Website (re-)critique requested

Gazing into my crystal ball I observed Ian <rastallian (AT) gmail (DOT) com>
writing in news:h7ajta$ijf$1 (AT) news (DOT) eternal-september.org:

Quote:

Adrienne Boswell wrote:
Could you do something server side?

Okay, I understand what you mean now. Sorry for the confusing last
post.
You mean to put those flat files into a database, and call them up in
much the same way, but avoiding all the pitfalls of Ajax / JavaScript.
Yes, I completely agree. I just worry about security, because I get
the
impression that working with PHP / MySQL, when one is really just a
newbie at it, poses a good risk of SQL injection attacks. Ah, I guess
it's time to hit the PDF files.

Thanks to all the posters who gave their input. It has been
invaluable.

Ian

You can do tests server side to make sure that what you are getting from
the client is good, like if you're expecting a numeric value, and you
get alpha, reject it. Also mysql_real_escape_string is your friend.
Create a user with limited privledges (maybe just SELECT), and let the
WWW be that user.



--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

Thanks again, Adrienne. Also, I know it's off-topic, but is
"cavalcade-of-coding" a reference to Sideshow Bob's Cavalcade of
Whimsey? :-)

Ian
--
http://www.bookstacks.org/
http://mellowcricket.wordpress.com/

Gazing into my crystal ball I observed Ian <rastallian (AT) gmail (DOT) com> writing
in news:h7cmdb$1c7$3 (AT) news (DOT) eternal-september.org:

Quote:

Thanks again, Adrienne. Also, I know it's off-topic, but is
"cavalcade-of-coding" a reference to Sideshow Bob's Cavalcade of
Whimsey? :-)

Ian

No, it's more like the 50's TV show, Cavalcade of Stars, where Jackie
Gleason did a little sketch that turned into The Honeymooners.

--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share