I´m starting with MySQL developing and consider to make my own e-commerce site.
- If I want to store customer´s wish list in a table should I do it, like first column has user id and second has product ids separated like
product0|product1|product2or is there some more effective way to do this in MySQL? - Should I store the user details forever, or remove them when the order has been processed?
-
Is this enough secure function to take off dangerous characters from user inputs:
function siisti($str){ $str = strip_tags($str); $str = htmlentities($str); $str = trim($str); $str = htmlspecialchars($str); $str = mysql_real_escape_string($str); $str = str_replace(array("ä", "ö"), array("ä", "ö"), $str); return $str; } -
Is there any other that I should look when creating it?
EDIT:
One more question
Is this good way to do the pages:
up.php
Content to be inserted top of all pages
| Some Site
etc.
down.php
Content to be inserted footer of all pages some copyright notes etc.<./body> <./html>somepage.php
i.nclude("up.php");
some content here
In some reason the code handling does not work at all! So just click edit to see what I have as code. This bug should really fixed in this site.
Use a table with columns
customerandproductand insert multiple rows for each customer – one for each product they own.In general, do not delete rows. Just mark them as processed. This allows you to audit the system.
Use
mysql_real_escape_stringor parameterized queries when accessing the database. Use HTML escaping functions when writing HTML. There is no such thing as “dangerous characters”, only “dangerous programming”. Never try to write “cleaning” functions yourself. Using generic cleaning functions makes you lazy. You won’t understand what you are doing and that will lead to mistakes.