I have basically seen and used two methods for integrating credit card
gateways into PHP code.

The first method is one that opens a socket to the gateway server and sends
the data from within the code.

The second is where FORM data is posted to a https URL with the URL is
should send the response back to, with the confirmation code, etc.

I traditionally use PG for situations of e-commerce, mainly because of
transactions. I like the first method better, because I feel it is more
secure, seemless, and less chance for errors to occur (either user induced,
or other problems). I like being able to store all of the required data in
sessions (rather than adding to the DB at each step) and then making all of
the transactional queries at the end of the credit card charging process.

The problem I face is that all of the companies I've researched that allow
direct socket integration seem to charge quite a bit more in general than
those that use the POST/REDIRECT method of charging. **** So, if anyone
knows of a reliable and affordable company that allows socket integration,
that would solve the problem best. ****

However, because of budget issues, I may need to use one of these cheaper
companies, who ultimately use the POST/REDIRECT method.

My questions are how do you securly, reliably, and seemlessly integrate
sessions within that type of gateway. Because once the form data is posted
to the credit card gateway, it redirects (posts response data) back to the
script of your choice. However, in my experience, the sessions are not
restored/recognized until the browser is refreshed on the client side
(through the use of JavaScript) to get the server to recognize the request
as coming from your user, rather than the as a post from the gateway. I
don't want to have to deal with getting sloppy and adding additional
refreshes/java script if thats the only way to do it. If I were to merely
have the code generate a form based on hidden tags and have javascript
auto-form submit, then I would open to security problems, because I could no
longer restrict the script the gateway respondes to by an HTTP_REFFER.

Because the clients order id that is generated will be stored as a session,
I need a way to reference the order ID and confirmation code that is
returned by the posted data from the gateway, against the session data to
start inserting the data into the DB if it was a successful charge.

Any ideas...? Maybe there's a quick solution out there I am just
overlooking. The solution would be easy if I wasn't inserting all of my data
at the end of the process based on the session data. But this is how the
code is has to work, so what do you all think, how should I deal with this?



PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to