I've been asked by a mate to design a site for his new (and so far flourishing) business. He's currently only selling his products by mail order and wants a complimentary internet shop to match. I have some experience in site building having built 6 or 8 sites using HTML and CSS to give some effective results. I studied C, Unix and ADA at University a number of years ago. I have also recently built a site (for a different mate) using HTML, CSS and successfully integrated it with her Paypal account.
So, I am now stuck with a choice...
Choice A: Install osCommerce (or similar) as supplied by my web hosting company and trawl endlessly through the code making the necessary changes to get a site. I have breifly tried this and have come across a number of stumbling blocks. Firstly, I'm put off by the whole REGISTER_GLOBALS security risk thing. Secondly, the version of osCommerce supplied by my webhost seems to have some bugs in it as when I try and add new products for example the PHP code cannot find the product images etc etc. Thirdly, it does seem to be a little over the top for my mates purposes as (for example) he will only be selling his products to british market and therefore using pounds sterling as the only currency. All in all, it seems like a very tedious way to get a shop running for him.
Choice B: Start from scratch in building my own shop using PHP and MySQL, which again I have installed courtesy of my webhost (along with phpMyAdmin). I am not phased in the slightest by the coding aspect (as like I said I did some at Uni a few years back and have read a few books about PHP and MySQL recently) but have so far been unsuccessful in getting SESSION variables to work correctly. (POST and GET variables are working but, I'm wary of the security risk.) The other main problem with this option is "where to start". As far as I can tell I need a database with tables for customers, products, delivery charges etc etc and scripts to add new products, add new customers, edit products, change stock levels, search for products etc etc, but do I set up the database first or start writing the PHP scripts first? I really don't want to start down this route if at some point I have to start completely again because I neglected to write a certain script or create a certain table that I should have done earlier in the design process. A bulletpointed list of "what to do and when" would be really great. This option seems to be my prefered one, but if it's going to take me three years to build it then my mate's business will have gone broke by then!
Lastly, after the shop is built how do I go about making transactions secure? Does my mate need to set anything up with his bank as it seems unlikely that he's allowed to just take peoples credit card numbers without any verification or guarantees that he's not going to take more money from his customer's accounts than he's due for the transaction.
Any advice that anyone has would be most welcome.