Skip to content

GiZano/php-secure-ecommerce-core

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
controller
controller
Β 
Β 
model
model
Β 
Β 
view
view
Β 
Β 
README.md
README.md
Β 
Β 
TODO.md
TODO.md
Β 
Β 
index.php
index.php
Β 
Β 

Repository files navigation

πŸ›’ Secure PHP E-Commerce Management System

MVC Architecture | Prepared Statements | SQL Transactions

PHP MySQL Bootstrap Security

πŸ“– About The Project

This project is a custom-built, lightweight backend system for managing an E-commerce platform. Developed primarily to demonstrate secure database interaction, the entire data layer is engineered using 100% Parameterized Queries (Prepared Statements) to completely eliminate SQL Injection vulnerabilities.

The application follows a structured MVC (Model-View-Controller) approach, separating the business logic, data access, and user interface into dedicated modules for better maintainability and code clarity.

✨ Key Features

  • πŸ›‘οΈ Security First: Strict implementation of mysqli_stmt for every single CRUD operation. No user input is ever directly concatenated into an SQL string.
  • πŸ”„ Atomic Transactions: Complex operations, such as creating a new order with multiple items, are handled via true SQL Transactions (begin_transaction, commit, rollback). This guarantees database integrity: if one query fails, the entire order is aborted.
  • 🧩 Advanced SQL Logic: Implements relational queries using complex JOINs, data aggregation (SUM()), and safe string matching (LIKE).
  • πŸ“¦ Inventory Management: Dynamic update of product stock quantities directly via mathematical operations at the SQL level.
  • 🎨 Clean UI: Responsive and user-friendly interface powered by Bootstrap 5, operating through a central routing hub.

πŸ—οΈ Architecture & Structure

The repository is organized following an MVC pattern:

/
β”œβ”€β”€ index.php                 # Main entry point and initialization
β”œβ”€β”€ controller/               # Routing and input handling
β”‚   β”œβ”€β”€ sorter.php            # Central router matching user actions to controllers
β”‚   β”œβ”€β”€ new_order.php         # Handles order creation requests
β”‚   β”œβ”€β”€ update_stocks.php     # Handles inventory updates
β”‚   └── ...                   # Other specific controllers
β”œβ”€β”€ model/                    # Database configuration and logic
β”‚   β”œβ”€β”€ db_config.php         # MySQL connection setup
β”‚   β”œβ”€β”€ data.php              # Core data access functions (Prepared Statements)
β”‚   └── ecommerce_db.sql      # Database schema and mock data
└── view/                     # User Interface
    └── home_view.php         # Main interactive dashboard (Bootstrap)

πŸ’Ύ Database Schema

The relational database (negozio_online) consists of 4 main tables handling the e-commerce flow:

  1. utenti (Users): Stores user credentials and personal data.
  2. prodotti (Products): Inventory registry holding prices, descriptions, and stock quantities.
  3. ordini (Orders): Tracks individual purchases, linking a user to a total spent amount and status.
  4. dettagli_ordine (Order Details): A many-to-many resolution table linking an order to its specific products, freezing the unit price at the time of purchase.

(Includes cascading deletes to maintain referential integrity when users or orders are removed).



Made with ❀️ by Giovanni Zanotti

About

πŸ›’ A secure, MVC-based PHP E-Commerce backend demonstrating 100% Prepared Statements, atomic SQL Transactions, and relational database management.

Topics

mysql php security ecommerce backend mvc-architecture prepared-statements sql-transactions

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages