0

Im building a simple yet robust small e commerce site

what i wanna know is:

is it more safe and secure to add the mysql commands such as select add update delete in the same html form

or create another php file for that as a process?

example:

i have an add customer page

the file is add.php

and for me to add that into the database

i pass variables and do the insert in another file called:

add_command.php

is it a big deal?

can the be a possible security issue incase?

thank you!

3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by broj1
0

mysql commands are within php script and not in the plain html so it is safe to have them in the same script as the form. The commands are not (should not be) exposed to the browser.

0

I would say it would be a concern.

Generally, you want to keep the front end as far away from the back (eg. your database) end as possible. Especially if it's for ecommerce where you could be handling some sensitive data on your site (but even just in general), I think keeping your front-end code for building forms and pages from touching your database is important.

0

TySkby, what threats do you have in mind for cases where html form and mysql commands are in the same script?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.