Darryl,
I don't know the answer to question 1, but as for question 2, I did a quick search in the osCommerce
forum and found the following contribution that allows you to keep the register globals setting off:
http://www.oscommerce.com/community/...gister+globals
My site is in a shared web-hosting environment. My host will probably not let me turn it on, so I'm
going to be incorporating this contribution in my "localhost" development copy of osC sometime
during the next two weeks.
Larry Kahm
"Derrald" <re****************@sbcglobal.not> wrote in message
news:re**************************************@news svr21-ext.news.prodigy.com...
I have had two clients recently ask me about shopping carts.
I have also been using PHP on a more regular basis and thought I could
find an open source shopping cart such as oscommerce.
It seems as though oscommerce requires "register globals" turned on.
I know this is a bad idea. Also my hosting company won't turn them on
(not that I would want that). This got me thinking about a few things
and I was wondering what others experience on the subject is. I could
find very little information about this subject on Google.
I apologize if this is not the correct forum to present these topics.
As a note: I have built enrollment and authentication systems in PHP,
just not a store site.
What are peoples experience on these topics?
1. If using a cart with "register globals" on, has there been any
problems with injection of incorrect data? Are people being overly
paranoid of "register globals" being on?
2. Are there any solutions open source or paid that
have "register globals" turned off.
3. What kind of security are shopping cart ASPs providing?
I guess using a provider could provide security as long as
people didn't know the source code of the program.
4. Is any downloadable PHP shopping cart preferred over another?
Enough said!
Thank you,
Darryl
--
--
Derrald V