Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.php > #19471

Re: 2D array by POST

Show all headers | View raw

On 5/19/23 21:38, Liz Tuddenham wrote:
> J.O. Aho <user@example.net> wrote:
> 
> [...]
>> Yeah, I tend to favor to take prices from the database each time, this
>> more to keep the prices up to date, as then if someone changes a price
>> on a product that price change will get trough at once on all orders
>> that are not finalized.
> 
> Unfortunately that could lead to an illegal situation in the UK.  The
> price has to be the one the user agreed to at the instant of clicking
> the button.  If the database has been updated between there and the
> checkout, the original price must still be charged.  (An unlikely
> scenario, but one with potentially very damaging consequences.)

Sure you shouldn't change price when the end customer agrees on the cost 
and is sent to the payment page, at this point you can't change the 
price, but until the customer can at any point decide that the updated 
price isn't what they are prepared to pay for the product and remove it 
from the cart. Of course it's a good thing to notify if the price would 
change, one site that does this is amazon.co.uk.


> The agreed-to price is carried through the transaction by a cookie, the
> small risk of tampering (and the low value of the goods) make this an
> acceptable risk. 

I would fire anyone in my team if they would say it's an acceptable 
risk, values of a product, no matter if it's small and insignificant, 
shouldn't ever be end user adjustable and when it comes out that you can 
adjust the price, then people will start doing that and it's kind of a 
simple thing to do nowadays with all the browser extensions.


> The final account is e-mailed to the dispatcher, so
> any price anomalies ought to be caught at that stage.  (This is a small
> voluntary organisation with a very limited range of stock, so errors
> should be easy to spot.)

There are times when you have someone new, so mistakes can easily be done.
Do not downplay the risk just for it's a small organization and limited 
stock, tend to be those who has most to loose if someone manage to cheat.

-- 
  //Aho

Back to comp.lang.php | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

2D array by POST liz@poppyrecords.invalid.invalid (Liz Tuddenham) - 2023-05-18 17:04 +0100
  Re: 2D array by POST "J.O. Aho" <user@example.net> - 2023-05-18 19:00 +0200
    Re: 2D array by POST liz@poppyrecords.invalid.invalid (Liz Tuddenham) - 2023-05-18 21:17 +0100
    Re: 2D array by POST doctor@doctor.nl2k.ab.ca (The Doctor) - 2023-05-18 21:38 +0000
      Re: 2D array by POST "J.O. Aho" <user@example.net> - 2023-05-18 23:44 +0200
        Re: 2D array by POST liz@poppyrecords.invalid.invalid (Liz Tuddenham) - 2023-05-19 07:19 +0100
          Re: 2D array by POST Jerry Stuckle <stuckle.jerry@gmail.com> - 2023-05-19 11:56 -0400
            Re: 2D array by POST "J.O. Aho" <user@example.net> - 2023-05-19 20:27 +0200
              Re: 2D array by POST "J.O. Aho" <user@example.net> - 2023-05-19 20:29 +0200
                Re: 2D array by POST Jerry Stuckle <stuckle.jerry@gmail.com> - 2023-05-19 23:55 -0400
              Re: 2D array by POST liz@poppyrecords.invalid.invalid (Liz Tuddenham) - 2023-05-19 20:38 +0100
                Re: 2D array by POST "J.O. Aho" <user@example.net> - 2023-05-19 23:58 +0200
                Re: 2D array by POST Arne Vajhøj <arne@vajhoej.dk> - 2023-05-19 21:42 -0400
                Re: 2D array by POST liz@poppyrecords.invalid.invalid (Liz Tuddenham) - 2023-05-20 08:56 +0100
                Re: 2D array by POST Stefan+Usenet@Froehlich.Priv.at (Stefan Froehlich) - 2023-05-20 08:53 +0000
              Re: 2D array by POST Jerry Stuckle <stuckle.jerry@gmail.com> - 2023-05-19 23:54 -0400
        Re: 2D array by POST Arne Vajhøj <arne@vajhoej.dk> - 2023-05-19 21:30 -0400
          Re: 2D array by POST Jerry Stuckle <stuckle.jerry@gmail.com> - 2023-05-20 00:06 -0400

csiph-web