in reply to shopping cart implementation

I agree with shotgunfx, validate the charge versus the price. i.e. use Digest::MD5 to create a hash with the price, the product description, and, if you can, a "secret" string known only to you/your server. Then, when you receive the token from your credit card processor, create the hash from their data and compare. If they don't match, then someone may have tampered with the charge amount, trying to get something for nothing.

Also, check out PerlShop, which is a Perl shopping cart, and take a look at their features and code for more ideas to add to your list.

--
hiseldl
"Act better than you feel"

Replies are listed 'Best First'.
Re: Re: shopping cart implementation
by shotgunefx (Parson) on Sep 16, 2002 at 20:00 UTC
    I tend to undercomplicate it. The form only accepts a product id, a quantity and options. The price and other options come from the database and are only displayed for display purposes. Then there is never an opportunity to fiddle with it.

    -Lee

    "To be civilized is to deny one's nature."
[reply]

In Section Seekers of Perl Wisdom