Again the Security Question : LUSENET : S-Mart Shopping Cart : One Thread

Hi Everyone,

If you have a moment I could use some help with Shop Smart.

I am in the same situation as Chris the author of the question you answered below. I understand by using the exclude="1" command the credit card info will not be transmitted via e-mail, but how do you get the information or rather where is the information stored so you can completely process the customers order? Does the program write this information to a file that can be accessed with a password? If not can you tell me how to make the script write such a file?

I know this is asking a lot and if I were not so stumped I would not impose on anyone else, but any help would be greatly appreciated.

- Kerry Porche


I'm looking for any suggestions anyone might have regarding security for S-mart. The script emails all orders, and even if the order is placed from a secure server, email is not secure. A better solution would be to have a two part ordering process. Where the initial information name, address, etc., is emailed notifying the merchant of the order, the second part of the form would write to a textfile database (pipe delimited) and would contain sensitive info. This info could be accessed using a database program through the net. The directory containing the info would be password protected. This isn't perfect, but it's better than email. Unfortunately this won't work because the script doesn't support the "redirect" hidden tag.

Any suggestions for securing info would be appreciated.


-- Chris Staniar (, August 10, 1998

Answers The other thing you can do is in the code for the credit card number field include the following exclude="1". When this value is set to 1 the script does not send the field in the email. input name="cardnumber" size="20" exclude="1" (<> were left off each end to be able to display properly)

-- Kevin (, August 02, 1999.

-- Kerry Porche (, November 09, 1999

Moderation questions? read the FAQ