Solved

Basic Information regarding shopping cart & stock levels / control

Posted on 2003-12-10
8
498 Views
Last Modified: 2013-11-29
I have a reasonable idea on creating a shopping cart and linking the checkout to a payment gateway. I'm not clear on how the basic process can be linked up with a fairly efficient (but not over the top) stock level / control system. Could someone explain the basics (not programming) of how this process works, explaining how the levels are updated from either end (automatically and manually).
Cheers
0
Comment
Question by:Chris_Granger
  • 4
  • 4
8 Comments
 
LVL 4

Accepted Solution

by:
AsbjornG earned 250 total points
ID: 9917773
Chris,

My company is currently discussing a solution for this with one of our clients.

We have come up with two options, one real-time and one with regular synchronization.

First, one end must contain the master database (the offline database). The online base will synchronize based on this.

Real-time:

Every time a purchase is made the online system sends a request (could be in many formats, anything from a form post to XML) to the stock management database. The item is deducted, and a response message is returned. If negative the buy receives an error and is not charges (Sorry, we're out of stock), if positive everything goes on as normal. (that's the basic, simple way - of course you may want to add things like security, etc. to complicate it a bit).

Synching:

Every X hours the stock management database sends a request to the online database, upon which the online DB returns the number of items of each type sold since the last update (XML would be an excellent way of transferring this data). The online database then sends a request to the offline db to find out how many of each item is left in stock. You may also, at this point, reserve X items for offline sales (i.e. if there are 10 left and 5 are reserved, the online db is told that 5 of this item is available).

Let me know if you'd like more thorough and technical info.

Cheers,

Asbjorn
0
 

Author Comment

by:Chris_Granger
ID: 9918386
That's excellent, thanks. Any more information about anything would be great, eg - security, a litle more on how the stock management database is handled with incoming/outgoing stock (from the non-e shop side), an example of the XML handling would also be fantastic. Obviously the stock management database is integral for the real time method so I'd assume if the company's servers were not going to be full-time reliable then it might pay to situate this at the same hosting site as the online application, residing on its own server for security sake? I don't understand any advantages with the "Synching" method?

I've awarded the points for your last answer as this was pretty much what I was looking for but the more the better... :-)

Cheers!
0
 
LVL 4

Expert Comment

by:AsbjornG
ID: 9918631
Chris,

In my companys project, all these transfers will happen through http protocol. One side sends a request (sometimes including form data), the other side responds with XML data.

Example:

John Doe purchases a T-Shirt from your shop. He enters his credit card information and clicks "submit".

While John waits happilly, the web server sends a https post request to your shop server which contains the code of the item in question. The shop server replies in XML with "1" for "yes, we have it" or 0 for " sorry, out of stock".  If the reply is 1, John's credit card is processed. If successful, another https post is sent to the shop server this time saying "We've sold one of these items". the shop server simply replies "okey dokey" or doesn't reply at all.
John sees the response page saying "thank you for buying a t-shirt, it's in the mail".

As for the XML, vbscript has objects that lets you handle and convert XML very easilly. Making secure connections and verifying IPs is also pretty simple.

For added security, you can also use SSL (https) on both servers, and verify IP addresses on each side.

"I don't understand any advantages with the "Synching" method?"

My company is operating in Cambodia, where internet connections are fickle at best. The only advantage of the synching method is that the sale will still go through even if your connection is down.

Let me know if you have any questions on the above!

Cheers,

Asbjorn
0
 

Author Comment

by:Chris_Granger
ID: 9946100
Great Thanks!  

Just out of interest, is it more secure querying your shop server (which then querys the shop db and responds with xml) then it would be to directly query your shop database?

Could you show the syntax for the XML reply and recieve?

Could you explain the "secure connections and ip" bit a little more? EG - Do you mean HTTPS?,  What IP address are you querying and why?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Expert Comment

by:AsbjornG
ID: 9946249
Hi Chris,

The XML can be as simple as this:

  <?xml version="1.0" ?>
 <info_pdu>
  <validate0</validate>
  <remark>Invalid Password</remark>
  </info_pdu>

The above signifies a reply of "Sorry, the password didn't match" which is what the user will see. Please visit http://www.w3schools.com/xml/default.asp for more information about XML.

Like you say, the methods I'm describing here are querying a script on the server rather than the database itself. The advantages are that a webserver supports SSL, and the outpur can be formatted as you please (which may also be the case with a database server, I'm not too familiar with that).

All data will be transfered over the HTTP (or HTTPS) protocol. HTTPS if preferable to keep the data safe. Of course this means that your shop server will need a secure certificate installed (but not necessarilly a registered one).

The IP addresses you are querying are those of your web and shop server. As I mentioned, for added security your shop server should make sure that the IP querying it is that of your web server.

Sorry about keeping it short, but there's too much work these days!

Cheers,

Asbjorn
0
 

Author Comment

by:Chris_Granger
ID: 9946381
That is fantastic, much appreciated!

One comment you made was:
"...secure certificate installed (but not necessarilly a registered one)."

What do you mean by not using a registered one?

Cheers
0
 

Author Comment

by:Chris_Granger
ID: 9946396
...are you storing CC information or are you using a pay gateway?
0
 
LVL 4

Expert Comment

by:AsbjornG
ID: 9946524
Chris,

The way secure certificates works are, briefly:

You create a new certificate. You can use it instantly, and it works just like any other certificate. However, website visitors people will see warnings that it's an unregistered certificate (meaning the identity of the owner is unknown). You will need to verify your identity and ownership of that perticular certificate with a certification authority (i.e. Thawte, Verisign). The certificate works just as well without registering it with an authority, and unless visitors will be using the secure part of your server there is no need to register it.

I make it a rule never to store credit card information; even if I will not abuse it myself I am still compromising my customers information by storing it somewhere a 3rd party may get unauthorized access to it. I'm using a real-time payment gateway, so there is no legitimate need for me to store the CC info. You should only store this information if absolutely necessary, and if you do store it you should inform your customers about it.

Cheers,

Asbjorn
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The next wave of Panda releases starts with Panda2.1 After the game-changing Panda2.0 update that caused a reduction in Google search engine referral traffic to a newly affected and larger set of websites, more Panda updates were already in the pip…
Often people are aiming at development of perfect Magento websites. Though, it is easier said than done. You know what’s much easier? To ruin everything. It can be done in seconds. Many of us experimented with design, tried to change some values dir…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now