Confused regarding the use of shopping carts in general

Question

I have a project which will need a shopping cart which is where my confusion begins. The payment gateway we have in mind supports a lot of carts but does that mean I can't create a custom cart myself form the ground up? We're just selling around 10 products so I was hoping to create a customized cart for my client.

This is a PHP/MySQL site and since this is my first ecommerce project and I'm afraid that if I create a custom cart I won't be able to link it to the gateway. Am I just being paranoid?

Answer 1

Payment providers usually handle the security aspects of handling money. Just make sure you are using SSL for all transactions.

That being said, there are many cart implementations out there. I usually favor these since even if you start small, you may grow. An existing implementation will give you this scalability rather than roll-your-own. Unless you plan on creating differentiation for your customers by a custom implementation, use one off the shelf.

Answer 2

If any of those supported carts are open source, then yes, you're being a bit paranoid. You could rather easily look at the payment modules for any of them to see how the gateway wants stuff passed. Add to that, the gateway will generally document how it expects stuff, which is how those open source modules typically get written in the first place.

With that said, though...if this is your first e-commerce site, you might want to start with an existing cart and save yourself a bunch of trouble. There's a lot of stuff to worry about and rules to follow when you're handling credit card info and money in general, and you don't want unproven code sitting out there waiting to be exploited. The big established carts have been out there for a while now and are less likely to be doing something totally wrong.

Answer 3

It depends on the gateway and how things are passed across.

In general, if the payment gateway supports multiple carts, there will be a technical way for you to link into it but you'll need details of their API (How to pass over items, quantities, taxes, shipping info, etc...)

Worst-case, you can look at how the supported carts do it and duplicate the functionality.

The best place to look for information is the payment gateway themselves - sometimes they offer SDKs or APIs in various languages. Of course, this all assumes the payment gateway are willing to let you use a custom solution (most are)

I would point out the e-commerce is a high risk area of development and you should make absolutely certain you know what you're doing before using it in a production environment. You need to be as certain as you can be that there are no bugs/flaws in your code that could result in over/under charging, SQL injection attacks, etc.