note
theAcolyte
<P>Sorry for a pretty late reply to this post. While I agree with Tilly's post (using placeholders being a Good Thing) if your database is open to subjugation via sql injection, you ought to rethink a few things ...
<P>I don't have any "professional" programming education, but it became aparent to me on my first day of playing with mySQL that you ought to do two things when you have a database table storing credit card info on the web (or anything else that sensitive):
<UL><LI>Acesses that table with a mySQL user that ONLY has write access permission. You can even set up a 2nd db that has NO user with read permissions (no user that submits a web form). Also, I generally assume you would not chose to name the table of CC numbers something obvious like table_creditcards.</LI>
<LI>Encrypt the CC data in the table</LI>
</UL>
<P>I would imagine, even if you don't understand the idea of placeholders, or preventing a sql injection attack, this ought to stop many potential problems.
<P>BTW, if I'm completely wrong, and these steps accomplish nothing, tell me. :-)
<P>- theAcolyte
306983
306983