PHP - Quick Intro to PHP Development
Chances are that if youve been around the Internet long enough, youve heard of server-side scripting languages such as PERL, ASP and ColdFusion. These are all popular languages that are used to add interactivity to Web sites, but one stands out from the crowd in terms of usability, power, and, yes, price: the PHP scripting language. Initially developed in 1995 by North Carolina programmer Rasmus Lerdorf, PHP has since blossomed into one of the leading open-source, cross-platform scripting languages available. This is due, in large part, to the worldwide community of coders that contributes to its development. Unlike proprietary scripting languages like ASP and ColdFusion, PHPs source code is freely available for peer review and contributions. This is, of course, the essence of open-source software development, but why is it that PHP in particular has gained such popularity among Web developers when there are other open-source alternatives, such as good old-fashioned PERL CGI scripts?
One very strong reason is that PHP, unlike PERL CGI scripts, is scalable and fast. Instead of requiring the server to start a new process in the operating systems kernel for each new request, which uses both CPU time and memory, PHP can run as a part of the Web server itself, which saves a considerable amount of processing time when dealing with multiple requests. This decreased processing time means that PHP can be used for high-traffic sites that cannot afford to have their performance hampered by relatively slow CGI scripts.
In addition to its scalability and speed, another usability factor that sets PHP apart is its ease of use. The PHP language is considered to be a mix between C and PERL, and it draws from the best features of each parent language, while adding unique features of its own. For example, PHP code can be embedded within standard HTML documents without using additional print statements or calling separate scripts to perform the processing tasks. In practice, this allows for very flexible programming practices. Although a working knowledge of HTML is a prerequisite for PHP development, PHPs basic functions can be learned quickly and applied to a wide range of common Webmaster-related projects, such as order forms, e-mail responses, and interactive Web pages.
Contributing to the power of the PHP language, is its native support for leading relational database platforms, including MySQL, Oracle and PostgreSQL. Platform-specific functions are built into the language for 12 databases in all. This native support for database platforms is a boon to any site that needs to track user information, store product data, or collect sales information.
Last but not least, because PHP is open-source, it is essentially free to use. Almost all professional Unix-based Web hosts offer PHP as an included option with hosting accounts. Be sure to check with your host to see if it is available to you.
This article is meant to be an introduction to the PHP language and not a tutorial, but have no fearhere are several first-rate sites that have articles that will guide you along in beginning your PHP development projects:
www.php.net
www.onlamp.com/php/
www.phpbuilder.com
Alan is the lead developer for InfoServe Media, LLC (http://www.infoservemedia.com), a Web development company that specializes in Web site design, hosting, domain name registration, and promotion for small businesses.
How to Stop Digital Thieves with CGISteve Humphrey
I’m going to assume you’re serious about your business. If you’re not, I can’t help you anyway. You’ve gone as far as getting a real merchant account to accept credit card payments online.
You know that this was neither easy or cheap. So does everyone else! So, a merchant account shows that you’ve made a serious commitment to your business. That’s good for customer confidence, which is good for business. So far so good…
Now there’s the issue of selling stuff to people online. Your order form leads them to feed their credit card info to a secure gateway, using software you bought or leased from (or through) your merchant account provider. Finally, the transaction is approved or denied.
If approved, the software generates a receipt and emails you and the customer each a copy. At this point, the customer is returned to a page you specified. In the case of downloadable products, this is often the page where they download your product. So, you’ve got the entire process fully automated.
For a product or service with a fairly low price point and a potential for many thousands of sales, this seems ideal. You can quite literally make sales and earn income 24 hours a day. So, what’s the problem?
The form code on your order page is the problem. If someone uses the ViewSource function of their browser, they can see all your code. If they have even a tiny bit of initiative and skill, they can locate the URL of your download page. After all, it’s right there in your form code!
CGI provides two ways of fixing this problem. One involves using a script that makes it impossible to view the source code. You can find a source for such a script by searching the web. Expect to pay a lot for this technology.
Another way is to make the return path a script instead of the actual download location. The script would be used to create and display the download page. It would not be visible to the surfer, since it’s not an HTML document. The script can also record details of the transaction for book-keeping purposes.
I admit that I discovered this by trial and error - and a lucky guess or two. Your merchant account gateway software may have radically different behavior than mine, but here’s what I’ve learned:
The gateway uses the POST method to send the customer to your specified return URL (which can be a script as well as a web page). It also POSTs most of its input data items at the same time. They are usually ignored, but your script can read them if you want to!
Use the names given to the form inputs. Have your script extract the values of these “named parameters” at the time it creates the download page. Record what you want to save about the transaction in your orders file or database.
Now here’s the real secret to foiling the thieves. Inside the script, check to see that the variables you extract contain non-empty values. Did you get that? Here’s an example:
if ($email eq “”) {exit;}
In this example, the script expects to get an email address. If it contains no characters, the script quits instantly. By testing for the presence of some data in such fields as customer name, email address, item #, price, etc., you can tell whether the script was called after a successful transaction - or by a thief…
Put all your security checks prior to the code that creates the download page. If any test fails, the script exits and the thief is left empty- handed. If your form-handling script can convert a product name to a product ID that’s never visible to a browser, this provides even more security. This will be POSTed back to the script and you can check for it before allowing the download.
Close these security holes and you’ll make more money. You may even sleep a little better knowing that people can’t steal that product you worked so hard to create. I know I do!
Steve Humphrey promises that you can learn to use CGI to turn your own website into a marketing machine in two hours or less with his excellent CGI learning system: “Learn to Use CGI in 2 Hours.” We highly recommend this book as required reading for anyone who wants to automate their website or their marketing efforts. Click here for immediate access: http://www.roibot.com/tk_cgi2h.cgi?cgiAV2b