Home

Although this site has been produced for specific courses and groups of students it is designed as a public resource. If you find it useful then please let me know.

If you want to comment feel free to do so and if you find something wrong get in touch.

hide alert

Building an ecommerce site using active server pages (lecture 4)

Written by: Jonathan Briggs

October 24, 2004 [5151 views]

This session will look at the technologies required to understand how an ecommerce site is built using Microsoft’s ASP technology. I have chosen this approach because so many students have PC’s with IIS and Access on them.

Alternatives such as PHP and JSP will follow a similar pattern but you will need to install Apache and the appropriate database software.

What are the components of a simple e-commerce site?
  1. Front end written in HTML
  2. Cookies to track customer activity
  3. Shopping cart
  4. Web server (http server)
  5. asp.dll (extension to http server to interpret .asp pages)
  6. ADO/ODBC connector (to link web server to database)
  7. Database
  8. Secure certificate to encrypt information passing between browser and server
  9. Relationship with credit card processor
  10. Email confirmation sender

There are many other components that may be part of a bigger system including search engines, customer recognition, order tracking and administration. Don’t forget the need for an offline fulfillment process!

Front end written in HTML
  1. This can be very simple or very sophisticated
  2. Should reflect the look and feel of the company
  3. Displays the products (usually with images) and uses FORMS to create buttons that allow items to be purchased
  4. Often these pages will be created using a content management system rather than by hand – in this case templates will be designed and these will be populated with content from the database.
Task:

You should be able to sketch out the pages for a typical business and describe the sequence of pages that will be visited during a transaction. This is often poorly thought through and reduces the quality of the shopping experience.

Locate product → Add to shopping basket → View order → Proceed to checkout → Complete customer details → Enter credit card information → Confirm wish to purchase → Send confirmation email

Although this is the standard route through an e-shop there are many variations and you need to tailor the experience to the specific client.

Cookies to track customer activity

HTTP servers are stateless – they don’t remember that you have been to a previous page and this makes the following of the above shopping sequence virtually impossible (without cookies). It would not be possible to tell that the credit card information belonged to the same customer as the products that had been indicated for purchase.

Cookies are small files of text information saved on the browser’s machine. The web page includes a command to tell the browser to save a cookie of the form name=value. Cookies are specific to a particular domain and cannot be read from another domain. That means that a cookie from playboy.com cannot be read by amazon.com or vica versa.

Cookies can have a limited duration (they expire) or can persist between sessions. Amazon sets a cookie when you log into their site. When you return it reads the cookie and personalises the page based on previous purchases. In this case, and many others, the cookie will simply store an ID with the rest of the information being stored in a database on the site.

Shopping cart

We can implement a shopping cart using cookies in which the product codes and quantities ordered are stored in cookies. As the customer browsers the product list he or she clicks on add to basket. A cookie is written to remember each product. It will be read on checkout! More usually a single cookie will be used to maintain the session state with the possible orders being stored in a current order list in the database on the server.

Web server (http server)

The web server is a relatively simple program that listens for HTTP requests for pages (URLs) and returns those pages to the browser. Active Server Pages are normally served by Microsoft’s web server IIS. The web server knows what pages to serve because of the URL. The file extension is also important as it indicates the type of file that is being requested. HTTP 1.1 introduced persistent connections in which all of the images and linked files that make up a page will be served without the connection being closed.

asp.dll (extension to http server to interpret .asp pages)

ASP pages require a server that understands ASP. This DLL extends the functionality of the server. When a file with a .asp extension is requested the DLL is called and asked to process the page before the page is returned to the browser. A .asp page can contain scripts that generate specific information such as the results of a search or as in this simple example a constantly updated time.

<% @LANGUAGE=VBScript %>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
<HTML>
<HEAD>
<TITLE>A simple ASP Example</TITLE>
<META HTTP-EQUIV=”REFRESH” CONTENT=”60; URL=CLOCK.ASP”>
</HEAD>
<BODY>
<% =Time() %>
</BODY>
</HTML>

Example adapted from e-Business & E-commerce, How to Program, Deitel, Deitel & Nieto, 2001, Prentice Hall.

ADO/ODBC connector (to link web server to database)

Active server pages can communicate with databases that understand ODBC (Open Data Base Connectivity – a protocol for talking to many different types of databases). This is normally achieved through ADO (ActiveX Data Object). ADO is a set of Microsoft objects that provide an interface to ODBC or alternative database connectors. It is alsp possible to make direct calls to the database using ADO if you have suitable database drivers on your database machine.

Objects include a connection object which establishes the connection to the database, a command object that allows queries to be assembled and run using the database connection and a record set object which returns data from the database.

For further information about ADO, alternatives and code samples see http://msdn.microsoft.com/data/

Database

Every e-commerce project will involve the design and implementation of a database. This could be a single table in Microsoft Access but is more likely to use MS SQL 2000, Oracle or MySQL.

The database will normally be designed, populated and tested using tools on a separate machine from that running the web server. It will normally also be deployed on a separate machine for both security and performance reasons.

A typical database for a retailer might support a catalogue table (products and their information), stock level table, customer table (customer details) and an order table (details of each individual order).

ASP pages will set up the connection to the database and return a list of appropriate products (eg latest offers) by forming a query in SQL (Standard Query Language) and passing the query to the database. A record set will be returned which will be converted into a HTML table using ASP, by formating the data as table cells while stepping through each record at a time.

Example code can be found at http://www.asp-help.com/database/db_tutorial1.asp and http://www.tutorial-web.com/asp/database/

Secure certificate to encrypt information passing between browser and server

Information passed between browser and server is insecure and it would be inappropriate for sending personal or credit card information over such a link. E-commerce sites must therefore cause the data to be encrypted before it is sent and this is achieved by using a secure connection.

This requires a modification to the web server to tell it to deal with secure information using SSL (secure socket layer). To offer SSL you need to install a security certificate that proves who is running the server and guarantees the encryption. These are available from a number of different trusted parties such as Verisign.

You will notice when you are using a secure site that instead of an http request the browser will now issue secure https requests and the secure status will be indicated in the browser window.

For an introduction to server security see the attached document or go to www.thawte.com.

Relationship with credit card processor

It is possible for a retailer to establish their own validation and payment system with a bank or to use a third party provider such as Netbanx or Worldpay. In the case of a small retailer using a third party is generally less expensive.

Netbanx handles the credit card payment by offering a secure form (customised to match the look an d feel of the retailers site) on its own site. Customers enter their details and these are checked by Netbanx. The customer is then handed back to the calling site with a indication of whether payment has been successful. It is up to the main site to deal with success or failure in an appropriate way.

A demonstration of Netbanx service can be tried at http://www.netinvest.co.uk/ncr/netbanx/demonstration.html.

Netbanx charges a set up fee and then a transaction fee for collecting the payment. This is on top of the normal credit card fees.

Email confirmation sender

To complete the transaction it is normal to indicate that the order was successful by displaying a page with the order and delivery details plus contact details if problems occur.

Very many sites will accompany this page with a confirmation email as this can be stored and printed. To enable this email to be sent the server must have an additional software component to send mail.

There are many such components such as Jmail at http://www.comsoltech.com/articles/asp/200011/howtosendemail/

Recent comments:

On October 26, 2004 at 11:20 AM, hamid habibi wrote:

Very informative however couldn't understand in order to make information more secure do we need to pay third parties?

On October 26, 2004 at 11:23 AM, Jonathan wrote:

You don't have to pay anybody to set up a secure server but you need to pay if you want a security certificate that will be trusted by your customers. Here is another link which might help explain.

http://thawte.herald.co.uk/

On October 26, 2004 at 8:39 PM, Jonathan wrote:

I have noticed that some of the ads being served on this article are for shopping carts from Application Service Providers who are also referred to as ASPs. This is a different meaning of ASP from Active Server Pages and refers to a service in which a company offers to host the ecommerce application on behalf of the store. It is worth looking at the different models which can be used to develop ecommerce solutions.

On October 27, 2004 at 8:21 AM, David Fretwell wrote:

The lecture was extremely helpful and so far I am enjoying this module very much. I have a few questions which you may be able to steer me in the right direction for.

1. I am trying to find a free content management system for use with a Entertainment revue site which is currently using static html pages however I would like to adapt it into a dynamic site. Preferably something that has support for an image gallery.

2. I have been using a cheap web server to experiment with over the past two years in the States for $9.99 per year. Very cheap however I would like to find something that is more powerful and has some support with it. If you or anyone out there could recommend a hosting company out there then please let me know.

That should cover it for now I think

Thanks for your help

David Fretwell

On October 27, 2004 at 10:30 PM, Jonathan wrote:

Hi David. I'd be tempted to look at some blogging software to start with - something like TypePad or Blogger if its mainly reviews - you can add images using hosted image servers such as Flickr.

I'm pretty pleased with Lycos for inexpensive hosting. They seem to understand the access I want to tools and the service comes with lots of software packages including some open source content management stuff like PHP nuke.

http://www.partnershop.co.uk/shop/1778/

On December 9, 2004 at 2:02 PM, Dietmar Zilz wrote:

It is no problem at all to use MySQL and PHP under Windows 98,NT,2000, XP Pro or Media Center. With tricks it even works on XP Home. The advantage with PHP is that you can build on Open Source packages such as www.oscommerce.org to build your stores.

What do you think?






Add your comments

Recent postings in this section

Site map | Copyright | Credits | Contact
© copyright 2004-2012 Jonathan Briggs. Content licensed under Creative Commons

 

Sound installation at Vauxhall Ragged School as part of London Open House

Sound installation at Vauxhall Ragged School as part of London Open House [Sep 20, 2009]

Photo blog

Search

About this site

This site is an educational resource, a research project and a publication channel written by Jonathan Briggs, Professor of eCommerce at Kingston University.
As well as being Professor at Kingston, Jonathan...

Read more

Creative Commons License
This work is licenced under a Creative Commons Licence

Interesting stats

Locations of visitors to this page