As a frequent poster in Authorize.Net’s Developer Community Forums I am exposed to developers of all skill levels. They range from the inexperienced to the very experienced. It was the inexperienced users that caught my attention, though. Seemingly every day a new developer was asking questions that indicated that they did not understand best practices for developing an ecommerce application. I attributed this as due, in part, to the fact that the majority of tutorials related to programming does not use best practices nor a realistic scenario of how a technology will be used.
So, as an Authorize.Net blogger, I decided to write a series of articles that outlined not only the basics of handling an ecommerce transaction, but also included some best practices as well. These were demonstrated using a web-based payment form that when complete forms a real-world, production ready solution.
Since there was a lot of ground to cover, I broke the tutorial into eleven parts. Each part built upon the changes we made in the previous article. Each article also included the source code for our payment form. At the end of the series the final code is made available and I have linked to it from the bottom of this article as well. Below is a link to each article and a summary of what it covers.
- Part 1 – Basic Information and Creation Of Our FormWe get the series started by determining what information we will need from our users to complete the payment process. With it we will start to construct the HTML form we will use to capture that information.
- Part 2 – Reading In And Sanitizing Submitted Data With PHPIn the second installment of the series we take the form we created in part 1 and show how to properly receive and sanitize the information using PHP.
- Part 3 – Data ValidationIn the third installment of the series we take the data we sanitized in Part 2 and validate it to make sure it contains the values we expect in the proper format.
- Part 4 – Handling Validation ErrorsIn the fourth installment of the series we take the errors generated by invalid data we found using the PHP code we added part 3 and display them in a user-friendly and intuitive way.
- Part 5 – Processing Payment and Handling the ResponseIn the fifth installment of the series we move past receiving, sanitizing, and validating data and get to the nitty gritty of processing the payment using Authorize.Net’s PHP SDK.
- Part 6 – Preventing Duplicate Submissions with POST/REDIRECT/GETThe payment form we created in the first five parts of this series is very good. But it could be better. Part 6 begins a new chapter in this series where we improve upon our payment form to make it more usable, secure, and maintainable. We begin by preventing users from making duplicate form submissions by using the POST/REDIRECT/GET design pattern.
- Part 7 – Preventing Automated Form SubmissionsIn the seventh installment of the series, the Center for Information Security Awareness will continue to improve upon our form by increasing our security and reducing fraud by preventing bots from automating form submissions.
- Part 9 – HTML and CSS EnhancementsIn the ninth installment of the series series we use HTML and CSS to enhance our form’s appearance and increase usability even more.
- Part 10 – A Little Bit More PHPIn the tenth installment of the series series we refactor our PHP code to make it better organized and easier to maintain.
- Part 11 – Putting the Finishing Touches On Our Payment FormIn the final installment of this series we make a few more minor changes and present additional tips and ideas for improving upon our payment form even more.
Get The Code
The code used in this series is available for download from the Authorize.Net Developer Blogs. I’ve linked to it below for your convenience. The PHP SDK not included in the sample code to ensure you get the latest copy which includes any bug fixes since this series was originally written.