CGI: How to Stop Digital Thieves with CGI

How to Stop Digital Thieves with CGI

Written by Steve Humphrey

Continued from page 1

I admit that I discovered this by trial and error - and a lucky guess or two. Your merchant account gateway software may have radically different behavior than mine, but here's what I've learned:

The gateway uses repparttar POST method to send repparttar 107131 customer to your specified return URL (which can be a script as well as a web page). It also POSTs most of its input data items at repparttar 107132 same time. They are usually ignored, but your script can read them if you want to!

Use repparttar 107133 names given to repparttar 107134 form inputs. Have your script extract repparttar 107135 values of these "named parameters" at repparttar 107136 time it creates repparttar 107137 download page. Record what you want to save about repparttar 107138 transaction in your orders file or database.

Now here's repparttar 107139 real secret to foiling repparttar 107140 thieves. Inside repparttar 107141 script, check to see that repparttar 107142 variables you extract contain non-empty values. Did you get that? Here's an example:

if ($email eq "") {exit;}

In this example, repparttar 107143 script expects to get an email address. If it contains no characters, repparttar 107144 script quits instantly. By testing for repparttar 107145 presence of some data in such fields as customer name, email address, item #, price, etc., you can tell whether repparttar 107146 script was called after a successful transaction - or by a thief...

Put all your security checks prior to repparttar 107147 code that creates repparttar 107148 download page. If any test fails, repparttar 107149 script exits and repparttar 107150 thief is left empty- handed. If your form-handling script can convert a product name to a product ID that's never visible to a browser, this provides even more security. This will be POSTed back to repparttar 107151 script and you can check for it before allowing repparttar 107152 download.

Close these security holes and you'll make more money. You may even sleep a little better knowing that people can't steal that product you worked so hard to create. I know I do!

Steve Humphrey promises that you can learn to use CGI to turn your own website into a marketing machine in two hours or less with his excellent CGI learning system: "Learn to Use CGI in 2 Hours." We highly recommend this book as required reading for anyone who wants to automate their website or their marketing efforts. Click here for immediate access: http://www.roibot.com/tk_cgi2h.cgi?cgiAV2b

Quick Intro to PHP Development

Written by Alan Grissett

Continued from page 1

Contributing to repparttar power of repparttar 105094 PHP language, is its native support for leading relational database platforms, including MySQL, Oracle and PostgreSQL. Platform-specific functions are built into repparttar 105095 language for 12 databases in all. This native support for database platforms is a boon to any site that needs to track user information, store product data, or collect sales information.

Last but not least, because PHP is open-source, it is essentially free to use. Almost all professional Unix-based Web hosts offer PHP as an included option with hosting accounts. Be sure to check with your host to see if it is available to you.

This article is meant to be an introduction to repparttar 105096 PHP language and not a tutorial, but have no fear—here are several first-rate sites that have articles that will guide you along in beginning your PHP development projects:

www.php.net www.onlamp.com/php/ www.phpbuilder.com

Alan is the lead developer for InfoServe Media, LLC (http://www.infoservemedia.com), a Web development company that specializes in Web site design, hosting, domain name registration, and promotion for small businesses.

<Back to Page 1