Several commerce methods exist when it comes time to pay for the purchases in the shopping cart. The "right" method for you depends on your businessmerchant accounts through banking institutions often require you to have a business license, a reseller's permit, and other pieces of paper proving you're a legitimate business. If you're simply a person who has a few items to sell, you might not want to go through all that paperwork. However, you still have options!
Regardless of the payment method you choose, one thing is certain: If you are passing credit card information over the Web, you must do so over an SSL connection. Obtaining an SSL certificate and installing it on your system is covered in Chapter 28, "Setting Up a Secure Web Server." You do not have to use this secure connection during the user's entire shopping experience, just from the point at which sensitive information is captured, such as the checkout form.
Creating the Checkout Form
At this point in the book, you should be well versed in creating a simple form. At the beginning of this chapter, the store_orders table was created with fields to be used as a guideline for your form:
Additionally, your form will need fields for the credit card number, expiration date, and the name on the credit card. Another nice feature is to repeat the user's shopping cart contents with an item subtotal, so the customer remembers what he's paying for and approximately how much the order will cost. Also at this point of the checkout sequence, you offer any shipping options you might have. Shipping and sales tax would be calculated in the next step of the process.
From the point of clicking the submit button on the form, the checkout sequence depends on the payment method you are using. The next section goes through the basic steps and offers suggestions on various methods of payment processing.
Performing the Checkout Actions
If you have obtained a merchant account through your bank, you can utilize real-time payment services such as VeriSign's PayFlo Pro. PHP has a built-in set of functions that, when used with the PayFlo libraries from VeriSign, enables you to create a simple script to handle the credit card transaction. You can learn more about PayFlo Pro at the VeriSign Web site: http://www.verisign.com/products/payflow/pro/index.html. The PHP manual section for PayFlo functions is at http://www.php.net/manual/en/ref.pfpro.php.
VeriSign's product is one of several transaction-processing gateways that exist for use by merchants. Your bank will usually provide a list of merchants it prefers you to use. If you stray from your bank's list of preferred vendors, be sure to research your selected vendor thoroughly, to avoid any delays with deposits and to ensure you're getting the best deal.
After you have selected a transaction processor, your checkout script should follow a path like the following:
Each of the steps listed previouslywith the exception of the actual payment authorization codeare the same simple steps you have been using throughout this book, and there's no reason to make them more difficult than they need to be!