From owner-freebsd-questions@FreeBSD.ORG  Wed Dec  8 23:07:42 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1126A106566C
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Dec 2010 23:07:42 +0000 (UTC) (envelope-from kdk@daleco.biz)
Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18])
	by mx1.freebsd.org (Postfix) with ESMTP id BB4A78FC13
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Dec 2010 23:07:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by ezekiel.daleco.biz (8.14.3/8.14.2) with ESMTP id oB8N7eHw045148;
	Wed, 8 Dec 2010 17:07:40 -0600 (CST) (envelope-from kdk@daleco.biz)
X-Virus-Scanned: amavisd-new at daleco.biz
Received: from ezekiel.daleco.biz ([127.0.0.1])
	by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id TbCh+nDLn0CL; Wed,  8 Dec 2010 17:07:37 -0600 (CST)
Received: from archangel.daleco.biz (ezekiel.daleco.biz [66.76.92.18])
	by ezekiel.daleco.biz (8.14.3/8.14.3) with ESMTP id oB8N7YIC045142;
	Wed, 8 Dec 2010 17:07:35 -0600 (CST) (envelope-from kdk@daleco.biz)
Message-ID: <4D000FBA.8040908@daleco.biz>
Date: Wed, 08 Dec 2010 17:07:38 -0600
From: Kevin Kinsey <kdk@daleco.biz>
User-Agent: Thunderbird 2.0.0.24 (X11/20100504)
MIME-Version: 1.0
To: Chuck Swiger <cswiger@mac.com>
References: <3374599093-437630056@intranet.com.mx>	<DB1524B8-BBC3-446C-A72A-59E981DD29B3@mac.com>	<4CFED0D4.3090108@herveybayaustralia.com.au>	<BFB6697B-9EB5-456B-8C10-481C8DF174AA@mac.com>	<4CFF8A29.2030202@herveybayaustralia.com.au>
	<2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com>
In-Reply-To: <2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org,
	Da Rock <freebsd-questions@herveybayaustralia.com.au>
Subject: Re: Shopping cart other than OSCommerce?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 23:07:42 -0000

Chuck Swiger wrote:

> You don't magically get immunity from SQL injection by using 
> JDBC or EOF or whatever, but using bound variables in queries rather 
> than feeding user input into raw SQL, or invoking stored procedures 
> or user-defined functions instead will mitigate one of the more 
 > common security problems.

And these practices are "Good Practice" in any language, including
PHP.  I think a big part of PHP's problem was that in order to have
it widely adopted and to be thought "simple enough for $ME to use",
the documentation was written in simplest terms, without these
types of checks, and inexperienced coders adopted similar practices
to write working sites.  The real problems with PHP are its ubiquity
(not unlike M$ operating systems ... it's an omnipresent target) and
the fact that many of the people writing it come from a "design"
background instead of a programming one.  A man who has no inkling
of the existence of carnivorous animals will not build his house in a tree.

My $.02,

Kevin Kinsey