As a frequent poster in Authorize.Net’s Developer Community Forums I am exposed to developers of all skill levels. They range from the inexperienced to the very experienced. It was the inexperienced users that caught my attention, though. Seemingly every day a new developer was asking questions that indicated that they did not understand best practices for developing an ecommerce application. I attributed this as due, in part, to the fact that the majority of tutorials related to programming does not use best practices nor a realistic scenario of how a technology will be used.
So, as an Authorize.Net blogger, I decided to write a series of articles that outlined not only the basics of handling an ecommerce transaction, but also included some best practices as well. These were demonstrated using a web-based payment form that when complete forms a real-world, production ready solution.
Since there was a lot of ground to cover, I broke the tutorial into eleven parts. Each part built upon the changes we made in the previous article. Each article also included the source code for our payment form. At the end of the series the final code is made available and I have linked to it from the bottom of this article as well. Below is a link to each article and a summary of what it covers.
Part 1 – Basic Information and Creation Of Our Form
We get the series started by determining what information we will need from our users to complete the payment process. With it we will start to construct the HTML form we will use to capture that information.
Part 2 – Reading In And Sanitizing Submitted Data With PHP
In the second installment of the series we take the form we created in part 1 and show how to properly receive and sanitize the information using PHP.
Part 3 – Data Validation
In the third installment of the series we take the data we sanitized in Part 2 and validate it to make sure it contains the values we expect in the proper format.
Part 4 – Handling Validation Errors
In the fourth installment of the series we take the errors generated by invalid data we found using the PHP code we added part 3 and display them in a user-friendly and intuitive way.
Part 5 – Processing Payment and Handling the Response
In the fifth installment of the series we move past receiving, sanitizing, and validating data and get to the nitty gritty of processing the payment using Authorize.Net’s PHP SDK.
Part 6 – Preventing Duplicate Submissions with POST/REDIRECT/GET
The payment form we created in the first five parts of this series is very good. But it could be better. Part 6 begins a new chapter in this series where we improve upon our payment form to make it more usable, secure, and maintainable. We begin by preventing users from making duplicate form submissions by using the POST/REDIRECT/GET design pattern.
Part 7 – Preventing Automated Form Submissions
In the seventh installment of the series we continue to improve upon our form by increasing our security and reducing fraud by preventing bots from automating form submissions.
Part 9 – HTML and CSS Enhancements
In the ninth installment of the series series we use HTML and CSS to enhance our form’s appearance and increase usability even more.
Part 10 – A Little Bit More PHP
In the tenth installment of the series series we refactor our PHP code to make it better organized and easier to maintain.
Part 11 – Putting the Finishing Touches On Our Payment Form
In the final installment of this series we make a few more minor changes and present additional tips and ideas for improving upon our payment form even more.
Get The Code
The code used in this series is available for download from the Authorize.Net Developer Blogs. I’ve linked to it below for your convenience. The PHP SDK not included in the sample code to ensure you get the latest copy which includes any bug fixes since this series was originally written.