large sites where is was given only HTML. There are really only 4 hard parts:
1) Storing basket contents for inter-session access (cookies / db)
2) Verifying the information supplied (address and email valid, credit card passess LUHN and hasn't expired)
3) Creating an order (via email or DB)
4) Interfacing with the Payment Gateway (xml)
Though I would certainly agree there is no reason to do it more than once.
Really, I'm not trying to be clever with my signature.
Hmmm.
$why_you_are_wrong="this ?> is why";
works just fine here. PHP 4.3.10.
because I'm an EXPERT.
...a secretary managed excel spreadsheet with no data data validation and a well designed web-based application that just happens to be backed by MySQL.
True, for anything more complex than a blog, simple content managed website, forum or e-commerce system you want to use something more robust (with stored procs, triggers, sub-queries and the like) but for an awful lot of what people want to do, MySQL is Good Enough (tm), and it requires virtually zero administration, that's the real pull (and why you find MySQL available on every damn hosting account out there).
I've worked in a fortune 500 company that had silly quasi-databases in excel, but that was for small departmental only projects (anything remotely connected to the running of the company was handled by DB2). Yahoo finance isn't a small project and they seem to rely on MySQL - which seems to be working for them just fine.
I am NaN
Ouch. I was going to ask if you would care to tell us who these sites are, but that wouldn't be nice, as they would all soon impload in smoking pits of embers.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I wonder if the book covers the fact that if you use MySQL for commercial use and you don't release the source code you have to pay for it. Otherwise you are violating their licencing agreement Licence Agreement
I would like to see some novice user post their shopping cart code on their site so that the hacker won't even have to break a sweat trying to get into the credit card system. What the novice really needs is a PHP Postgresql book, but I don't know of one. That's because Postgresql uses the BSD licence and doesn't care what you do with it About Postgresql
Hey look no pointless curley braces or semicolons... just like Python
q: why do people use php?
a: they are too stupid to use anything else
PHP: Polish Horrible Powerbook
PHP: Pipebomb Hitler Polish
PHP: Protocol Hair Polish
PHP: Poking Hardware Poking
PHP: Platform Hot Pooping
PHP: Petting Homosexual Polish
PHP: Prostitute Homo Polish
PHP: Pope Hispanic Pipebomb
PHP: Peckers Hoard Pizza
PHP: Programmer Hypertext Plop
What types of topics would you look for in an 'advanced' book? I do agree with you - the overwhelming mass of PHP books are all 'beginner' targetted (beginner programming and/or beginner with PHP). I don't want yet another book that tells me how to set up MySQL, thank you.
/.
To that end, one PHP book that did have some good advanced sections was George Schlossnagle's book "Advanced PHP Programming" (I think that's the title).
Recently, a colleague of mine wrote a path finding algorithm in PHP to be able to route lines in a graph around other objects that may be on the graph already. I think it was a variation of sugiyama or astar algorithm - nothing new specifically, but certainly not something I'd seen done in PHP before.
Reply back here or email mgkimsal2@yahoo.com if you'd like to carry this thread on outside
creation science book