How to secure this PHP e-shop script ???

[nster]

Hello guys,
i need your help, especially i 'll appreciate it most from the many experience users that i see that exist over here !

I want to make a simple online-shop (eshop) using PHP & Mysql . After lot of time searching on the web, finally i found this very good tutorial => http://www.thewatchmakerproject.com/...-shopping-cart that makes it real

But, but.. i read the code and comments and finally use it in my local apache server and it worked allright ..BUT, when i when up to the browser 's toolbar and i tried to change this : http://localhost/cart/cart-demo/cart...ction=add&id=1

to this
http://localhost/cart/cart-demo/cart...tion=add&id=-1

it started to add values, books for the instace even that am giving a negative number..

the worst ?

when i tried to change this :
http://localhost/cart/cart-demo/cart...ction=add&id=1

with this one :
http://localhost/cart/cart-demo/cart.php?action=add&id='1
or with this one :
http://localhost/cart/cart-demo/cart.php?action=add&id='

the whole system of this e-shop script "collapsed" ..i mean it started to give me ERRORS and book added without i to choose them..

From my medium knowlege on these issues i understand, this is a security issue.. i cant imagine what can hapenned if i use it on my web site as it is now..

My question is about to help,
help me please to firstly, understand the problem , secondly teach me how to fix it, so that i can learn the vunerabilities of this script and finally build up a secure as it is possibe e-shop with this script

I want to learn !
plz be kind

am waiting for your answers with huge interest !

Thanks in advance !


* ..you can download the code from the tutorial web site that provides this script the .zip file in the end of page so that you can test it your self and see what i mean !

[AYYASH]

The basic security rule is "every information that comes in or out your application is not allowed except what you permit".
You need to check your code and find what parts that handels query string values. Add more strict filters to define if the values you're getting through query string are true compared to what is in the data base (or any other source) or not. If every thing is true then implemnt the rest of the code. If not, stop the code and switch the user to the error page.

[ScriptMan]

If I understood what you asked, the reason your program crashed is BECAUSE you used the '. The single and double quote characters are reserved and serve definate functions within php. Yo can not use them in this manner.

A well writen script will have traps built in the disallow or parse out the reserved characters.

[TheFriend]

http://www.php-resource.de/scripte/b.../E-Commerce/1/
http://hilfe-center.1und1.de/ipaymen...payment/1.html
That's everything for help.....

[Capo64]

make a function that returns whether or not an item exists depending on its ID and make your cart code look something like this:

Code:

case 'add':
  if (itemExists($_GET['id'])) { //itemExists would be your func that returns true if an item exists in the db
     //rest of your code here
   }
break;

[Boogle]

Your main problem seems to be validation here; good client-side validation will stop this being a major problem,

Always validate as much as possible before sending anything to the server!