Hello guys,
i need your help, especially i 'll appreciate it most from the many experience users that i see that exist over here !
I want to make a simple online-shop (
eshop) using PHP & Mysql . After lot of time searching on the web, finally i found this very good tutorial =>
http://www.thewatchmakerproject.com/...-shopping-cart that makes it real
But, but.. i read the code and comments and finally use it in my local apache server and it worked allright ..
BUT, when i when up to the browser 's toolbar and i tried to change this :
http://localhost/cart/cart-demo/cart...ction=add&id=1
to this
http://localhost/cart/cart-demo/cart...tion=add&id=-1
it started to add values, books for the instace even that am giving a negative number..
the worst ?
when i tried to change this :
http://localhost/cart/cart-demo/cart...ction=add&id=1
with this one :
http://localhost/cart/cart-demo/cart.php?action=add&id='1
or with this one :
http://localhost/cart/cart-demo/cart.php?action=add&id='
the whole system of this e-shop script "collapsed" ..i mean it started to give me
ERRORS and book added without i to choose them..
From my medium knowlege on these issues i understand, this is
a security issue.. i cant imagine what can hapenned if i use it on my web site
as it is now..
My question
is about to help,
help me please to
firstly, understand the problem ,
secondly teach me how to fix it,
so that i can learn the vunerabilities of this script and finally build up a secure as it is possibe e-shop with this script
I want to learn !
plz be kind
am waiting for your answers with huge interest !
Thanks in advance !
*
..you can download the code from the tutorial web site that provides this script the .zip file in the end of page so that you can test it your self and see what i mean !
How to secure this PHP e-shop script ???
Threaded Mode
