How to Stop Digital Thieves with CGI

Written by Steve Humphrey

Continued from page 1

I admit that I discovered this by trial and error - and a lucky guess or two. Your merchant account gateway software may have radically different behavior than mine, but here's what I've learned:

The gateway usesrepparttar POST method to sendrepparttar 107131 customer to your specified return URL (which can be a script as well as a web page). It also POSTs most of its input data items atrepparttar 107132 same time. They are usually ignored, but your script can read them if you want to!

Userepparttar 107133 names given torepparttar 107134 form inputs. Have your script extractrepparttar 107135 values of these "named parameters" atrepparttar 107136 time it createsrepparttar 107137 download page. Record what you want to save aboutrepparttar 107138 transaction in your orders file or database.

Now here'srepparttar 107139 real secret to foilingrepparttar 107140 thieves. Insiderepparttar 107141 script, check to see thatrepparttar 107142 variables you extract contain non-empty values. Did you get that? Here's an example:

if ($email eq "") {exit;}

In this example,repparttar 107143 script expects to get an email address. If it contains no characters,repparttar 107144 script quits instantly. By testing forrepparttar 107145 presence of some data in such fields as customer name, email address, item #, price, etc., you can tell whetherrepparttar 107146 script was called after a successful transaction - or by a thief...

Put all your security checks prior torepparttar 107147 code that createsrepparttar 107148 download page. If any test fails,repparttar 107149 script exits andrepparttar 107150 thief is left empty- handed. If your form-handling script can convert a product name to a product ID that's never visible to a browser, this provides even more security. This will be POSTed back torepparttar 107151 script and you can check for it before allowingrepparttar 107152 download.

Close these security holes and you'll make more money. You may even sleep a little better knowing that people can't steal that product you worked so hard to create. I know I do!

Steve Humphrey promises that you can learn to use CGI to turn your own website into a marketing machine in two hours or less with his excellent CGI learning system: "Learn to Use CGI in 2 Hours." We highly recommend this book as required reading for anyone who wants to automate their website or their marketing efforts. Click here for immediate access:

Quick Intro to PHP Development

Written by Alan Grissett

Continued from page 1

Contributing torepparttar power ofrepparttar 105094 PHP language, is its native support for leading relational database platforms, including MySQL, Oracle and PostgreSQL. Platform-specific functions are built intorepparttar 105095 language for 12 databases in all. This native support for database platforms is a boon to any site that needs to track user information, store product data, or collect sales information.

Last but not least, because PHP is open-source, it is essentially free to use. Almost all professional Unix-based Web hosts offer PHP as an included option with hosting accounts. Be sure to check with your host to see if it is available to you.

This article is meant to be an introduction torepparttar 105096 PHP language and not a tutorial, but have no fear—here are several first-rate sites that have articles that will guide you along in beginning your PHP development projects:

Alan is the lead developer for InfoServe Media, LLC (, a Web development company that specializes in Web site design, hosting, domain name registration, and promotion for small businesses.

    <Back to Page 1 © 2005
Terms of Use