A friend of a friend wanted to know if I could help refine her website a bit. She runs a small business and would like visitors to be able to order stuff from her through her website. I told her I would look into it and let her know if I was unable to give her what she wants.

What would be involved with setting one up? Is there anything I should be careful of?

Depending on how complex you want to make it, I would say just start by using Paypal Standard's "Buy Now" buttons. The other option would be to use a shopping cart system like Zen-cart or osCommerce for solutions that you would host yourself or FoxyCart as an example of a solution that is hosted by them (it does cost around $16/month though).

Hope this helps.

Setting up something like that becomes complex because of things like tracking orders, tracking items in the cart, storing accounts (or something like accounts, if they don't actually register), etc.
However, none of it is particularly hard, just complex.

The only real danger with it is dealing with credit cards. If a normal website is hacked, then you lose the information in the database, users may be annoyed for a day or two while you reconfigure things, and that's about it. If credit cards are involved, things can be a lot worse and much more serious.
So, if you are doing credit card orders, the best way is to use an external service, even though it is not so "professional" looking. You could try to make one yourself (and the big sites do), but you'd need a lot of support behind it for it to really end up secure.

Thanks, both of your suggestions are very helpful. I think I will look into the paypal option for small businesses. Setting up payment system on my own may be doable, but even if I am careful, and I will be, the idea of accidentally creating something that is vulnerable to attacks makes me a little too uneasy.

If you were to make something yourself, be sure you get a PCI compliance scan to test for these vulnerabilities.