pK Categories

pK Archives

Building A Searchable eCommerce Web Database with PHP and MySQL

At the root of a successful eCommerce web site design is a searchable MySQL Database powered by PHP. Unless you only sell a few items that never change, you can expect your inventory to grow, require regular changes and additions, and keep you on your toes. It’s a whole different story from a point of Sale POS approach, although they can communicate together and operate as a single system using a single resource, if needed. If your eCommerce Database is hosted on your web server somewhere, it’s ging to require administration via the Internet, and that presents some issues for development as well as ongoing maintenance.

The fundamental components of your business are your eCommerce products and your eCommerce customers. That’s what creates your cash flow and motivates your business to reach for success and bigger financial goals. Your eCommerce web site will require a MySQL database to store all of your product information and track additional data such as which images and support media are associated with each product record. Your products need to be displayed with an inspiring style to convert curious traffic into purchasing customers. Receiving purchases means you need to track invoices and order information, while avoiding the responsibility of credit card data storage and attempts by hackers to infiltrate your website and database.

MySQL Databases are the bottom line for a successful eCommerce website because you gain the speed and versatility of managing inventory easily, quickly, and efficiently. That’s where PHP Programming comes into play, since your MySQL Database needs to communicate with the web pages and subsequently with your web users. PHP Programming and MySQL Databases work hand-in-hand and are ideal for each other. They are open source and therefore eliminate the costly licensing of Microsoft products, while providing significant portability between operating systems, unlike Microsoft’s microcosm. The key to efficient inventory management and a searchable database is quality PHP Programming. Behind every successful website is a strong programmer!

If you have ever experienced a web form that resulted in a blank page or made you scratch your head when it said, “Sorry, there was an error,” but it didn’t say why… you have experienced poor programming. This results from one of two situation. Either the programmer was inexperienced or lazy and ignored the needs of the web users, OR the client decided to be overly cheap and tied the hands of the programmer. Ease of website use and the quality of its function is directly proportional to the quality and quantity of PHP Programming. Let’s take a brief look at what this means…

Suppose a form that submits your name, email address and phone number and requires that all fields be completed. A PHP Program makes receipt of the data and has the chore of processing and managing the data. The result of the PHP Program is not of consequence here, but we’ll assume it is going into a database. A poor PHP Programmer would write a PHP Program that blindly accepts the submitted form data and sticks it into the database and moves on. If a field is left empty, the form is returned to the user, empty and without helpful information. Now, let’s take a look at a better approach…

If the user submits a partial form, the PHP script should return the form with helpful messaging indicating which field was left empty, and telling the user it is a required field. As well, the PHP Program should filter the submitted data to make sure it is valid. If an email address is submitted as “fred.info” it is an invalid format and should be rejected, lest the sales team waste time with useless information for making contact. Similarly, the phone number data be invalid, either missing an area code,containing letters, or simply having insufficient characters. Each data type (name, email address, phone number) has a different requirement to assure correct submission. This requires more PHP Programming to assure a correctly submitted form, and to make corrections easy to identify and apply for the user.

Well, there’s another aspect of quality code that is often overlooked by both programmers and web development clients. Security must be applied to the higher quality form to prevent hackers, formBots, and general misuse. The poor programmer would simply push the submitted data into the MySQL Database and head home to watch the game without another thought. The quality programmer is experienced with Internet Security and Web Security, and knows there are bad people and programs on the Internet looking to cause trouble. The cure? A little more code with a little more thought.

NEVER let your web user submit code inside a form that may infiltrate your MySQL Database or modify your PHP Programming or web page function! If submitted data is blindly handled into the database, we may submit a MySQL or SQL statement that is executed by the database. You may launch into production and avoid trouble for awhile, but hackers are constantly searching the Internet for poor quality programming that contains security vulnerabilities that they can exploit. The repercussions grow with time, because you will have more invoices and more products in your MySQL Database, and therefore much more to lose. Hackers may insert fake invoices that inspire you to send them free products, believing them to be real purchases. The consequences differ from business to business, but the frustration and anger are pretty consistent.

Where the poor programmer didn’t even think about hackers attacking the code, or perhaps made the poor judgment of, “Well, I doubt they’ll hit OUR site,” or “I’ll deal with it later, let’s just launch now”… the Quality PHP Programmer is experienced in PHP Programming, Internet and Web Security, and MySQL Database Programming and Security and knows much better. Where I mentioned checking for blank fields and incorrect data above, I was referring to Data Validation: “Checking submitted data for expected and unexpected formatting.”

The flip-side to Data Validation is Data Cleansing: “Checking submitted data for illegal characters, invalid formats resembling code, and rejecting unwanted formatting.” Hackers can submit code that injects SQL into your MySQL Database, called “SQL Injection,” or code that manipulates your PHP Programming by inserting lines of submitted PHP Code, or “Code Injection” that may perform various modifications to your web page such as inserting ActiveX requests, Javascript executions, etc. The poor programmer doesn’t even realize this can be done! An experienced PHP Programmer will include Data Cleansing in addition to Data Validation, effectively preventing web hackers from infiltrating your PHP Programs or MySQL Database. The difference is made when the PHP Programming looks for wanted/unwanted, expected/unexpected, and valid/invalid data formats, characters and content.

This all boils down to one major eCommerce Web Site Design requirement! Your project design and PHP Programmers must take into consideration

  • All the good people who want to do legitimate eCommerce business with you Online.
  • Inventory management systems that let you handle products easily, quickly, and efficiently.
  • Purchasing handling that protects your from credit card responsibilities.
  • Invoice management systems that clearly define your obligations and warehousing requirements.
  • All the hackers who want to break your business and destroy all of your work and reputation with a few keystrokes.
  • The idiots who will break your system or get lost without helpful guidance from your PHP Program
  • The fact that “Time Is Money” and you shouldn’t spend your day frustrated with your website.
  • A refined modularity allowing business growth, inventory expansion, and allowing new modules to connect to the existing modules without breaking anything.

There is always someone out there who wants to break your business or cause chaos in the name of fame. There are also idiots who will trip over their own feet on a flat, straight road, so your site had better hold their hand through all processes. eCommerce brings responsibilities that you don’t need to become burdened with, but can yield great rewards. The bottom line for creating a successful eCommerce Web Site Design is a quality programmer who is experienced in PHP Programming, MySQL Database Programming, Web and Internet Security, how Inventory Management is supposed to work, and can build a fast and efficient web administration interface so you can manage your Online business without shooting yourself in the foot.

If you have questions about your eCommerce Web Site project and want to speak to an experienced PHP Programmer, contact The PHP Kemist by email or call us at 801.253.2564.

Leave a Reply