Shopping cart other than OSCommerce?
kdk at daleco.biz
Wed Dec 8 23:07:42 UTC 2010
Chuck Swiger wrote:
> You don't magically get immunity from SQL injection by using
> JDBC or EOF or whatever, but using bound variables in queries rather
> than feeding user input into raw SQL, or invoking stored procedures
> or user-defined functions instead will mitigate one of the more
> common security problems.
And these practices are "Good Practice" in any language, including
PHP. I think a big part of PHP's problem was that in order to have
it widely adopted and to be thought "simple enough for $ME to use",
the documentation was written in simplest terms, without these
types of checks, and inexperienced coders adopted similar practices
to write working sites. The real problems with PHP are its ubiquity
(not unlike M$ operating systems ... it's an omnipresent target) and
the fact that many of the people writing it come from a "design"
background instead of a programming one. A man who has no inkling
of the existence of carnivorous animals will not build his house in a tree.
More information about the freebsd-questions