Payment Methods and the Checkout Sequence

Several commerce methods exist when it comes time to pay for the purchases in the shopping cart. The "right" method for you depends on your business?merchant accounts through banking institutions often require you to have a business license, a reseller's permit, and other pieces of paper proving you're a legitimate business. If you're simply a person who has a few items to sell, you might not want to go through all that paperwork. However, you still have options!

Regardless of the payment method you choose, one thing is certain?if you are passing credit-card information over the Web, you must do so over an SSL connection. Obtaining an SSL certificate and installing it on your system is covered in Hour 23, "Setting Up a Secure Web Server." You do not have to use this secure connection during the user's entire shopping experience, just from the point at which sensitive information is captured, such as the checkout form.

Creating the Checkout Form

At this point in the book, you should be well versed in creating a simple form. At the beginning of this hour, the store_orders table was created with fields to be used as a guideline for your form:

  • order_name

  • order_address

  • order_city

  • order_state

  • order_zip

  • order_tel

  • order_email

Additionally, your form will need fields for the credit-card number, expiration date, and the name on the credit card. Another nice feature is to repeat the user's shopping cart contents with an item subtotal, so the customer remembers what he's paying for and approximately how much the order will cost. Also at this point of the checkout sequence, you offer any shipping options you might have. Shipping and sales tax would be calculated in the next step of the process.

From the point of pressing the submit button on the form, the checkout sequence depends on the payment method you are using. The next section goes through the basic steps and offers suggestions on various methods of payment processing.

Performing the Checkout Actions

If you have obtained a merchant account through your bank, you can utilize real-time payment services such as Verisign's PayFlo Pro. PHP has a built-in set of functions that, when used with the PayFlo libraries from Verisign, enable you to create a simple script to handle the credit-card transaction. You can learn more about PayFlo Pro at the Verisign Web site: The PHP manual section for PayFlo functions is at

Verisign's product is one of several transaction-processing gateways that exist for use by merchants. Your bank will usually provide a list of merchants they prefer you to use. If you stray from their list of preferred vendors, be sure to research your selected vendor thoroughly, to avoid any delays with deposits and to ensure you're getting the best deal.

After you have selected a transaction processor, your checkout script should follow a path like the following:

  1. Total the items, add tax, add shipping. This gives you the total amount to authorize from the credit card.

  2. Perform credit-card authorization for the total amount.

  3. You will receive either a success or failure response from your card processing routine. If the response is a failure, print a message to the user, and the transaction is over. If the response is a success, continue to Step 4.

  4. Write the basic order information to a table like store_orders, including the authorization code you will receive upon successful authorization. Get the id value of this record using mysql_insert_id().

  5. For each item in the shopping cart that is tied to this user, insert a record into store_orders_itemmap. Each record will reference the id (as order_id) gathered in the previous step.

  6. Delete the shopping cart items for this user.

  7. Display the order with authorization code in place of the credit-card information on the screen, so the user can print it and hold it as a receipt. You can also send this information via email to the user.

Each of the steps listed previously?with the exception of the actual payment authorization code?are the same simple steps you have been using throughout this book, and there's no reason to make them more difficult than they need to be!

    Part III: Getting Involved with the Code