SQL Injection?

[batman1]

Is that the entire page? From what i am seeing once you hit that page an email will be sent.

+ I dont see the use of an SQL there.

[focus]

Is that the entire page? From what i am seeing once you hit that page an email will be sent.

+ I dont see the use of an SQL there.

Apologies for the misleading title.



Misson if i was to use a captcha i would need to change the ordering pages to .php and since theres alot of pages it would seem that the website would be half .html and half .php. Would it best to change the whole website to use .php extention or doesn't it really matter?

[misson]

Just change the files that must have dynamic content to PHP; leave those with static content alone. If you're concerned about appearance, you can support extensionless URLs with either content negotiation:

Code:

Options +MultiViews

or rewriting:

Code:

RewriteEngine On

RewriteRule \.(php|s?html)([/?#].*)?$ - [L]

RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^/?(.*[^/])/?$    $1.php [L]

RewriteCond %{REQUEST_FILENAME}.shtml -f
RewriteRule ^/?(.*[^/])/?$    $1.shtml [L]

RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^/?(.*[^/])/?$    $1.html [L]

Both make it easy to make readable public URLs.

With a well designed site, you only need a single script to generate the various order pages. This is a major advantage of using scripts: you only need to write a few scripts that generate all the site's pages.

[focus]

Am i able to link the pages as below?

HTML_Form (Java Validated) -- > captcha.php --> Form gets sent to Mail --> Success_Message_For_User.php


At the moment i have form.html and formsend.php

What i'm trying to do is to keep the html form pages which include javascript and add a captcha before an email is sent...


From what i've seen so far the captcha usually goes on the form.html which should be changed to form.php. I want to know it i can put it in between as it would save me from re-editing the whole website.

[misson]

While adding the captcha as a separate page would make it easier for you, it will make the process clunkier for your users. Your users should come first.

You don't need to rewrite every page, since you don't need a page for every product. One script can cover the order form, and another for product info.

HTML_Form (Java Validated)

Do you mean javascript? They're different and unrelated languages. You also better have server side validation in addition to the client side.

[focus]

You don't need a page for every product. One script can cover the order form, and another for product info.

So just to confirm... Your saying that product info (multiple pages) should all be linking to the same order (i understand how to do this) or 1 order form and 1 product info page should be created and they get the information from somewhere?

Also if it is that I have 1 order form that the product info pages use, how can i change the image that is sent to mail and displayed on the confirmation page?

For example say you have

Shoe 1:
<a>Picture</a>
Product ID
Name
User Details

Shoe 2:
<a>Picture2</a>
Product ID
Name
User Details

how do i dynamically display the different pictures?

Below is a link of a page that I want to add a captcha to just to get a better idea.

http://getstepping.com/test/16615.html

[misson]

Store product information, including sample image URL, in a database. Anytime you need to generate a page that includes information about a product (such as the order & product info pages), fetch it from the DB. You only need one script for all product info pages. For more on how to do this in PHP, read "Writing MySQL Scripts with PHP and PDO". If you're not familiar with relational DBs (the most common DB option), read the suggestions in "where to begin?" and

• Good Resources for Relational Database Design
• Relational database theory and SQL book recommendations?
• How should a programmer learn great database design?
• Database Design Best Practices
• Best Book for a new Database Developer

Make sure you take security into consideration when creating you DB access layer.