Comments on: Coded Up Product_id Validation Script

By: cadillac sioux falls

cadillac sioux falls — Wed, 11 Nov 2009 18:25:43 +0000

That’s a pain when you get hacked like that.

By: Jon Waraas

Jon Waraas — Tue, 10 Nov 2009 19:38:56 +0000

How would you end that part?

This:

}elseif($size >= 4) {
$price_pre = ‘18.99′;
}else{
$price_pre = ‘0′;
}

By: Chris

Chris — Tue, 10 Nov 2009 10:01:14 +0000

In all my code, regardless of whether its simple URL structure or otherwise I always do the following:

1. Verify the page / product / id exists
2. Pull info from database and compare with what was sent
3. Redirect / amend incorrect details where necessary
4. Carry on

I use it mostly on URLs but it means if i have a URl structure of
toyshop.com/toys/cooltoy_999.html and someone types in
toyshop.com/toys/cooltoy_998.html it will redirect to
toyshop.com/girls/mylittlepony_998.html etc.

This means that if I ever make a mistake with URL structures i am covered and I cannot fall foul to people messing around

By: Berko

Berko — Tue, 10 Nov 2009 07:47:23 +0000

Hey Jon,

Personally id redirect on the else condition.

If someone is doing the wrong thing then dont default the price to $0, that could lead to other problems depending on how your system works.

If they are doing something wrong and things dont add up just redirect to the homepage or last viewed page.

It might be a personal thing but to me it seems a bit safer.

By: Web Design Beach

Web Design Beach — Tue, 10 Nov 2009 00:21:47 +0000

Well, i didn’t know hackers are so frequent on fraud orders. So it’s a must do security improvements on orders. But i think also, that it would be best to hand process order before they go out to dropshipper

By: EarningStep

EarningStep — Mon, 09 Nov 2009 03:36:38 +0000

great job …john…

By: Is The Fourth Kind Real

Is The Fourth Kind Real — Sat, 07 Nov 2009 23:03:36 +0000

Thats why I like to hand process my orders. It really helps cut down on fraud orders. I would be concerned with 1 fraud order a day though. I sell upwards of 50 products per day and maybe I get 3-4 a week.

By: Synchronium

Synchronium — Sat, 07 Nov 2009 12:06:14 +0000

I’ve settled on a standard format for a product id – “AA000″

Two letters followed by three numbers. Then, I can check that with a simple regular expression. If any “hackers” change the product ID value, it either won’t work, or they’ll order a completely different product (if they specify another valid ID).

Prices are set in the database (alongside the product id, title, description, etc), so only one price is ever fetched for one particular product id.

By: Kalvster

Kalvster — Sat, 07 Nov 2009 05:13:42 +0000

Yeah, this is a good solution to catch those script kiddies.

By: MS

MS — Fri, 06 Nov 2009 20:25:51 +0000

By the way GOOD JOB
keep it up