|
|
Posted by Jerry Stuckle on 07/16/07 22:06
Nooze Goy wrote:
> Jerry Stuckle wrote:
>
>> I wouldn't have put it quite the way Michael did, but I agree. If
>> you're not sure at this point, you're in way over your head.
>>
>> You will also have security concerns - for instance, google for "SQL
>> Injection". In fact, you could have that exposure already.
>>
>> What you're wanting to do isn't necessarily hard - but it does take a
>> good working knowledge of both PHP and SQL. And even then it will
>> take an experienced programmer several days (at least - depending on
>> what you want) to get it going for you.
>
> First, you (I think all of those who have responded thus far) are making
> at least one or two erroneous assumption: one, that I am not familiar
> with various security problems and/or that I am not aware of general SQL
> lookup issues including the "injection" exploits; another, that I am not
> an "experienced programmer" - in fact, I have written hundreds of
> thousands of "lines" of code. I put lines in quotes because the first
> fifty or sixty thousand lines were on tab cards. And while I am new to
> PHP, I can (or useta could, and probably could again if it became either
> necessary or worth while) write pretty f*cking complex code in several
> assemblers, FORTRAN, ALGOL, Pascal, C, C++, most variants of xBASE, and
> I've piddled around with Perl, a bit of JavaScript (and a little Java,
> and yes, I know they're not really related other than in name) and now
> PHP with databases ranging from flatfile tape-based roll-your-owns
> through SQL. I've also slung a fair amount of "job control" scripts from
> tab card days (does TOS ring a bell for any of you?) through various
> *nix, DOS and Win* shells... I'm not really sure where to stick such
> halfbreeds as XML and *HTMLs. The specific lookups (selects) I am using
> and expect to use are checked for at least more-or-less ordinary hackish
> content - e.g. quotes and keywords filtered out, et cetera... so while I
> certainly appreciate your (and everyone else's) concerns, I don't see
> this particular point as a problem area of any great concern.
>
> Second, I am also guilty of an assumption, albeit one which appears to
> be confirmed, namely that this is in fact not terribly difficult. If I
> thought it were, I wouldn't be spending my time doing it. Given that the
> entire effort is for a relatively small food co-operative with very
> little in the way of disposable funds (hire a programmer is definitely
> out of the question), if I thought this was a Big Deal, my immediate
> response would have been "F*ck 'em, let 'em learn how to save their
> %$&$#@ orders as text files, or they can come over and type 'em in with
> their own damn fingers."
>
> The bottom line here is that the mere fact that I'm old and ugly does
> not mean that I'm either stupid or incompetent. Humor me: pretend that
> you believe I might possibly be able to benefit from your assistance...
> or don't, and walk away.
>
> So, I thank you for your thoughtfulness in responding, and I appreciate
> your warnings, but I am going to proceed anyway, will ye nill ye.
I'm not making any assumptions about how much experience you do or do
not have. I'm only going by the questions you're asking.
The problem is your question is *very broad* - much too broad to be
asked here. As an experienced programmer, you should be able to design
and lay out the basics of your program, including the database, pages
you will use, etc.
Then when you come up with specific problems, i.e. "why don't these 10
loc work?", we can better help you.
And yes, I also understand they have limited funds and can't pay much to
hire anyone. But that's why the college student idea - they typically
will work for little or maybe even nothing, just for the experience.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|