in reply to Any tips on writing a shopping cart?
Have a quick look through the OWASP Guide to Building Secure Web Applications and Web Services.
And remember: Paranoia is your friend.