Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PHP shopping cart without database?

0 views
Skip to first unread message

M1911

unread,
May 31, 2003, 6:45:37 PM5/31/03
to
Is there a PHP shopping cart available that works without a database. It
might sound weird but I've set up one a few times that was written in
perl (not by me) and it can be very handy, especially for someone with
only a few products. That one took information about products from the
form action and then functioned just like a typical cart. You had to put
your product name, description, price, etc. in the html link from each
product to the script, but there was no database involved. If anyone
knows of anything like this in PHP please post the links.

Thanks

SpEaRmAn

unread,
May 31, 2003, 7:10:10 PM5/31/03
to
search hotscripts.com before u ask ;)

--
--
* Please visit my website: www.OvertechTechnologies.com/go.php?id=kyle
* Make money with yours: http://overtech.kicks-ass.net:81/
"M1911" <nom...@no.mail> wrote in message news:3ED93089...@no.mail...

M1911

unread,
May 31, 2003, 7:50:26 PM5/31/03
to
SpEaRmAn wrote:
>
> search hotscripts.com before u ask ;)

I looked through hotscripts.com but I didn't see anything that fit what
I'm looking for. Do you know of one there does what I'm looking for?

Ruben van Engelenburg

unread,
May 31, 2003, 9:17:06 PM5/31/03
to
M1911 wrote:
> Is there a PHP shopping cart available that works without a database. It
> might sound weird but I've set up one a few times that was written in
> perl (not by me) and it can be very handy, especially for someone with
> only a few products. That one took information about products from the
> form action and then functioned just like a typical cart. You had to put
> your product name, description, price, etc.

[snip]

Keep in mind that this is very insecure. Even if security is only
slightly important to you, you should never use a script that works like
that.

Regards,
Ruben.

M1911

unread,
May 31, 2003, 9:38:18 PM5/31/03
to

In what way is it insecure? The perl version I've seen was set up so
only allowed domains could post to the cart. So someone could not just
alter the html and submit from their PC or some other domain. Other than
that, why would it be less secure than a cart that pulls info from a
database?

Drazen Gemic

unread,
May 31, 2003, 10:25:11 PM5/31/03
to
M1911 wrote:
> Ruben van Engelenburg wrote:
>
You can have very easy and simple database using serialization.
I hope it helps.

DG

Ruben van Engelenburg

unread,
Jun 1, 2003, 10:34:15 AM6/1/03
to
M1911 wrote:

[snip]

>>Keep in mind that this is very insecure. Even if security is only
>>slightly important to you, you should never use a script that works like
>>that.
>>
>>Regards,
>>Ruben.
>
>
> In what way is it insecure? The perl version I've seen was set up so
> only allowed domains could post to the cart. So someone could not just
> alter the html and submit from their PC or some other domain. Other than
> that, why would it be less secure than a cart that pulls info from a
> database?

You wrote this in your original post:

" That one took information about products from the
form action and then functioned just like a typical cart. You had to put
your product name, description, price, etc."

In such a setup a user can easily modify the price. The user can check
out the HTML source of the form to see what the name of the price key
is, say "price". He'll also check the form action, say "cart.cgi".
After he's got all info he needs, he'll submit the data himself instead
of using the form, by going to:
http://www.yourshop.com/cart.cgi?product=10&price=8

This is just an example, but you get the point. Very easy to circumvent
the hidden values in the form, which would normally be stored in a
database instead of in the formdata.

Regards,
Ruben.

M1911

unread,
Jun 1, 2003, 12:07:12 PM6/1/03
to
Ruben van Engelenburg wrote:
> You wrote this in your original post:
>
> " That one took information about products from the
> form action and then functioned just like a typical cart. You had to put
> your product name, description, price, etc."
>
> In such a setup a user can easily modify the price. The user can check
> out the HTML source of the form to see what the name of the price key
> is, say "price". He'll also check the form action, say "cart.cgi".
> After he's got all info he needs, he'll submit the data himself instead
> of using the form, by going to:
> http://www.yourshop.com/cart.cgi?product=10&price=8
>
> This is just an example, but you get the point. Very easy to circumvent
> the hidden values in the form, which would normally be stored in a
> database instead of in the formdata.
>
> Regards,
> Ruben.

That is possible but it's not really a problem in the situations where I
would use it. The orders are all looked over by a human after they are
submitted and price changes would be spotted. The product line is small
and the merchants know their products and don't use real time cc
processing online. It's the same situation as someone filling out an
order form manually. The cart is just for convenience and more
professionalism. But it probably would not be a solution for a large
company with many products and employees who don't know the products
well enough to spot that type of thing.

William L. Berggren

unread,
Jun 6, 2003, 1:36:17 AM6/6/03
to
Ruben van Engelenburg <ru...@NOSPAMtextinfo.nl> wrote in message news:<3eda0ed1$0$45371$1b62...@news.wanadoo.nl>...

You could also send the form to another php page to verify the data if
you want to. No database required. For small amount of items less
than 30 the best way would be to include a data file imho

switchblade.price = "5.99";
switchblade.url = "switch.htm";
switchblade.pitch = "Cuts though skin like a watermelon";
switchbade.image = "./images/blade.png";
hachett.price="7.99";

Jordan Smith

unread,
Jun 6, 2003, 11:47:01 PM6/6/03
to
M1911 <nom...@no.mail> wrote in message news:<3ED93089...@no.mail>...

I would never recommend that method. You should be made aware that
there are databases such as mySQL etc, and then there are flat file
databases which jus consist of files that sit on the server. This is
not as secure or as fast as other methods but there is no extra SW
needed because your shoppong cart script uses its own flat file
database.

A falt file databse is just a bunch of files, maybe a file for each
product... it all depends on how it is coded, but I hope you get the
idea...

M1911

unread,
Jun 7, 2003, 10:28:05 AM6/7/03
to
Jordan Smith wrote:
>
> M1911 <nom...@no.mail> wrote in message news:<3ED93089...@no.mail>...
> > Is there a PHP shopping cart available that works without a database. It
> > might sound weird but I've set up one a few times that was written in
> > perl (not by me) and it can be very handy, especially for someone with
> > only a few products. That one took information about products from the
> > form action and then functioned just like a typical cart. You had to put
> > your product name, description, price, etc. in the html link from each
> > product to the script, but there was no database involved. If anyone
> > knows of anything like this in PHP please post the links.
> >
> > Thanks
>
> I would never recommend that method.

Why not?

William L. Berggren

unread,
Jun 10, 2003, 1:44:03 AM6/10/03
to
jos...@albertc.on.ca (Jordan Smith) wrote in message news:<e1f8c430.03060...@posting.google.com>...

I would recommend either embedding the product in index.php, using one
.inc file, or having a directory called products with one file per
product that is the php script can read 1-50 products as needed. It
will be much faster since you don't use the overhead and wasted code
of a database.

flat files is a term database lovers use to discredit text files.
flat sounds dead, while sql sounds sophisticated.

0 new messages