|
|
Posted by Nooze Goy on 07/16/07 21:13
Jerry Stuckle wrote:
> I wouldn't have put it quite the way Michael did, but I agree. If
> you're not sure at this point, you're in way over your head.
>
> You will also have security concerns - for instance, google for "SQL
> Injection". In fact, you could have that exposure already.
>
> What you're wanting to do isn't necessarily hard - but it does take a
> good working knowledge of both PHP and SQL. And even then it will take
> an experienced programmer several days (at least - depending on what you
> want) to get it going for you.
First, you (I think all of those who have responded thus far) are making
at least one or two erroneous assumption: one, that I am not familiar
with various security problems and/or that I am not aware of general SQL
lookup issues including the "injection" exploits; another, that I am not
an "experienced programmer" - in fact, I have written hundreds of
thousands of "lines" of code. I put lines in quotes because the first
fifty or sixty thousand lines were on tab cards. And while I am new to
PHP, I can (or useta could, and probably could again if it became either
necessary or worth while) write pretty f*cking complex code in several
assemblers, FORTRAN, ALGOL, Pascal, C, C++, most variants of xBASE, and
I've piddled around with Perl, a bit of JavaScript (and a little Java,
and yes, I know they're not really related other than in name) and now
PHP with databases ranging from flatfile tape-based roll-your-owns
through SQL. I've also slung a fair amount of "job control" scripts from
tab card days (does TOS ring a bell for any of you?) through various
*nix, DOS and Win* shells... I'm not really sure where to stick such
halfbreeds as XML and *HTMLs. The specific lookups (selects) I am using
and expect to use are checked for at least more-or-less ordinary hackish
content - e.g. quotes and keywords filtered out, et cetera... so while I
certainly appreciate your (and everyone else's) concerns, I don't see
this particular point as a problem area of any great concern.
Second, I am also guilty of an assumption, albeit one which appears to
be confirmed, namely that this is in fact not terribly difficult. If I
thought it were, I wouldn't be spending my time doing it. Given that the
entire effort is for a relatively small food co-operative with very
little in the way of disposable funds (hire a programmer is definitely
out of the question), if I thought this was a Big Deal, my immediate
response would have been "F*ck 'em, let 'em learn how to save their
%$&$#@ orders as text files, or they can come over and type 'em in with
their own damn fingers."
The bottom line here is that the mere fact that I'm old and ugly does
not mean that I'm either stupid or incompetent. Humor me: pretend that
you believe I might possibly be able to benefit from your assistance...
or don't, and walk away.
So, I thank you for your thoughtfulness in responding, and I appreciate
your warnings, but I am going to proceed anyway, will ye nill ye.
Navigation:
[Reply to this message]
|