A better test is what happens when your family, coworkers, and annoying friends give the site a whirl. And I specify the annoying friends, because they’re the ones who will attempt to do things you never would have imagined. When these people, who aren’t Web developers themselves, purposefully or accidentally misuse the site, what happens? From these experiences you can improve the user interface and security of the whole application.

Improving those two things will go a long way toward a successful e-commerce venture. Still, there are steps you can take to effectively test your site yourself.

Relatively new to PHP is the concept of test-driven development and unit testing:
You define concrete and atomic tests of your code, and then run the tests to confirm the results. Each test should be concise and clear. As you write more code, you define more tests and continue to check each test to ensure that what you just did didn’t break any other functionality. Test-driven development and unit testing are big enough subjects that I recommend you research both further on your own, when you’re ready.

First, if the database or PHP is caching the results of a database query, then that query will not need to be executed with each request. Second, by default, each request of a PHP script requires that the PHP code be executed as if it had never been run before. By applying an opcode cache such as the Alternative PHP Cache, the PHP code itself is cached by the system, making that execution faster.

Finally, the end result is that HTML is sent to the Web browser. If you can cache the dynamically generated HTML, then no PHP code will be executed at all, no database queries are required, and the request itself becomes as fast as a request for a static HTML page.

Bottlenecks usually occur when PHP interacts with the file system, whether that means literal files on the server (like reading and writing text files or using sessions) or through the database application. I caution you against spending too much time worrying about profiling individual sections of code, because the improvements you can make that way will be relatively minor and possibly not worth your time. Better to learn good programming habits so that you don’t have to worry about profiling after the fact.

Designing the database is a key step, largely because changes to the database at a later date have far larger implications and potential complications than changing any other aspect of the site. Adding functionality through database changes is a steep challenge and fixing database flaws is excruciating, so make every effort you can to get the database design right the first time.

Good database design begins, naturally, with normalizing the database. If you aren’t familiar with normalization, see any good resource on the subject. Normalization and performance mean that you also:
1. Use the smallest possible column types.
2. Avoid storing NULL values as much as possible.
3. Use fixed-length columns when you can.
4. Provide default values for columns, if applicable.

Performance is also greatly affected by using indexes properly. Declaring indexes is somewhat of an art, but some general rules are:
1. Index columns that will be involved in WHERE and ORDER BY clauses.
2. Avoid indexing columns that allow NULL values.
3. Apply length restrictions to indexes on variable-length columns, such as
indexing only the first 10 characters of a person’s last name.
4. Use EXPLAIN queries to confirm that indexes are being used.
5. Revisit your indexes after some period of site activity to ensure they are still
appropriate to the real-world data.

A final consideration in your database design, which gets less attention, is the storage engine (or table type) in use. One of MySQL’s strengths is its support for multiple storage engines, meaning you can select the one whose features best match your needs.

Okay now lets talk about programming design, from a programming perspective, you’ll want to create code that’s not only functional, but also reusable, extendable, and secure.

To make reusable, extendable code, it must be well organized and thoroughly documented. I cannot stress this enough: Document your code to the point of overkill. As you program, begin with your comments and revisit them frequently. When you make any changes to your code, double-check that the comments remain accurate. You should also use flowcharts, UML diagrams (Unified Modeling Language), and other tools to outline and represent your site in graphical and noncode ways.

The security of your code is based upon so many factors that the next chapter will start discussing just this one subject. Secure programming is even more critical in e-commerce sites, however, so the topic will be reinforced time.

The development process occurs in phases. If each phase is approached deliberately and the end results are properly generated, you’ll develop a great e-commerce site as effi ciently as possible. If, on the other hand, you jump around, rush the process, skip steps, and make omissions, the whole procedure will take much longer, and the end result will be buggier.

At the end of the development process, you’ll hopefully have created the best possible e-commerce site, but that site will undoubtedly need to be changed next week (as clients always want), next month, or next year. If the fi rst goal is a smooth, optimal process, then the second is output—specifi cally PHP code and a MySQL database—that is fl exible and scalable. When those inevitable changes need to be made, you should be able to do so without breaking or rewriting the entire system.

The first step in the development process is planning a generic site. This is much like establishing your business goals, but specifically with the site itself. What should the site do? What should it look like? Who are the target users? What browsers and/or devices should the site support? Use pen and paper, or any application in which you can make notes, and be as inclusive as you possibly can. It’ll be much better, further down the road, if you considered an idea and ruled it out than if you never thought of it in the first place.

The next thing you should do in the development process is mock up the HTML designs for the site. I, for one, have absolutely no design skills whatsoever. If you could say the same, there are two simple solutions:
? Hire a qualified designer to create the HTML templates.
? Use an off-the-shelf design that you tweak a bit.

If you don’t have the budget or time to purchase a custom design, you can take an existing one and modify it to your needs. There are both free and commercial designs available, although you’ll need to abide by the licensing where applicable. For example, some designs are free to use as long as you give credit to the designer in the footer. Other designs are free for noncommercial use but require licenses for commercial endeavors. In any case, you can take the existing template and then adjust the HTML and CSS to personalize the design for your or your client’s tastes.

Payment gateway consider more more professional and ought to be your solution for all but the simplest e-commerce sites. But payment processors are quite commonly used and do make sense for some businesses, so don’t dismiss them as an option entirely.

When selecting among payment providers, you should first determine if your business bank or Web-hosting company has an arrangement with any companies. By choosing a pre-approved vendor for this important service, you’ll minimize some of the potential headaches and hopefully have an expert to turn to when you need technical support.

Another factor is geography: Different providers will work in your part of the world and will be limited as to what other regions they support. Also, you’ll want to check that the currency the provider uses gels with your business.

There are many features to weigh when making your selection:
? Tools for fraud prevention
? Ability to perform recurring billing
? Acceptance of eChecks
? Automatic tax calculation
? Automatic shipping calculation and processing
? Digital content handling
? Integrated shopping cart

Clearly, many of these features can greatly simplify the development of your e-commerce site and result in a more professional Web application, but I would like to highlight fraud prevention. You may not have given much thought to the subject, but excellent fraud prevention is in the best long-term interest of your site. If someone can use a credit card at your site that isn’t valid or isn’t theirs, you’ll have a false sale and later have some cleanup to perform to undo the transaction.

Further, the person whose credit card was fraudulently used will think poorly of your business for allowing the fraud in the first place. For these reasons, using a gateway with sophisticated fraud-prevention tools is a must. The two most common techniques are to verify the billing address and the Card Verification Value (CVV)—those numbers on the back of the card.

A final, obvious factor that was not listed earlier is cost. You’ll need to consider the initial setup costs, the monthly fees, plus the individual transaction expenses. If you require features that come at an extra cost, factor those in, too.

A payment gateway is a real-time payment system that can be directly integrated into your own site, resulting in a process that’s more professional and seamless. Instead of sending the user away, in the hopes they come back, transaction data will be transmitted behind the scenes and the customer won’t leave your site at any point in the entire process.

A gateway will offer much better fraud prevention, among other extra features (more on fraud protection in the next section). The gateway will deposit your monies into a merchant account automatically, normally charging less per transaction than payment processors do.

On the other side of the equation, a payment gateway may have higher setup costs and will require more programming to integrate the system into your site. They also require a merchant account, which is an account into which credit card charges can be deposited and refunded (for customer returns). You may or may not be able to use your business bank as your merchant account, depending upon your bank.

There are tons of payment gateways available; some gateway systems are actually resold through other vendors, giving you the ability to shop around for the best deal. Authorize.net perhaps the could be the example of good payment gateway.