am just in the middle of my first shopping cart and wondered if anyone could cast their beady eyes over my checkout script.

my db structure:

TEMP_ORDERS (holds each customers cart whilst shopping)
ID, sessionID, productID, qty, date
ORDERS (only for complete orders)
ID, sessionID, orderID, productID, qty, total_price, date
CUSTOMER_INFO (only for complete orders)
ID, order_ID, first_name, last_name

this is what happens when they get to checkout.php:

they fill in a form with details and credit card number and click submit where they land on process.php which does the following:

1) check if sessionID exists in ORDERS - if it already exists exit (to stop people clicking on submit twice)

2) if sessionID doesn't exist in ORDERS, insert all info from TEMP_ORDERS into ORDERS

3) insert all customer info into CUSTOMER_INFO, using orderID to relate to the ORDERS table.

4) build payment gateway call (CURL) and get response from payment gateway

6) if payment OK, then
-> delete * from TEMP_ORDERS where sessionID = sessionID
-> destroy $_COOKIE['sessionID']
-> display printable receipt with full details of order

7) if payment NOK, then
-> display error message (with chance to edit form depending on error code)
-> remind customers that their shopping cart remembers its contents for 2 weeks if they wish to try again.
-> delete * from ORDERS & CUSTOMER_INFO

i do have a hiccup at having to insert the completed order details into ORDERS & CUSTOMER_INFO (points 2 and 3) before i confirm payment. i can otherwise see no way of storing them. could i simply store all info as an array in a COOKIE and then insert only if payment is confirmed?

i am sure there are also other things people with more experience might spot :-)

BTW i have to use cookies not sessions, because the products are being chosen from static html pages.

any help is much appreciated

(p.s. it is all https and uses transactions for data integrity)