Database Security

[damiancds]

Hey everybody,i've got a few quick questions (relatively simple) about php and mysqli'm very new to mysql and only a few days experienced with php, but I'm learning, soi'm working on a website (obviously) and i'm making a login, account part of the website and i wanted toknow how secure it would be if i were to have login/register pages add to and check the database and base the whole account system on php and databasesalso, how would i go about keeping users logged in for more than one page (i don't know much about sessions yet.)Is there a more efficient/secure way of making a member/account portion of a websitei'm asking this because i plan on using it for checkout/cart system and i think it will be somewhat easy to manage with databasesi've looked at things like zencart and oscommerce and i'm not sure if that's how i want to do it.thanks for any input.

[jlhaslip]

php and Mysql are very secure, but I need to place a condition on the need to have the coding done properly for both the php and the mysql. Rule #1 - Never trust user input. Rule #2 - Validate all data for all conditions.Rule #3 - Plan on having attacks against your database, whether by mistake or on purpose.In light of Rule #3, I would suggest that the scripting of a checkout/cart system is not suggested for a first PHP Project. There are simply too many possible attack points and security methods to overcome. Rookis Programmers simply qare not aware of the methods to use to offset the attacks. I suggest you install a proven secure software. Especially for any Cart that uses on-line banking systems. You might be better off to connect to Paypal or some other on-line Transaction processor for handling the Cash.

[damiancds]

php and Mysql are very secure, but I need to place a condition on the need to have the coding done properly for both the php and the mysql. Rule #1 - Never trust user input. Rule #2 - Validate all data for all conditions.Rule #3 - Plan on having attacks against your database, whether by mistake or on purpose.In light of Rule #3, I would suggest that the scripting of a checkout/cart system is not suggested for a first PHP Project. There are simply too many possible attack points and security methods to overcome. Rookis Programmers simply qare not aware of the methods to use to offset the attacks. I suggest you install a proven secure software. Especially for any Cart that uses on-line banking systems. You might be better off to connect to Paypal or some other on-line Transaction processor for handling the Cash.

Most definitely, i planned on using a payment gateway because my father wants to be able to accept credit cards and what not, there was no way i was taking responsibility for other people's information like credit card numbers and other stuff for my part on the php i was just saying like having a item selection page (catalog) and when they click add to cart it would change over to the processor or something like that. but for right now i'm only worried about having accounts for people, later i was going to worry about order history and that stuff

[Enthusiastic Student]

Hi damiancdsWith regards to having a cart and keeping users logged in over multiple pages you should look at sessions. There are a lot of extra options in sessions which can increase security, but first the basics must work.Remember to have session_start(); on every page they visit (if you use php).Hope it helpsEnthusiastic Student