willpower

is the $id being set with this proces. echo out your sql to check. Will

Thanks all for your input....I may sleep a little easier tonight.

I think that my point is being lost here. So firstly i'd like to reiterate it...then respond to the last post. My question is how do you protect the situation im in....not how do i start again. In response to Glydes comments::: no one said anything about storing a guest users address in the DB...until the order is being processed. So the guest id is simply a sesion var that is set and tracks orders places in a cartdb against that user. if they proceed to checkout they HAVE to enter their billing and shipping. This is then stored and HAS to be for back office purposes. The question is how do i prevent SQL injection and attacks such like, not about confirmation to current Data Protection Laws in the UK. Which, incidentaly, the site does conform too.

SO do we all concur that EVEN with a user having DELETE rights to the table...if I use myql_real_escape_string() I'll be ok?????

There is a login function, however the client wanted users to be able to buy, with or without login. So ulitmately any tom dick or harry can come along and place an order. My concern is when the go to complete an order they have to enter their billing/shipping addresses. Now These are stored in a table against a guestid that has ben assigned to them (in the background) to suuport their cart fucntionality. It is this input of addresses etc that is where my vunerability lies. And it is here that I really need all the help I can get.Massive product tables and high value items. I dont want some 13yrs old injecting a DROP table on me or worse!!! Thanks all for reading....I appreciate all thoughts on this one!

thanks for the info. the admin thing aint relevant unfortunately...as these are shoppers which have to administrate their own DB in essence. Does that make sense?

Have a shopping cart DB I originally only gave Select and Insert rights to the 'cart' user. As my application developed I realised I needed to grant additional rights ie UPDATE so as orders could be updated and finally DELETE so as orders could be removed. NOW Clearly this opens me to major vunerabilities. I wanted to have you all share your thoughts on the following. a) How do you , in a similar situation, grant user access to DB's and b) add functions to your form data handling to prevent SQL injection.

is there an actual image0.jpg...whats in it? I cant se where you set the background colour. havent time to test...but those are the 2 things i'd check. Will

i always use references. y would you have to change things everytime a page changes?

we'd need to see your code to understand where it comes from before we could remove it!

np...it was a TEST lol...not an ommission....honest!

what about something like for ($character = 65; $character < 91; $character++) { echo chr($character);

Yes...These imagae functions WILL work. Juct check that you have the DG lib installed first. After that it is a case of opeining an image(or creating a blank one)...adding to it....returning the finishhed result.

;P

Learning PHP eh...good on you. Ok heres my small input. Forget the books...as you never really learn real life examples. a couple of years ago I was in exactly the same position. I have 2 premises to work from. 1) If it involves a computer...then it CAN be done. 2) If i can articulate my question...then the teaching I need is on this forum. Live your programming life by these principles....and you'll go far.

i know nothing about these examples, however i have built my own intuative script. NOW...and its a biggy You can have it BUT a) the site must be well structured in terms of its directories and subdirectories and b) the copyrigt notice STAYS in place. give me some examples of links in your site and I will either post it directly or post it with amendments to help Will

or invest in a program like phprunner ...look it up!

post your form and php

Ok. 1 have you tried google for Method not allowed. First thing you should always do. 2 What have you tried to fix the issue 3. Have you contacted the webhost since it is your server that is not allowing the post. 4. Move directories of the form. No explanation as to why....but this worked for me. 5. Begging will get you nowhere 6. All of our problems are important.

Captcha images such as that dont increase security as such....but they do stop 'robots' from form submission and I suppose in that sense it does add a small level of security. What we really need to do is validate and check that the user input does conform to certain rules. Now it is advisable...but if this script had curled your toes...then..well...its up to you. Perhaps best to PM.me or email me and we can develop a script for you offline. Let me know what you think's best. By the way i have written a 'captcha' script which would allow you to customise the images and fonts used to provide a bit of creative flexibility to your site. Will PS you'd never catch me in front of a camera

read my post! i gave you code and you dont seem to have used it. You have PHP and HTML mixed together.

Ok well its not awful...and with a few tweaks you'd see some much better results. start by adding some more white space between the image and the text.

Are you serious? Really what do you think about it. From a design point of view...it lacks any interest and is hard on the eye. Layout is minimilistic to the point of childish. And the company who have done it...is that you too...cant spell solution in their graphics...never a good sign. I'll stop there before i have a cardiac arrest thinking that someone has made money doing this site Will

see he loves ya now....just like the rest of us!

redarrow...if you want her form look at page 1. she has a link to it