Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Building Online Stores with osCommerce

samzenpus posted more than 8 years ago | from the sell-it dept.


Stephanie Brain writes "Have you ever considered building your own online store and entering into the booming e-commerce arena? If you have, you may have come across some of the many open-source software available for downloading from the Internet. One of the most popular of these is OsCommerce which has been developed since March 2000 and has a full team of staff dedicated to its development. It is overseen by the founder, Harald Ponce de Leon and today there are around 6000 live, registered OsCommerce sites and 70000 registered community members, many of whom are active on the OSC forum you can log on to. This forum can provide a wealth of information when you come up against any obstacle when developing your own OsCommerce website." Read the rest of Stephanie's review.

Back in October I started working with someone who had already downloaded the OSC software and had the basis of an online store installed. I will be running the store, however my first task was to change the whole look of the site and make improvements to it before launching NetTechShop properly. Having read the OsCommerce blurb which promotes the simplicity of using OSC, I felt sure that I could quickly get to grips with the "simple" programming language of PhP and HTML and have the site ready in a month or two. I was sadly disappointed! By the end of November last year I was getting desperate, having spent hours making modifications to the coding on the database only to either break the site completely or find it had not made one jot of difference to the look of the site. I searched in vain for OsCommerce For Dummies.

My pain was somewhat relieved when I discovered that a book was going to be published on OsCommerce by Packt Publishing and I put my order in immediately and breathed a great sigh of relief.

Strangely such a book has been lacking until now. You can find plenty of books about Php programming and MySQL or HTML, but try to find a book which is easy to understand for someone with less than a University or College IT qualification background and about OsCommerce in particular and you will search long and hard.

David Mercer's book is the book you have been looking for and is available in either a beginner's or professional edition. It is written in a straightforward, easy to understand manner, yet does not compromise on technical knowledge and provides all the essentials of getting your website up and running with OsCommerce.

The book covers: installing MySQL, PHP, Apache and OsCommerce and testing them, configuration and customization of your store, working with data, taxes, payment and shipping, securing your store, installing more advanced feature using contributions from the OsCommerce website and deployment and maintenance of your site.

Before going onto the technical aspects and explanation of OsCommerce, Mercer explores the whole area of e-Commerce, what is required of a website store to make it a success, the arguments for using an open-source solution such as OsCommerce and the decision making issues any business faces when deciding if OsCommerce is right for them.

This manual was everything I hoped it would be and with its many illustrations, including screenshots of the files you will be changing on an OsC website, I found that anyone with even the most basic understanding of website design, would be able to get to grips with designing a website store using OsCommerce. I had the professional edition and found it really easy to just dip into when I needed to know some aspect of the design process. The book's content is well laid out, in manageable chunks with bold headings, which are clear about the content and the index is comprehensive.

One of the things I really liked about the book was that it addressed the problems, error messages and frustrations you are likely to come up against in the process of building your OsCommerce site. Those were the things that made my head spin the most before I got the book and although you should be able to find out about many of your error messages and problems on the OsCommerce forums, it can take quite a time to search and plough through all the replies. It is much better to find the most common problems in one place with practical solutions.

Another important chapter which is covered in depth is the installation and testing of a payment module. The most popular of these, Paypal is covered in the book and detailed instructions are given on how to get it working correctly, again something which sounds easy on paper, but can cause endless problems if you do it wrong. There are other payment providers and gateways which can be integrated onto your OsCommerce site by installing other so-called "contributions" from the OsCommerce website and Mercer explains fully how to download these contributions and get them functioning correctly.

I am sure that this book will prove to be an essential resource for anyone contemplating starting an online business with open-source OsCommerce software and hopefully will avoid them spending wasted energy in the initial stages just trying to figure it all out. After I received my book, the only wasted energy I spent was wondering why the front cover was emblazoned with juicy oranges!"

You can purchase Building Online Stores with osCommerce from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×


Eh (2, Insightful)

bj8rn (583532) | more than 8 years ago | (#14844387)

How come the books reviewed here are always rated 8, 9, or 10? Some of them must surely be shittier than that.

Re:Eh (1)

PTBarnum (233319) | more than 8 years ago | (#14844418)

Probably because people feel motivated to review the books they like, and not the ones the ones that sit on their shelf and never get used.

Re:Eh (1)

bj8rn (583532) | more than 8 years ago | (#14844685)

There are books that I use a lot, and would recommend to others, yet I don't necessarily rate them all that high. Heck, I'd probably even review them on Slashdot, if I found them suitable for this site (which I don't). Yet I wouldn't score them higher than, say, four out of ten. Or maybe three. What I would do is, I'd point out the absolutely brilliant bit that made the book worth its price for me, and explain that it's really worth it, even though the rest of it is crap. But I'd never give it 8 out of 10 just because that one part was "just brilliant".

They don't. (-1, Redundant)

CyricZ (887944) | more than 8 years ago | (#14844432)

There was recently a review [] of Patterns in Game Design. It got a 4.

Re:They don't. (1)

larry bagina (561269) | more than 8 years ago | (#14845757)

that was a typo. It should have read 4/5.

Re:Eh (1)

bgog (564818) | more than 8 years ago | (#14844444)

Ahhh but since these are reviews that volunteers write they only write reviews for things that are worthy. If you worked for a newspaper then you'd get assigned books of varying quality. I a slashdotter reads something shitty they usually burn it or run away, instead of spending time reviewing it.

Re:Delicious cunt? (0)

Anonymous Coward | more than 8 years ago | (#14844504)

I am still looking for pictures...

You need to learn the Slashdot Book Rating System (0)

Anonymous Coward | more than 8 years ago | (#14844855)

> 9 - Definitely read this book.

9 - Read the book if you are particularly interested in the subject.

< 9 - Avoid the book.

Perhaps it's changed... (4, Informative)

swimmar132 (302744) | more than 8 years ago | (#14844413)

But I last used osCommerce back in it's 2.2 days (t o build [] ). Doing modifications to the PHP / mysql code was absolutely painful. Horribly painful. There was hardly any separation of logic from the presentation. It was all a jumbled mess.

Then I discovered [] and life is now good!

Re:Perhaps it's changed... (2, Informative)

markrages (310959) | more than 8 years ago | (#14844495)

No, it's still terrible.

Re:Perhaps it's changed... (5, Informative)

flipper65 (794710) | more than 8 years ago | (#14844513)

Unfortunately it hasn't. There is really no concept of MVC in OSCommerce or it's branches like ZenCart. We tried to use both for a client project and ended up using Miva because of our inability to fix one area without breaking another. It's a bit hard to comprehend how a book can abstracts OSCommerce from php and mysql and still be relevant.

Re:Perhaps it's changed... (1)

swimmar132 (302744) | more than 8 years ago | (#14844541)

The first version of Gamefest was done in Miva, but this was just after they switched to a compiled version, and I had a hell of a time customizing anything.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14844573)

Any Miva developer should be able to get their hands on the Miva compiler, but if you're talking customizing Merchant itself, you need to stick with an uncompiled ( 4.15) version...

Re:Perhaps it's changed... (1)

swimmar132 (302744) | more than 8 years ago | (#14844514)

In defense of osCommerce, though, I was able to get [] up in and going in maybe two weeks after switching to osCommerce (and away from Miva merchant).

So, it does allow for a quick and easy store. It was just that customizing it was hard (back then -- perhaps stuff has changed since 2003/04).

Shopify -- [] -- is looking interesting now as well, and is also built using Ruby on Rails.

Re:Perhaps it's changed... (3, Interesting)

drinkypoo (153816) | more than 8 years ago | (#14844578)

I don't know how it holds up in the security department (though I'm soon to find out) but there's an ecommerce module for drupal that provides something like 10 payment modules and 6 or 7 product types including subscriptions, digital downloads, physical products, and bundles of some or all of these. It supports both paypal and paypal pro APIs, as well as practically everything else. The best part? It's SUPER EASY to set up. You just create some bits of db schema (IIRC) and turn on some modules and bingo, you're up and running.

Re:Perhaps it's changed... (1)

flipper65 (794710) | more than 8 years ago | (#14845074)

I agree with you completely, as long as you don't need customization in the business logic then OSCommerce is a fine product, it's in custom implementations that you will have issues.

Re:Perhaps it's changed... (1)

Serveert (102805) | more than 8 years ago | (#14844528)

We need an open source nicely designed 3 tier e commerce J2EE solution. Merchantspace approaches that but it's closed and not as nice as it could be.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14845486)

You can try ofbiz -- I had a look at it a few weeks ago. It seems ok. The documentation isn't the greatest, but there are lots of features including payments, inventory, workflow engine. It seems pretty sophisticated. I couldn't get it working with jdk1.5 however -- only works with jdk1.4

So, whats the easiest then? (0)

Anonymous Coward | more than 8 years ago | (#14844607)

Ok so maybe this should be an ask slashdot or maybe there is a past ask slashdot but I am here now, so here goes.
What is the simplest way of creating a small online store that can have a basket and use paypal, etc. I ask because
a friend who has a very specialized retail store wants an online presence as well. The look of his site is very
important, it must be clean simple and aesthetically pleasing.

Once it is up and running is it easy for a layperson to add / remove items?

This has all fallen in my lap, and I want to give my friend some good advice as the last
person he hired set up a shitty site in dreamweaver and took him to the cleaners for money.

Re:So, whats the easiest then? (1)

tokamoka (859800) | more than 8 years ago | (#14844968)

a) Write your own - Best if you can be bothered
b) Paid for budget software such as Pinnacle cart [] - Best if you can't be bothered, and/or it needs to be maintained by a non-techie.

With all paid for software, it'll be difficult to get it *very* different from the default layout the first time round unless you are prepared to put loads of time into learning the software *and* layout.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14844623)

I had the same problem too, there is some very strange up code in there...

If you just want to runa shop with their default settings it is fine, but if you want to change anything be prepared for a lot of pain and thinking WTF!>?!!?

I ended up writing my own shopfront baceuse theirs was too limiting, plus we encountered a bug which I couldnt track down because of the tangled mess that is their code.

There are some nice attempts to sepertae code from logic, but it fails really miserably.

Scrap it and start from fresh with something more managable.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14844722)

It still is the 2.2 days . . . .

Re:Perhaps it's changed... (2, Insightful)

nettechdiva (957377) | more than 8 years ago | (#14845047)

Seems like you are all being a little hard on OsCommerce. The point is it is open-source software and totally free. You can set up an online store and have a customer frontend and an administration backend, unlimited products and categories, lots of useful tools such as invoice creating, easy backup of database and supports many currencies and languages. Many different payment gateways can be added to the site by downloading one of the many contributions some of the software developers who support OsCommerce have made available.

Yes it's easier to get a web developer to do all these things for you, but it will cost a whole load of money, which many business start-ups cannot afford.

Surely it is worth taking time to try to work it out?

osCommerce for now, build better for the future (2, Insightful)

markjugg (21992) | more than 8 years ago | (#14845076)

Sure, using RoR or Perl's CGI::Application [] framework will lead to cleaner code.

The appeal of osC is the 2000 contributions that are available for free as extensions. Having helped several people set up stores with it, basically whatever customization people want, someone else has already made it and published it for free, so there has been a very low cost to get started with osCommerce for each store.

Still, I agree it can be painful and scary to work with. I miss automated test suite, like I'm using to building based on Perl's Test::WWW::Mechanize. It pains to me to hand apply a patch that doesn't come as a diff, but a series of instructions like "Around line 23, notice this code and add this line....".

In the short term, I support osCommerce for pragmatic reasons. For the longer term, I encourage developers to continue to build cleaner solutions from the ground up. For Perl, see Handel [] as a starting point.

Re:Perhaps it's changed... (1)

kv9 (697238) | more than 8 years ago | (#14845126)

Then I discovered [] and life is now good!

how exactly did RoR help with the "jumbled mess" and lack of "separation of logic from the presentation" from osCommerce? did it automagically refactor the code for you? or are you living under the impression that all PHP is written like that?

Re:Perhaps it's changed... (3, Interesting)

swimmar132 (302744) | more than 8 years ago | (#14845260)

Rails enforces (or at least STRONGLY encourages) clean separation of code responsibilities. Combine that with smart code generation (of unit tests, directory structures, skeleton files, etc), easy unit testing, the elegancy of Ruby, and yeah, it saved me. As a pet project, I rewrote the bulk of [] from scratch in two weeks using RoR, including importing the data from the osCommerce site.

I know that there is much better PHP code out there than what's in osCommerce, my comment wasn't about PHP. It was about osCommerce and its difficulties.

Re:Perhaps it's changed... (2, Informative)

jasondlee (70657) | more than 8 years ago | (#14845612)

For what it's worth, CakePHP [] lets you the same thing RoR does, without having to learn Ruby. Having said that, the "this php app is horribly written. Thank goodness for this completely different framework and language that are not an e-commerce package" comment is a bit of a non sequitur if you ask me, and I think that was kv9's point [] . jason

Re:Perhaps it's changed... (2, Interesting)

DanLake (543142) | more than 8 years ago | (#14845226)

I used OSCommerce about a year ago to make a store front for my wife's greeting card business. I actually thought it was quite easy to modify and customize. I downloaded several add-ons from the osc forums and patched my install to add features. I do have to agree that once you have modified the code to your own needs, it becomes IMPOSSIBLE to do any further patches in an automated way. You literally need to download the original code again and diff it with the patch, then manually apply any needed changes to your own code. There is very little seperation of function and presentation. Overall I still recommend it because it has many features, is easy to install and update as long as you take ownership of it once you get it going. There is a huge support community that will help you with code changes, and you can make the thing look completely unique to your style. Check out my store at [] and see a simple design that is quite different from the base install.

Very Painful software (2, Insightful)

Knertified (756718) | more than 8 years ago | (#14845231)

In the last month I have downloaded this software and spent countless hours building it from scratch. There is no template management system and everything is a mix of PHP and HTML. Every php file is a HUUUUGE collection of nested IF/THEN/ELSE's. I can't even imagine what the programmers were thinking. The image caching was also corrupting the images randomly. If you "purchase" a template like i did, its actually all the PHP files just rewritten. I ended up just scrapping it and moving over to x-cart last week. Yeah it set me back $400 but It must have 100x more features and also has 100x less headaches. It also uses smarty templates.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14845513)

Then I discovered [] and life is now good!

You site is still a jumbled mess.

Re:Perhaps it's changed... (1)

Not The Real Me (538784) | more than 8 years ago | (#14845841)

You're being bypercritical of the OP.
At best his site is pretty ordinary for an e-commerce site.
At worst his site is pretty ordinary for an e-commerce site.

Re:Perhaps it's changed... (2, Insightful)

Eil (82413) | more than 8 years ago | (#14845766)

I haven't used osCommerce myself, but my cow-orkers have and they declare it to be one of the biggest, steamiest piles of bovine excrement that the open source world has ever seen.

What they considered to be the worst feature of osCommerce were its "modules". Like many software products, you can install "modules" for added functionality. There were dozens of "modules" available. Imagine our surprise when we found out that osCommerce "modules" were really just patches against the already horrible code base. Most, not all, went in cleanly on a brand spanking new osCommerce installation. However, these module "authors" hardly, if ever, verified that their mod^H^H^Hpatches applied cleanly with other patches already installed. The result is obvious: modules rarely coexisted with each other.

Which, of course, defeated the whole purpose of modules. We also found out that customers really don't take it all that well when you tell them that their website can only have one feature or another but not both. They take their business elsewhere.

We took osCommerce to /dev/null.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14845873)

Me too. Having used it for the last 4 years or so, I can't recommend it. Obviously, there are thousands of sites that do use it, and setting up a basic installation can be done with a couple clicks in cpanel.

It is a complete mess in so many ways. The database design is horrible, half the input ends up with extra /s, the devel team makes drastic changes, making backpatching difficult, the administration tools are unusable if you have more than a couple dozen items. I ended up rewriting all of the administration tools (using PEAR::DB)

At this point, I'm more or less locked into it, but if I had the chance to start over, I would use another solution or write my own e-commerce package.

Re:Perhaps it's changed... (0)

Anonymous Coward | more than 8 years ago | (#14845946)

I've done a few of these sites for others, and no, there is little seperation of logic and presentation.

The first thing I did when revisiting this software last year was to strip EVERYTHING out detabling as much as made sense and throwing it all back into css.

Once you have something like this, it can be customized pretty fast. I did a site for someone a few weeks ago and while a programmer would generally be needed to edit anything, I simply gave the design to one of my graphics people and he edited up the CSS and left it at that.

Its not a hard process, but I'm not going to give this code out because I might have opened a few holes into the software while testing it out -- the code doesn't make logical sense and there are areas repeated a few times and trying to reduce this, I might have weakened it and I'm not going to set my clients up for any disasters (though they have the code and know that its GPL'd and can do what ever they want with it).

Beyond all of this, you REALLY need to do your edits in some sort of IDE. To throw a rich text editor into the admin side of things, you have to put the javascript in one area, go into html-output.php, go into the box classes...add a new class...go into the categories page...and I think there was one more.

More or less, you find one area that needs hacked, do a global search, find the next file and keep working your way back. Once you understand how the site works, it makes sense, but the programmers really didn't leave a roadmap.

All in all, its not bad software -- just unorganized. Any decent programmer will figure it out without too many problems though -- but its sad that a programmer has to be the one that does the design work as it stands.

Yet another problem with OS, 99% of all programmers feel everyone else should be able to grok code at the same level as they do or they have no right to complain.

If a group of programmers wanted to take up the cause of editting this to be more presentational friendly, I'd be happy to help out with the task -- just not going to post anonymously regardless...

nigger turds (1)

Asshat_Nazi (946431) | more than 8 years ago | (#14844426)

do you like piss on thy while you suck my nigger cock? are you wanna of those pyhchotic fools crazy to the point of eating turds? It all keeps cracking up, I think I'm all fucked up. Am I paranoid, or am I just gay?

There are easier options (3, Informative)

oc-beta (941915) | more than 8 years ago | (#14844452)

With Yahoo stores, Ebay stores, Amazon shops, most SMB retailers will partner with them for their shopping cart needs. For the rest of us, this book is a good alternative.

Fraud (1)

Eightyford (893696) | more than 8 years ago | (#14844465)

For me, the biggest reason that I never got into websites that accept credit cards is because of the enormous amount of fraud that occurs. Maybe Google purchases will offer some protection without costing as much as paypal.

Re:Fraud (1)

nihilos (952955) | more than 8 years ago | (#14844712)

There are lots of things that people can do to limit the fraud they experience in online businesses. Most of it is really simple like checking the address and zip code on the account or the CVV2 numbers on the back of the card. Or, you can choose to not ship any orders to Nigeria, which will cut out a ton of fraud. Iwould seriously consider starting an online business if I had $600 laying around to get it off the ground. Yahoo! Merchant Solutions all the way.

Re:Fraud (1)

drinkypoo (153816) | more than 8 years ago | (#14845119)

Go to the gentoo page and click through to VR Hosting. You get a complete package with ecommerce, 50GB/mo, 5GB disk, 5 mysql dbs, email, blah blah blah for like $7/mo. At least, that's what they charged me. I Dunno about the security (as I said earlier [] ) but you can use the drupal open source CMS with the ecommerce module to get a super easy storefront integrated with a CMS, but they also have something already set up and ready to customize and use.

Re:Fraud (1)

Eightyford (893696) | more than 8 years ago | (#14845225)

Interesting. Do you have a working site yet? I'm thinking about starting an greating card website where you can preorder the next 10 anniversaries and holidays so you never forget.

Re:Fraud (1)

drinkypoo (153816) | more than 8 years ago | (#14845327)

Yeah, but it looks like canned ass right now because I'm in the middle of dicking around with sIFR and figuring out theming. I'm also still trying to remember how CSS works - I just became a webmaster on Monday and it's been months since I've messed around with web content besides typing slashdot comments in xhtml :D

In the last month or so, I've taught myself [basic but quite functional] javascript, ASP, and learned about several CSS features I've never used before. Right now, I'm about to delve into browser hacks because I have a page that (oddly enough) renders properly in IE5.5 and Mozilla but not IE6. Yet.

Anyway, drupal is a doddle to set up, including for vhosts which it handles on its own. You can install modules and themes either to the whole system (in the drupal root) or to a specific site (under sites/site/{themes,modules}). I'm using 4.6.x (4.6.5 now) because some of the modules I want the most haven't been ported to 4.7.x yet. You just slap it into place, and edit as little as one line in a config file to get up and going (besides creating a mysql db and importing the schema.) The ecommerce module install is literally as easy as that; just drop it in place, import the schema additions (if any) and enable the module. I'm pretty sure it has some schema, but not all modules do. Most modules that create new node types (it makes several) have some schema, but again, not all.

Drupal requires php4 or 5 and mysql. Oh, they claim it supports mysql, msql, or postgres, but most modules are mysql-only and some depend on data types and/or features which have no direct analogue in postgres (for example) so a port is nontrivial, if not horribly difficult. You will want the GD and mbstring extensions to PHP loaded.

Re:Fraud (1)

mustafap (452510) | more than 8 years ago | (#14844720)

>accept credit cards is because of the enormous amount of fraud that occurs

I wouldn't worry too much. You post on slashdot; you must be a little savvy. You just have to be careful which sites you use.

Buying porn from an xxx site? Yes, kiss your card details goodbye.
Buying some hardware from a new source? You'll check them out first.

It's the vast number of complete fools out there who have the problems.

Re:Fraud (1)

larry bagina (561269) | more than 8 years ago | (#14846017)

He was talking about the merchant side of things. As a consumer, if your cc is stolen and you get a $10,000 bill, you'll spend some time on the phone, but you won't end up paying it.

As a merchant, if you send out $1000 worth of goods and it turns out the cc was stolen, you have to eat it.

Get a credit card from a major bank (Re:Fraud) (0, Offtopic)

VP (32928) | more than 8 years ago | (#14845051)

Major credit card issuers like Citi offer one-time numbers for safe online shopping. Also, major credit card issuers will not hold you repsonsible for fraudulent charges (unless you made them).

Re:Get a credit card from a major bank (Re:Fraud) (0)

Anonymous Coward | more than 8 years ago | (#14845723)

Major credit card issuers like Citi offer one-time numbers for safe online shopping. Also, major credit card issuers will not hold you repsonsible for fraudulent charges (unless you made them).

For the consumer, yes. But then they chargeback the seller. Since the discussion is about being the seller, fraud very much matters.

Link... (2, Informative)

bgarcia (33222) | more than 8 years ago | (#14844505)

OsCommerce website []

PCI Compliancy (2, Insightful)

Wyndo (263536) | more than 8 years ago | (#14844532)

Is it built in a way that lets it pass PCI Compliancy testing? That's a big deal since last year, and many of us with eCommerce merchant sites are still struggling to comply with the myriad of rules and restricts imposed by Visa and Mastercard.

Re:PCI Compliancy (1)

swimmar132 (302744) | more than 8 years ago | (#14844579)

What's PCI Compliancy?

Re:PCI Compliancy (2, Informative)

hal9000(jr) (316943) | more than 8 years ago | (#14844765)

To Quote "CISP compliance is required of all merchants and service providers that store, process, or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. The Payment Card Industry (PCI) Data Security Standard offers a single approach to safeguarding sensitive data for all card brands. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs." Everything you wanted to know about Visa's Cardholder Information Security Program. []

Re:PCI Compliancy (2, Informative)

Wyndo (263536) | more than 8 years ago | (#14844735)

In a nutshell, it's a set of requirements applicable to any merchant who processes credit cards online. It's something driven by Visa and Mastercard, in their efforts to fight fraud. In my opinion, it's *way* too dramatic, requiring such a large number of points as to make it impossible for most smaller merchants to ever really comply. It's not optional, either. If you accept Visa and Mastercard, you have to be PCI Compliant. The amount of business you do can affect which compliancy level you have to meet, thankfully, but with even just 20,000 transactions a year, you're a level 3 merchant with a big self-questionaire to fill out, and quarterly penetration/intrusion scans required.

If you're entire site uses a separate service, such as PayPal, then it's PayPal's responsibility to be PCI Compliant (and they are). But if you accept credit cards on your own web page, even if you're shuffling it off through a gateway behind the scenes, this is something that affects you. It's not optional. Unfortunately.

Some of the requirements include the types of passwords that can be use, force-changing on a regular basis, the requirement to review logs regularly, your database and web server must be separated with a hardware firewall between them, unused services should be disabled, you can't use FTP and Telnet (insecure) without very good (and documented) reason, you have to sanitize all credit card info and you can *never* store CVS/CV2 or magstripe data... the list is huge.

If you accept credit cards at your website and you're not already certified as PCI compliant, technically Visa and Mastercard can shut you down (stop you from taking credit cards at your web site). They can also fine you in large amounts (thousands of dollars), although I'm told this doesn't generally happen unless there is actually a security breach.

Here's some more info: []

hax (1)

FFON (266696) | more than 8 years ago | (#14844555)

yah, the popularity of osCommerce and the realitive ease of install (much like phpBB) really lets this become a great hax0r target.
installed once, never updated... thats a recipe for disaster.. i know that if your admin was worth her salt, she'd be on the updates like stink on my underwear.. but alot of ppl who install these quick/easy web apps don't have the time/experiece to keep things update. YMMMMMMMMMMMMMMVVVVV

Re:hax (1)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14844742)

yah, the popularity of osCommerce and the realitive ease of install (much like phpBB) really lets this become a great hax0r target. installed once, never updated...

The problem with keeping osCommerce "up to date" is that they do not separate design from logic (templates), so it is impossible to customize your site from the default without editing A LOT of code. Combine that with any "mods" you install, once you get to the point where you have something that is useful and presentable, it just isn't practical to up date when it's synonymous with starting from scratch.

Re:hax (1)

RickPartin (892479) | more than 8 years ago | (#14845121)

This is the same problem I have with allot of pre-made php applications like this. There is always one or two mods that have me rooting around in source code changing things. Then I'm afraid to ever upgrade anything because I'll break everything. Someone needs to come up with a solution for this.

Re:hax (1)

netkid91 (915818) | more than 8 years ago | (#14846009)

Drupal's module and theme system already makes this possible, but....anyways....

OSCommerce is painful (0)

Anonymous Coward | more than 8 years ago | (#14844558)

OSCommerce put a certain job I did way overbudget. It's open source and really nice, but a lot of features that are vital are only available through add-ons. Checkout without a registered account, multiple sizes of image previews (thumbnail, medium, large), a site map, and the use of different storefronts with one database were all aggravating. If they merged a few of the best contributions into the baseline, they wouldn't all conflict and drive people mad. There are a few companies that offer to merge in your desired features and from what I can tell it's a vital and necessary service. I can and will use oscommerce for future projects, but only because I have a solid baseline now. If I had the time and didn't need every little contract, I'd fork their work. It's great, but falls short in key areas and so far as I can tell isn't really moving fast feature-wise.

Harald Ponce de Leon. (0)

Anonymous Coward | more than 8 years ago | (#14844586)

'nuff said.

Not this webmaster (1)

CasulPoster (705596) | more than 8 years ago | (#14844617)

I run and work with a lot of web development firms, and the out-of-the-box solutions for eCommerce are usually a nightmare - osCommerce included.

They do quite a bit, but they're a NIGHTMARE to customize to a particular site. Forget leaving it up to your designers to implement the layout -- while they do use Smarty templates (wise choice) for their frontend, the code is sloppy and difficult to work with.

osCommerce, bad for developers (4, Informative)

spazoidspam (708589) | more than 8 years ago | (#14844625)

osCommerce is great if you don't plan on modifying any code. Its really easy to set up and get going. However, if you plan on making large modifications to the code, you are in for a special treat! The code is a gigantic mess, very very painful to read. I had a customer that wanted to use osCommerce, but they wanted to make the site look like their old shopping cart, which was proprietary. Lets just say that it would have been easier for me to build them a new shopping cart from scratch then to modify osCommerce enough to make it work for them.

Re:osCommerce, bad for developers (1)

mellon (7048) | more than 8 years ago | (#14844797)

Actually, I would say that it's roughly a toss-up whether it's easier to rewrite it or hack it, which is even worse, because every time you sit down to make a change, you have to revisit the question of whether or not you ought to rewrite the damned thing.

It would be really nice to just rewrite the thing in a decent language, with a bit of structure and clarity, and maybe some useful debugging information. But because it basically works, it hasn't happened yet.

Re:osCommerce, bad for developers (2, Insightful)

tsm_sf (545316) | more than 8 years ago | (#14844808)

What I ended up doing was writing a bit that would inject item info from my layout and database into the OSC one once a person added the item to their cart. Not real elegant, but it works well. The frustrating bit is that OSC is hands-down the best open cart program I've seen.

Re:osCommerce, bad for developers (1)

nb caffeine (448698) | more than 8 years ago | (#14844809)

Ugh, tell me about it. I work at a fulfillment house that ships products for ecommerce folks, and one customer had their site setup with oscommerce. Writing an integration between our servers and their shopping cart, even just setting it up to send and receive SOAP messages was a PITA. Too bad I didn't take the time to write a module to do that, so now its code mods everytime it gets changed... bleh

Re:osCommerce, bad for developers (2, Insightful)

02bunced (846144) | more than 8 years ago | (#14845275)

I know what you mean!

I did an osCommerce site for an artist ( [] ) and modifying the layout was a nightmare. Because of the fact there is no separation between PHP code and layout, it is a case of traversing through nearly 50 jumbled files and manually changing many lines. It is a thing I never want to repeat EVER.

Zen Cart (1)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14844628)

osCommerce is a mess. The best thing to do is opt for the fork, Zen Cart [] .

Re:Zen Cart (1)

mellon (7048) | more than 8 years ago | (#14844838)

Er, Zen Cart is OSCommerce, just with a lot of mods. Warts on warts. Unfortunately, switching to ZenCart won't make your maintenance life any easier, although if it has the features you want, it's not bad. My main complaint about ZenCart is how much useless crap there is in it that hardly anyone will ever use. The ZenCart developers are supposedly working on a rewrite; having learned in the crucible of OSCommerce, perhaps they will in fact produce a nice clean replacement. I'm looking forward to seeing what they've done. 'twould be nice if they rewrite it in some language other than PHP.

Bullshit. (1)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14844957)

Er, Zen Cart is OSCommerce, just with a lot of mods.

No, it's is a "fork" in which much of the code base has been extensivly rewritten. But it's still crap next to Interchange []

Re:Bullshit. (3, Insightful)

firebus (49468) | more than 8 years ago | (#14845152)

interchange rocks, but the learning curve is STEEP - much steeper than oscommerce, although once you make it to the top you've learned yourself a nice extensible system instead of a giant mountain of crap like OSC :)

add to that the extreme unhelpfulness/bitchiness of the mailing lists/core devs, lack of 'how do i get started' documentation, and the lack of modules to support many payment methods (afaik, there's still no good, supported, paypal option!) has always discouraged me from using IC.

my sense is that the core devs are more interested in charging folks to install/integrate IC than they are about making IC accessible to the public. i don't have any beef with that - it's a great project. but you really can just drop in OSC and have a crappy, ugly, but working store. you can't do that with IC, which is why OSC has the market share.

Interchange (3, Informative)

IMightB (533307) | more than 8 years ago | (#14844647)

I have always preferred Interchange [] over osCommerce. It has a bit of a learning curve, but is so much more powerfull and flexible that it puts any other OSS eCommerce package to shame.

osCommerce to me has always seemed to me like a "Your Mom can set it up and maintain it" type of application. And therefore has many issues when you try to do more advanced types of layout and flow.

Re:Interchange (1)

mapnjd (92353) | more than 8 years ago | (#14844889)

Mod parent up.

Interchange is a very powerful solution, but like the parent said: steep learning curve! We had a contractor in at work for our Interchange project, and you might like to consider that option too.

FYI: At one point Red Hat funded it (for good or bad I don't know).

Re:Interchange (1)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14844920)

Interchange is a steller OSS package. Doesn't get much press, but by far the best "free" one out there.

Re:Interchange (1)

The_One_And_Only_Ice (662182) | more than 8 years ago | (#14845104)

Agreed... I used Interchange to set up an ecommerce site for my employer ( back in 2002. Since then it has become our internal wholesale order entry interface, tied together our accounting system and CRM software, and become our business reporting suite and warehouse application.

Unfortunately, the reasons why it is so powerful are the same reasons why it has a high learning curve and a lot of people get turned off of using it.

Language? DB? (1)

Dareth (47614) | more than 8 years ago | (#14845657)

What language is interchange written in? What databases does it support?

Searched all over their homepage. Lovely demo, but nothing on language or database support anywhere.

Re:Language? DB? (1)

The_One_And_Only_Ice (662182) | more than 8 years ago | (#14846025)

First sentence on the about page...

Interchange is an open source commerce server and application server/component application, written in the Perl programming language.

And since it's written in perl it supports whatever database you can access with DBI.

We can't have "solutions" like this. (-1, Troll)

CyricZ (887944) | more than 8 years ago | (#14844686)

Products like this lead to a serious problem for many software developers, especially those who feel that quality and security are paramount concerns when deploying a product or service.

I cannot, in good conscious, recommend the use of PHP for anything serious, due to its poor history of flaws. I especially cannot recommend the use of it for a product that will be collecting sensitive or private information from users, especially when said information is financial in nature.

Thus while it may provide a quick and easy solution, it only ends up causing problems for those of us developers who care about creating solid, secure, and quality systems. The cost of even one individual's private information being thieved due to an insecure system (potentially caused by poorly written PHP software) far outweighs the ease of use benefits.

Re:We can't have "solutions" like this. (5, Insightful)

CastrTroy (595695) | more than 8 years ago | (#14844827)

As bad as the bugs are in PHP, I'd have to say that the biggest thing you have to fear with ECommerce sites is badly written code in any language. A well written site in PHP is much better off than a poorly written site in J2EE. Most of the insecurity problems with ecommerce sites are due to bad coding, and not the underlying technology used.

Re:We can't have "solutions" like this. (2, Insightful)

pnatural (59329) | more than 8 years ago | (#14845050)

As bad as the bugs are in PHP, I'd have to say that the biggest thing you have to fear with ECommerce sites is badly written code in any language.

I have to disagree with this. What you're saying is "PHP sucks but everything sucks because you can write bad code there, too." Of course bad code can come in any language; the point isn't about other languages, it's about PHP and the serious lack of attention to detail.

The recent XMLRPC security flaw comes to mind -- that would have (probably) never happened in the python, perl or ruby communities because those communities are security-minded and therefore attracts like-minded people.

Put another way: PHP is sloppy and attracts sloppy developers to work on it.

Re:We can't have "solutions" like this. (1)

Limburgher (523006) | more than 8 years ago | (#14845036)

Simply because it's simple to write insecure code in PHP does not mean PHP is insecure. It's also terribly easy to write secure code in PHP. It's also easy to write insecure code in most other languages, PHP simply has a lower entry bar, akin to HTML, and so in addition to quality software you get . . . well . . . crap. But that's not the languages's fault. If you want contrasting examples of the potential for PHP security, check out PHP-Nuke (horrid) Drupal (far better). Drupal devs have actually been known to write code that patches over flaws in PHP itself, the few times they occur.

osCommerce is OK ... but! (1)

drpimp (900837) | more than 8 years ago | (#14844701)

After hours of tinkering. I decided to go with a paid solution. I have been using Sunshop [] by Turnkey Web Tools for all of my e-commerce projects.

You've got to be kidding me (3, Informative)

tokamoka (859800) | more than 8 years ago | (#14844717)

OSC embodies pretty much everything that people say is wrong with PHP development. I'm sure they (the OSC devs) are a well meaning bunch, but if you ever want an example of spaghetti code, go download the source and book a week off. If you even consider using it, well good luck with altering the codebase in any significant way - you'll (almost literally) need it. What irks me most is that people will look at this and think that all PHP apps are this badly/painfully written. Believe it or not (and contrary to the general Slashdot line), with PHP5.1 it's actually really easy to write pretty good looking (from a programmers perspective), functional *and* maintainable OOP/MVC webapps provided you understand the above core concepts of OOP/MVC. OSC needs to be taken into a quiet room and shot, just like the rest of the old PHP4 apps.

Link To The Software? (1)

Scarletdown (886459) | more than 8 years ago | (#14844738)

This sounds pretty useful. However, the article only seems to give a link to a book. How about a link to the actual software please?

Re:Link To The Software? (1)

Scarletdown (886459) | more than 8 years ago | (#14844790)

Disregard. Somehow I had my settings set to show no comments, and thought no one had posted any comments yet.

Looks like someone else already did post the URL to osCommerce. Thanks. :)

Re:Link To The Software? (3, Funny)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14844801)

How about a link to the actual software please?

Google? Maybe the name of the app joined with ".com"? Would you like me to wipe your ass, too?

Re:Link To The Software? (0)

Anonymous Coward | more than 8 years ago | (#14844981)

Please do. Use the moist wipes, please.

I run osC and I hate it (3, Informative)

drhamad (868567) | more than 8 years ago | (#14844890)

osCommerce seemed like a nice, easy, powerful solution when I decided to install it. Instead, it has been more of a pain than it's worth.

A store with no ability to do coupon codes? (Without massive modification, which can't easily be done if your store is already running)

I find it loses orders sometimes
I've never gotten shipping to work right - hard to do shipping cost per item (with different items having different costs) per country (or even, just North America v. International, per item).
Admin panel navigation is... strange, to say the least. Once you go into the pending orders, and leave, you can't then go back to just pending orders - you have to go to all orders (unless yous tart back on /admin/ ).

Generally it's just inflexible, even with all the plugins you can put in.

Re:I run osC and I love it (2, Interesting)

derrickh (157646) | more than 8 years ago | (#14845192)

I was able to get coupon codes up and running in less than a day on my heavily modified site. 'Massive' modification and changing a few files are 2 different things.

Shipping is nowhere near as complicated as it is for other sites. There are more than a few cart applications where stores just spout 'FREE SHIPPPING' because they couldn't figure out how some goofy table sytem. OsCommerce is a lot easier.

THe admin menu isn't the greatest, but so what? It's just a bunch of links so you can always create your own.

I've worked with at least 10 different carts and OsCommerce is by far the most flexible and easiest to set up/maintain.

(btw. buy something from []

Re:I run osC and I hate it (0)

Anonymous Coward | more than 8 years ago | (#14846143)

hi, there should be a drop-down box in the orders page where you can show all orders or only orders, pending orders, shipped, etc.

Have you ever considered... (1)

edmicman (830206) | more than 8 years ago | (#14844923)

"Have you ever considered building your own online store and entering into the booming e-commerce arena?"

Yes, until I realized I have nothing to sell. Booming or no, mine would be an empty storefront. Same with my blog and forum. PHP/MySQL/free software is great and all, but I find that it languishes unused and underutilized for the most part.


You see what Harald wants you to see (4, Insightful)

stevel (64802) | more than 8 years ago | (#14844925)

First off - I love osCommerce. I run a web store using it, have written several popular contributions and participate in the official forum. But the reviewer can perhaps be excused for thinking that there has not been a book on osCommerce before this - there are several. The problem is that Harald (or one of his minions) quickly removes from the forum any mention of any commercial product (book, add-on, service, etc.) relating to osCommerce other than those from his advertisers. Go to and search for "oscommerce" - you'll get many hits.

Also censored from the forum is any mention of other cart software, especially those derived from osCommerce such as Zen Cart and CRE. Want to show how to interface osCommerce to a free API that also has a commercial version? Censored. Want to talk about your experience with a web host or SSL certificate provider? Censored. I once had an extended exchange with one of the forum moderators who seemed to equate "open source" to "one source".

In any event, osCommerce is "not for wimps". A lot of people think the same way the reviewer did - that you download it, install it, and have an instant web store suitable for your customers. It took me about four months the first time to where I had something I would be willing to let customers see, and another year before I learned enough about it to customize it for the particular business and create something of a unique look. (I'm a software engineer with more than 25 years of experience and twenty or so languages under my belt.) You need to understand at least basic PHP, and some familiarity with MySQL wouldn't hurt either. One of the worst features is that making changes to the overall "look" of an osCommerce store requires editing some thirty or more source files.

The current version of osCommerce was released three years ago. A small set of bug fixes was released last November. There has been ongoing work on a "Milestone 3" version that appears to introduce significant incompatibilities with the current and popular MS2. Personally, I'm skeptical that MS3 will ever be released, and even if it is, I think that most of the current MS2 users will ignore it.

Again, I love osCommerce. It is great software and I do what I can to support the community. If you don't mind getting your hands dirty, there's so much you can do with it and hundreds of user add-ons and modifications. You should also look at the derivatives such as Zen and CRE. (These are two that come to mind, there may be others.) But if the letters PHP scare you, then you're better off looking elsewhere.

Re:You see what Harald wants you to see (1)

tokamoka (859800) | more than 8 years ago | (#14845137)

>First off - I love osCommerce.
>making changes to the overall "look" of an osCommerce store requires editing some thirty or more source files
Must be something in the water.

Re:You see what Harald wants you to see (1)

drinkypoo (153816) | more than 8 years ago | (#14845162)

The problem is that Harald (or one of his minions) quickly removes from the forum any mention of any commercial product (book, add-on, service, etc.) relating to osCommerce other than those from his advertisers.

This alone tells me all I need to know. If OSC could compete on its own merits, he wouldn't have to do this. There's more open commerce solutions out there than I have time to even install in a day. I'll pick something else.

osC good example of bad open source (0)

Oz0ne (13272) | more than 8 years ago | (#14844958)

osC is great as long as you want to take what they give you out of the box and do nothing else. The moment you want a feature it doesn't have, or to change the look a bit, it becomes a nightmare. It is simply a badly designed web program as far as customizability/expandability. That's not to say that it doesn't have merit, many people don't care to customize anything, and want just a simple solution.

I'd liken it to phpBB and nuke/postnuke

OSCommerce = Spaghetti - Eeew!! (5, Informative)

Spy der Mann (805235) | more than 8 years ago | (#14844972)

Beware those who want to use OSCommerce, you better wait until version 3 is out, or else.

Current version (2.2MS2) is worthy of being designed by the Flying Spaghetti Monster: There are no tiers, SQL queries are embedded in the middle of HTML output - and there are tons of similar queries around different modules - so if you want to change one SQL, you'd have to SEARCH FOR and change ALL OF THEM. I'd recommend you to start using printf with the thing.

Also, the same php file is used for both displaying and validating input fields, and there are tons of duplicated functions across the whole thing.

OSCommerce apparently doesn't know that there is something called "associative arrays", and there is very little OOP in there, but most of it is used to implement very primitive data objects (which, btw, could be replaced with a single associative array).

If that wasn't enough, you can't search and modify input fields or tags, you have to use the predefined functions tep_draw_input_field, which aren't very user friendly either.

Some of the configuration variables aren't defined in PHP, but stored in SQL tables so you'd have to modify the original SQL or add new configuration variable manually if you want to add a field to a table.

The input fields for the admin section aren't stored in associative arrays, but are hardwired among the HTML code (which makes the html output functions a hinderance rather than a help).

So if you want a version that looks *JUST EXACTLY* like your typical OSCommerce site, and don't plan to add ANY NEW features, sure, go ahead, use the prefabricated store. But if you plan to add any field, table, or whatever,
I strongly advise to wait for v3, or to rewrite the whole thing using your favorite multi-tier framework.

Want to change the HTML? Good luck! The thing isn't standards compliant, and was written when nested tables were the norm. For spaces, there's the classical spacer gif consuming your bandwidth.

OSCommerce, is, IMHO, an example of "Open Source gone wrong". Instead of being the work of a community, with strategic planning and all that, it's the work of one man who did it his way, and later open sourced it.

As for security, the credit card info is stored unencrypted in SQL tables, and the admin section can only be secured via htaccess. That means the password is sent unencrypted unless you really know apache security and know to implement it the right way.

Thanks, but no thanks.

Re:OSCommerce = Spaghetti - Eeew!! (0)

Anonymous Coward | more than 8 years ago | (#14846035)

I have been using oscommerce for years, and all I can say is ditto.

State of OSC / Zencart (3, Informative)

tjic (530860) | more than 8 years ago | (#14845058)

I run Technical Video Rental [] .

We recently (five weeks ago) switched to a Zencart based storefront. For those who don't know, Zencart is an OSC fork.

Apparently Zencart is much cleaner than OSC, which makes me shudder in fear at the idea of OSC's source code.

I like nice, clean, documented, tested code.

Zencart is a mess. The documentation is close to non-existent, there are no comments, there's no MVC distinctions, we found several major security holes in a code audit before going live, weird little UI bugs abound (e.g. in the admin interface when you edit a customer's addr, you're *forced* to specify his phone number, or you can not proceed), there are places where code chunk A generates SQL, then passes it to code chunk B, which passes it to C, which *LOOKS AT THE SQL* and edits it, then executes it.

With code like this, try editing an SQL query just a little bit, and you get a complaint on a web page with error messages pointing to an entirely different place.

On the "security" topic, I note that once we got a demo of Zencart installed on a testing machine, with the tell-tale URL (<machinename>/catalog), I started noticing that a lot of the phishing spam I was receiving directed folks to <domainname>/catalog...yes, the phishers were using hacked OSC accounts, which they had (presumably) gotten into through SQL injection attacks on OSC.

This is not to minimize the work of the OSC and Zencart developers - either package is a huge improvement over nothing...but if you want to do surgery on the code, it's a disaster. At Technical Video Rental, we need to track individual serial numbers of copies as they go in and out, and we needed to present sets of videos in a certain way.

This work took two pretty darned good software engineers (me and the CTO of the company) about four man weeks.

I'm not going to say something inflammatory and stupid like "I could have written an operating system in less time", but four man weeks is a pretty major investment of time to do something fairly simple like this.

We're doing a lot of interesting stuff with the code base: we've spliced in WordPress for the corporate blog, I'm writing some AJAX stuff right now to allow customers to report problems with their orders from the order status page, etc.

...and the more we hack on it, the more we think "there's got to be another way".

There's a good chance that over the next 6-9 months we'll end up preserving the OSC/Zencart db schema and data (for continuity with the running site), and dumping major components of the package.

To boil it down: I give OSC / Zencart a grade of "C minus". It's like a decent looking house with a lot of rot inside the walls. As long as you're content to never look inside the cabinets or crawlspaces, you're OK, but once you do some poking, or decide to add an addition, you'll realize how much work you've got in store, and you'll start to wonder if you should just buy a new house.

passed on osCommerce (1)

mcguyver (589810) | more than 8 years ago | (#14845431)

My company passed on osCommerce. When compared against other commercial products, the cost to customize osCommerce outweighed the purchase of a better, commercial solution. For us, that was [] . Everyone's mileage may differ but it seems like the most prevelant complaint about osCommerce is the unexpected cost to customize it. You're going to encounter this anywhere. Fortunately for us, spending money up front did decrease our overall costs.

oscommerce (0)

Anonymous Coward | more than 8 years ago | (#14845469)

Check out .. this site is based on oscommerce (with a ton of custom work under the hood) ... probably one of the largest OSC sites out there in terms of revenue (its in the millions). I built this with a team of grad students while working there. It was a bit to get up and going .. but after hacking it to fit our exact needs, it worked pretty well.

OSComm sux bad (0)

Anonymous Coward | more than 8 years ago | (#14845704)

unusuable garbage

Stay away from OSC! (1)

jasonsfa98 (648370) | more than 8 years ago | (#14845944)

I played with OSC a long time ago and I walked away wishing I had those 2 weeks back. Recently I have been asked to play with it again and it's still not fun. I administer Better Bike Parts, Inc. [] and it is a HUGE headache meeting customer needs. The code is almost impossible to understand.

Go with something like X-Cart. The $200 will be well worth it.

Do yourself a favor and do not use osCommerce (1)

Aaron Isotton (958761) | more than 8 years ago | (#14846022)

I have not read the book, but I'd like to comment on osCommerce. I had the questionable pleasure of setting up and customizing a shop using osCommerce. Installing - I admit - was a breeze, but what followed was the worst experience EVER.

osCommerce was programmed without any planning, thought or clue of anything; the code is hardly documented or commented. After a few weeks I started to understand how it all works, and believe me: I have never seen anything this big programmed so badly. I am talking about osCommerce 2.2 Milestone 2, which still seems to be the current version.

It starts with HTML: CSS is hardly used, most is inline - hard coded between the logic of course - and it is full of things like "&nbsp;" for horizontal or transparent gifs for vertical spacing. The level of table nesting achieved by osCommerce is beyond belief. Having four nested tables full of SPACES just to "indent" some text is not the exception, but the rule.

There is no template system (unless you call the ridiculous 'define' things they do for i18n a template system); logic and presentation are completely mixed, and a pain to edit thanks to some code lines which are several hundred characters long.

There is no abstraction layer to the database; most work is done directly using SQL. The DB layout is a nightmare, and the queries are painful to look at and even worse to work with.

Code is repeated all over; each and every page starts and ends with the same code. There's a reason people invented such difficult-to-grasp concepts as 'functions' or 'design patterns', but the osCommerce developers seem not to have noticed.

Extensions and patches are generally available as zip archives; incredible but true, the tools 'diff' and 'patch' seem to be unknown in the osCommerce world. The extensions/patches generally consist of a few PHP files and a README - often several pages long - saying things such as 'copy file a.php to catalog/admin/includes; then edit line 303 (the one after the long comment) of catalog/includes/classes/functions/some.file and replace every usage of 'x' by 'y'; then alter the table SOME_TABLE in MySQL...'. You get it.

There are tons of features - such as 'specials' or 'extras' and similar - which are integrated deeply enough to be a real pain to remove or deactivate if you don't need them; you'll have a hard time until you've rooted out the last trace of them.

osCommerce is a classical example of a program which started small (such as 'joe random hacker's simple and easy shopping cart'), and was then gradually 'extended' and 'patched' without foresight until it became the horrible beast it is now.

I will never do anything with osCommerce again. Ever.

Buy it here! (0)

Anonymous Coward | more than 8 years ago | (#14846107)

Save yourself some money by buying the book here: Building Online Stores with osCommerce [] . And if you use the "secret" discount [] , you can save an extra 1.57%!

Zen-Cart option (1)

duffer_01 (184844) | more than 8 years ago | (#14846128)

Although, I can not comment on osCommerce, I can comment on (which I belive is built off of osCommerce).

I would definitely consider myself a beginner to php. I personally found that this was not important since the forums at had specific answers to everything I needed to know to tweak my pages. They spell out the pages you need to modify and specifically which values need to be changed. I mean my grandmother could do that.

Now perhaps osCommerce does not have the community backing to give this type of feedback, and if that is the case then perhaps you should be looking at a different option.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account