E-commerce questions/pitfalls

[colombian]

I have done all sorts of things from scratch in PHP - including a shopping cart(front end), a CMS, etc.

 

However, I have never done the processing of credit card part.

I was wondering if someone experienced in that area could give me some general advice.

 

The site that I will be working with will just be taking a donation.

I just want to make it as secure as possible.

 

Also, if you have a recommendation for credit card processing companies that  don't charge an arm and a leg - that would also be great. Paypal may be an option, but I want to know how to do it the other way - for when that opportunity presents itself.

 

Any advice on security, pitfalls, where to store and how to store credit card numbers (if at all - I assume those are passed to the processing company but not on our end). Any suggestions or code sample I should look at would also be helpful. (Or book recommendations).

 

I've recently been working with transactions, and I'm pretty comfortable with them.

 

Thanks in advance!

 

 

 

 

[DarkWater]

There are PEAR credit card processing libraries you can go look up the documentation for.  Go visit PEAR. PEAR

 

You should be able to find what you need.

[ToonMariner]

the process is fairly standard..

 

Collect data securely send data via curl to a url of the payment gateways specifying.  The format of the data to be sent is also specified by the payment processor...

 

You will find may payment gateways have integration kits - I have seen the code in a few of them and to be honest they can be improved but you will get the idea...

 

http://pear.php.net/package/Payment_Process/ is probably the thing darkwater was pointing you toward - I have yet to use it but pear packages are on the whole very good.

[colombian]

I am not familiar with PEAR - though I have heard that term used often.

 

What is the advantage of going with PEAR?

 

I will read up on it.

I'm wondering why I should use it over my own PHP / mysqli code.