COM372: Notes, Chapter 27

Building a Shopping Cart
pages 579-623

We've built a simple database-driven site, including a restricted-access administrative back end, in assignments 6-8. This chapter extends that into a full commercial site complete with shopping cart and administrative back end. Components of this project include a product database, an online catalog, the shopping cart of things wanted to buy, a checkout script for payments and shipping, and the back end for administration.

Overview:

• Online catalog—building out from the book list in Book-O-Rama, we'd need book categories for searches. We need to amend the customer table to include shipping addresses. And somehow we need more on payment details. Because we are going to use online payment, we'll also want to implement transactions to assure integrity in our order processing (i.e., we'll use the InnoDB storage engine).
• Tracking purchases while shopping: In my online example, I used a simple hidden field variable to encode (and later decode) a list of isbn's of books chosen for purchase. We need a better way, which we'll develop by using a session variable to track while the user is adding books; when the user actually commits to a purchase, we'll enter the order in the database.
• Payment: We'll dummy up a system to take care of online transactions (and talk about what we would use in an actual system), connecting our purchases and customers to a bank in a realistic model.
• We'll also review and think about improvements to the administrative backend for the books table (price, category, etc.)

Customer site map: The functions path for customers (fig. 27.1, p. 581) is category list→book list for that category→book details→view cart→checkout→payment details→process payment.

Administrator site map: The administrator path (fig. 27.2, p. 582) includes options to insert books or categories, change passwords, and logout. It also includes the ability to add, delete, or modify records in the book categories table and in the category-specific books table, including add / delete / modify for categories and books.

We'll follow the same modular approach of chapter 26 and build a function library to do most of the work. All files are online (ftp—...common/Welling/Source/27), including two SQL scripts to set up and populate the database. These are listed in table 27.1, p. 583-4); book_sc.sql, used to create the database, is in listing 27.1 (p. 585-6) (notice the inclusion of type=InnoDB, which allows us to use foreign keys and transactions for orders, plus many additional fields). The revised database is now more realistic, including greater atomization of addresses, new fields for shipping, a category field for books, addition of item price to the order form (so you can record price at sale), and an admin table for backend administrator user and pw fields. Populate.sql can be used to fill the database with test data.

Online Catalog

The catalog needs three pages.

1. Index.php (fig. 27.3, p. 587; listing 27.2, p. 589-90)—lists four categories of books. The page requires the function library and starts a session, needed for the cart; if the user had previously logged in as an administrator (where a session variable would have been set), extra navigation options are shown. Function get_categories() (listing 27.3, p 590-1) retrieves a category list from the database, storing them in an array via function db_result_to_array() (listing 27.4, p. 591) (part of the function library); this array is displayed as a series of links by function display_categories() (listing 27.5, p. 591-2). Notice how the links all go to the same page, but include an appendix for the book category.
2. Show_cat.php (fig. 27.4, p. 588; listing 27.6, p. 592-3)—shows pictures of book covers and titles, which are used as links to details about the book. The books are selected based on the category passed from index.php, which is used in the SQL passed to the database via function get_category_name() (listing 27.7, p. 593). These seems a bit of a long way about it, but the category name is then used to get the books, using function get_books(), which are then displayed via display_books() (neither of these two functions are listed).
3. Show_book.php (fig. 27.5, p. 589; listing 27.8, p. 594-5)—shows details of the book, using get_book_details() to retrieve from the database and display_book_details() to create the html. The image for the book is stored in an images folder, using the isbn in the file name (i.e., as image/$isbn.jpg.

Shopping Cart

The shopping cart keeps track of books (by isbn) and the number of books ordered. This is done using an array, stored as a session variable (compare this to the string of isbn's used in my pre-session-variables approach in assignment 6). The isbn is the associative index of the array and the number of books is the value. We can also use the session to track total items and total price, which can be displayed on any page as a summary of what is in the cart.

The cart is handled from show_cart.php (fig. 27.6, p. 596, when the cart is empty and fig. 27.7, p. 596 when a book is added; listing 27.9, p. 597-99). The page either displays a "no items in cart" message (link "display cart" takes you to page and session contains no books in array), or a list of books in the cart (link "display cart" takes you to page and session contains books, or you have just added a book to the cart (a form option in show_book.php: note method=GET).

• Add book—When a book is added on page show_book.php, there will be an isbn value stored in $_GET['new'], which is checked at the top of show_cart.php (p. 597).
• Check cart—When the page is accessed from a "check cart" link, there will be nothing in $_GET[], so the page checks $_Session['cart']. If there is nothing there, you get the "no items" message; Otherwise, the page calls display_cart(), passing it the session array (i.e., the list of isbn's in the cart).
  Display_cart() (listing 27.10, p. 600-601) prints the contents of the cart in html.It loops through the array of isbn's, passing each to get_book_details() to look up book information (including the book image, if there is one). Each cart entry is also a link to show_book.php, which provides more details on the book, if desired. Note provisions for displaying an option to change quantities, and a "Save Changes" button. This is provisional because the same page can be used after purchase, in which case you don't want to show any options to make changes.

Adding to the cart: Show_cart.php displays the cart after a book is added (from page show_book.php). Adding means putting the book's isbn into the array 'cart', stored as $_SESSION['cart']. If you are adding the first book, you have to create the array and also create and initialize $_SESSION['items'] and $_SESSION['total_price']; afterwards, you add to the array and price total, and increment the count of items. To get the price, calculate_price() (listing 27.11, p. 602-3) looks it up in the database, multiplies by the number ordered, and then stores the result in the session variable; getting it back from session is faster than having to reconnect to the database each time. Calculate_items() (listing 27.12, p. 603) just looks in the cart and adds up the number of books.

Updating the Cart: The "Save Changes" button (fig. 27.7) uses a hidden field with name = "save" and value = "true," to indicate changes (see bottom of listing on p. 601). This is checked on show_cart.php (see listing on p. 598, after "if(isset($_POST['save']))"), the cart is checked, book by book, as (foreach ($_SESSION['cart']['$isbn'])) against any isbn sent by the form and if the form indicates that the quantity is now zero, the session entry is deleted (unset($_SESSION['cart'][$isbn]);). After deletions are complete, the total items and price are recalculated and again stored in SESSION. These two quantities are included in the page header, i.e., to show the number and total price of items in the cart on all pages.

Check out: Checkout is handled by checkout.php (fig. 27.8, p. 605; listing 27.13, p. 605-6), from a button link on the shopping cart, "Go to Checkout." This would normally be a secure page, accessed via SSL (chapter 17). The page displays items in the cart and a checkout form called from function display_checkout_form(). The action on the form links to purchase.php (listing 27.14, p. 607-8), which checks form details for completeness, and writes the order into the database via function insert_order(), listing 27.15, p. 608-10). Insert_order() finds the customer in the database table, or writes a new record (using form data) into the table; it then inserts a record into the orders table, including customer id, total price, and addressing; finally, it inserts book isbn's, price, and quantity into the order-items table, along with the order id number, and then commits the transactions. Note the details of turning on autocommit, etc., p. 610. Note also that there is a simple dummy code for shipping, which would be replaced by a more elaborate shipping calculation in a real application.

Payment: Payment is handled through process.php (fig. 27.10, p. 611; listing 27.16, p. 612-3), which is linked to from the "Purchase" button on purchase.php. This would check credit card information (here, from the form), display the details of the orders (using display_cart, but notice that you can no longer change things at this point due to the passed "false". The page is a dummy and doens't link to any actual payment clearing mechanism; these are discussed briefly on p. 613.

Administration

The backend is an authenticated access to the database, similar to code developed in chapter 26. It is reun through admin.php (fig. 27.11-12, p. 614, listing 27.17, p. 615); most of the page is the login form and authentication. Options (the menue) for the administrator are from function display_admin_menu(). These will lead to either insert_category_form.php or insert_book_form.php (fig. 27.13, p. 616; listing 27.18, p. 617), which present forms which are processed with insert_category.php or insert_book.php, both of which validate the form and insert a record in the database. Administrators can also edit or delete categories or books. Administrators may see the same content (e.g., book description) as users, because they are being shown the same page; however, because the page sees that the session contains an indicator that this is an authenticated administrator, the administrator is shown additional options, setting up editing or an administrative menu, and instead of the shopping cart summary appearing in the header, there is a logout button (fig. 27.14; listing 27.19, p. 619-21)

Not Reinventing the Wheel; This being the open-source world, you can find other shopping carts prebuilt, such as FishCartSQL; the advantage of open source is that you can tailor ready-made carts by accessing the code, tweaking to your "cart's content."