Building A Searchable eCommerce Web Database with PHP and MySQL

At the root of a successful eCommerce web site design is a searchable MySQL Database powered by PHP. Unless you only sell a few items that never change, you can expect your inventory to grow, require regular changes and additions, and keep you on your toes. It’s a whole different story from a point of Sale POS approach, although they can communicate together and operate as a single system using a single resource, if needed. If your eCommerce Database is hosted on your web server somewhere, it’s ging to require administration via the Internet, and that presents some issues for development as well as ongoing maintenance. Continue reading


General DBM and PHP Database Management Systems

Database Management has become a critical component for any eCommerce Web Site that is managed by the store operators or owners. The ability to create, edit and delete inventory can be an everyday operation. Managing product photographs, prices, and descriptions can be a time consuming task and is best left in the hands of the people who normally handle that inventory. Rather than pass regular update requests to the webmaster or database programmer, PHP Database Management Systems provide the necessary tools to handle every aspect of inventory management through intuitive and simple PHP web interfaces. More programming and back end development offers a simpler and more effective experience for the PHP web site administrator. Less programming leads to frustrating experiences with confusing and buggy systems.

The many routine tasks for managing PHP eCommerce Website Inventory include
· Changing Retail and Sale Prices
· Changing Names and Description
· Adding and Changing Product Photographs
· Configuring Tax, Shipping & Handling, and Other Rates
· Configuring Admin and Member Permissions
· Managing Administrators
· Managing Website Members
· Analyzing Sales and Generating Reports
· Analyzing Traffic and Generating Reports
· Tracking Deliveries and Generating Reports

Combinations of Javascript, AJAX, PHP, and MySQL may be employed to enhance all PHP programs to provide a more efficient admin and user experience. Form validation with standard Javascript can prevent incomplete form submissions. AJAX can make form validation and page manipulation real time. Client-side validation and content manipulation can be applied to much more than form validation, and should be used in all systems where the long term time savings for the admin warrants additional programming time. Economic feasibility must be considered before any system enhancement.

PHP and MySQL programming should perform server-side data cleansing and data validation regardless of client-side form validation. Error messaging should be concise and informative. Data handling and backup redundancies are more important as the product value and business cash flow increase. For example, the web server may store requests in the database, but should additionally write flat file backups and/or deliver data sets via email to the store manager. Scheduled database and file system backups should be performed both locally and remotely.

Product photo uploads should be handled and manipulated such that the store admin need nothing more than the original photo. Although file sizes can be a limiting factor on different PHP web servers, the INI file can be modified to accommodate or th admin can simply shoot lower resolution digital photos. The photo upload should recognize the dimensions and aspect ratio so that new sizes can be created on the fly. The original upload should be stored for update systems to work with at a later date. Large, medium, small, and thumb sized web-ready images should all be generated at the time of upload. They should be tagged and tracked by the database in association with the product record. Textual overlays (name and domain) and graphical watermarking (company logo) should be applied to some or all of the generated photos. Image storage should be managed by the PHP server and correct file system permissions handling should be configured correctly.

Data manipulation by PHP can save a lot of time for the admin. Percentages and other calculations of data entry can be defined and configured by and through PHP. For example, each product record may have a Wholesale Price, Retail Price, Sale Price, and Liquidation Price. Rather than requiring the admin to select which price is to be applied, a series of PHP checks can be programmed into the system. Wholesale Prices are obviously kept private and used only for reporting systems. Retail Prices are the default value displayed to the shopper. If the Sale Price is given a value, it may cause the Retail Price to be “lined through” to indicate it has been “slashed” for the Sale Price. If the Liquidation Price is given a value, the Sale Price may also be lined through. Additionally, the presence of these values may provide modified search results, allowing the shopper to search for all Sale Items or limit results to Liquidation Items. Reporting systems can calculate the value of the inventory on hand, and calculate the potential return based on current pricing configurations. Going a step beyond this, PHP can calculate the quantities on hand for all items and compare against the age of that inventory and the potential returns based on Retail, Sale and Liquidation prices. The generated report could create a suggested target list of items to consider for Sale and Liquidation from Best Picks down to the items that should be left at Retail.

Regardless of which systems are utilized in the PHP Web Site or eCommerce Web Site, they should use good PHP Programming and be restricted to cost efficient use of the PHP Programmer’s time. A healthy balance between aesthetic administration interfaces and the efficiency of usage is very important. The multi-variable multi-dimensional dynamics of database management systems should be crafted to meet the needs of the business, to create positive cash flow, and provide an easy and efficient experience for the site administrator.


Sessions And Cookies in PHP Programming

The question of information tracking arises regularly in regards to PHP eCommerce shopping carts and member login management systems for PHP Programming. It is important that the PHP Programmer have a thorough understanding of managing Sessions and Cookies with PHP Programming in order to create efficient data tracking from page to page of a PHP website. An excellent understanding of Network Security and PHP Programming is required before creating a PHP eCommerce web site that manages sensitive information like credit card data or login information.

There is a big difference between Sessions and Cookies, despite their similarities. Although they both are methods of storing information defined by the user and his browser, they store the information in different locations using PHP. A Cookie is stored on the user’s browser and all of its information is transacted every time the browser sends and receives a new web transaction. Sessions are stored on the web server and the data is not passed back ad forth with the user’s browser. The Session is associated with a Session ID value, which is passed to the the user’s browser via a Cookie transaction. A benefit of Sessions is data security since the data is stored on the server and not passed back and forth with the browser. There are always pros and cons for using Sessions and/or Cookies, which should be evaluated by each PHP Programmer for each PHP eCommerce web site. Using Cookies alone to handle all the user’s data is not safe unless well encrypted and securely handled.

Sessions are files containing information that is defined and associated with a variable name by the PHP Programmer. Sessions are not auto-populated by the browser or web server, unless the PHP Programmer has written the PHP code to do so. The files are named by their Session IDs and are typically stored in default locations, or perhaps in custom defined locations, on the PHP web server. Session IDs are created by the PHP web server and should not be predictable, for Network Security reasons. Network Security is a vital component of Session ID handling and web server security. Sessions are not vulnerable by default, but can be a security risk if your PHP Programmer lacks sufficient understanding of Network Security, how network protocols operate, and safe data management tehniques.

Each PHP script in your eCommerce website must make a declaration to start a Session using PHP Programming, in order to access existing data and create new data. The Session can be named, be associated with a specific domain name, given an expiration date or duration, amongst other key specifiers and modifiers. A PHP web server will name undefined Cookies in the browser with a default Cookie name. The PHP web server can test if a cookie is accepted and stored, as opposed to rejected and unavailable. It may be important that the user’s browser accept Cookies, else disallow access to maintain site security.

Session creation must be handled inside the PHP web header prior to the exchange of non-header information. Creating new Session data or accessing existing Session data may be performed after header transactions. Some Session commands may cause problems or diminish script efficiency if processed post header release. Creating, accessing, and modifying Session data should be done logically and methodically. PHP Programming provides an extensive toolset for creating and handling both Cookies and Sessions in PHP Programming.

The safety of the data inside of sessions depends on the level of Network Security on your PHP web server and the quality of Network Security on our PHP Programming. A robust and secure PHP web server can be destroyed by poor PHP Programming, and a poorly secured web server can provide vulnerabilities that destroy the best designed PHP Programming. Some PHP Programmers choose to encrypt the data that is stored inside Sessions on the PHP web server. This is a good choice if the web server is a shared server that might have vulnerabilities providing access to unassociated sources. If your web server is your own or if it is not a shared web server, this level of encryption may only slow your handling of high volume traffic. Your web server should be tested to see if shared wesite owners can jump directories into yours, and you into theirs. This is not an uncommon problem, which lets unauthorized users access your website scripts and databases!
The best method of protecting Sessions is to prevent the capture and use of the user’s Cookie, which contains the Session ID. Cookie Hijacking is a method of stealing the user’s Cookie from his browser and using it without permission. Since the Cookie contains the ID of the Session that contains all of their information, it acts like a key to the user’s Session. Once accessed the hijacker can impersonate the original user. Cookies can be stolen by Sniffing Networks and creating the Cookie file on their own computer for their own browser. Another method of Cookie Hijacking is to simply gain physical access to the user’s computer and copying the files manually. Either way, securing Cookies is more important than securing Sessions in most general situation.

To better secure a Cookie from being hijacked, the PHP Programmer should take steps toward enhanced Network Security and preventing Network Sniffing from being effective. Where standard Cookies store usernames and passwords (as opposed to Sessions storing only a Session ID value in the Cookie), the Session data can be more easily secured. The user’s local and remote IP Addresses should be stored and tracked. The starting timestamp for the Session creation should also be tracked. Details about the user’s browser type and version can be combined with the time and IPs to create a basic thumbprint of the user who created the Session. If any of the thumbprint changes, the Cookie should be nullified by deleting it from the browser. More importantly, the PHP Session data on the web server can be protected from any thumbprint not matching the original creator’s. In effect, the web server would refuse to provide any information unless all of the thumbprint matches. A duration of access and subsequent expiration should be employed on sensitive PHP Websites based on the starting timestamp from the Session creation. Provide the user with a sufficient window of time to perform the expected web functions, else auto-logout the user. The PHP Programmer can also reset the duration as long as the user is not idle, else the countdown would continue until auto-logout.

If the eCommerce website owner was logged in, but had to rush away from his computer, the website would perform an auto-logout after the predefined login duration. The owner of the eCommerce web site would be afforded the luxury of staying away without need to manually logout, while protecting the system once logged out. Barring activity-resetting durations, another employee gaining unauthorized access would be forced to log back in after the duration, limiting the time he could cause havoc. If the cookie was hijacked and relocated on another computer, the IP Address could be blocked, and likely the browser version and details would cause access blocking. There are many options the PHP Programmer has available to create a very secure and functional membership system using Sessions and Cookies in PHP Programming. As long as the PHP Programmer is well versed in Sniffing Networks and Network Security as related to Sessions and Cookies, your eCommerce transactions, eCommerce shopping carts, membership access and other PHP web sites will remain secure.