Database driven website

  • Thread starter theprintingworks
  • Start date
T

theprintingworks

Hi, I have a website with loads of prices and I would like to control prices via a database. Can anyone explain the easiest way to do this?

Alternatively maybe someone could give me a quote to provide the database part of the website that I can integrate.

Many thanks
Stewart
 

microbe

Free Member
Mar 26, 2005
89
5
Felixstowe, UK
Hi, I have a website with loads of prices and I would like to control prices via a database. Can anyone explain the easiest way to do this?

Alternatively maybe someone could give me a quote to provide the database part of the website that I can integrate.

Many thanks
Stewart

I would be very happy to give you a quote. Can you give me a bit more detail of what you are looking for. If the site is live, I can probably tell just by having a look at it roughly what you need done and give you an indication of likely costs.

Regards

Tim Marchant
 
Upvote 0

dave_n

Free Member
Oct 27, 2007
2,842
272
Lancashire
the simple idea is that you have an admin interface into a db where you can set the prices.
Using dynamic pages the prices are brought from the db and rendered onto the page so that any updates on the db are immediately shown on the website.

drop me a pm with some req's if you would like a price
 
Upvote 0

jgrock

Free Member
Dec 4, 2007
57
1
I have created a website that automatically uploads from your finance package. Namely Sage. Take a look w w w.galgormgroup.com , 5000 products online and if there is a change in the main system every night at 1.05am an updated price list is uploaded to the web.... really easy to maintain. Simply create a csv file and convert to a txt file then upload

Let me know if you need any help
thanks
John
 
Upvote 0
T

theprintingworks

OK ive been playing around with mysql. I have my database (well a basic test one) and have worked out how to bring it into a php page but I really need to bring the info into .shtml pages. For some reason my shtml .inc's wont work in php so I guess php is out. Any suggestions please on how I can get data into a shtml page?

many thanks
 
Upvote 0
T

theprintingworks

Because it does not recognise the include files as they are, hence the modification above. The only problem I have now is the inc files do not display in dreamweaver. I have just enabled vista as a webserver for testing and am now installing php so I can test locally. Any ideas on how to get the includes to display?
 
Upvote 0
T

theprintingworks

OK got mysql and php installed and running (it was too easy so I guess I'm in for a crash next restart), only thing left is to get the include's to display in dreamweaver cs3. Pint in it for anyone who can tell me :)

'Edit'
Ok done it, I was trying to use <?php include("filename.inc"); include("filename.inc"); include("filename.inc"); ?> which works when viewed in browser but does not display in dreamweaver. By putting each inc sperately in php it displays fine in dreamweaver.
 
Upvote 0

red-team

Free Member
Jul 16, 2007
10
0
Hi,

please ensure that you implement the correct security measures when developing database driven websites using mysql and php. Using 'include' with registered globals on is not recommended.

Over the past few months we have found numerous issues with remote file include vulnerabilities (this is where an attacker uploads a php shell to your server) and essentially has full (but limited - ie as web user) access to the server and all the files. The next stage of an attack is privilege escalation whereby the attacker becomes admin/root on your server - at this point a rootkit or backdoor is installed and unfortunately its 'game over' for you!

We are happy to help if you need your site testing prior to making it live.

Kind regards,
Dave
 
Upvote 0

Interconnect IT

Free Member
Nov 15, 2007
1,229
192
Liverpool
A lot of developers soon learn the hard way about web app security!

I spent much of the past twenty years developing on internal systems and it's scary how many security holes get left lying around. Even in big ERP systems. Thankfully, being internal facing only they didn't have to put with every wannabe hacker attacking their systems time after time, which web apps have to put up with.

It pays to be cautious and a little paranoid :(
 
Upvote 0
Surely if they can get a php shell on the server they can do what they like anyway, perhaps preventing the shell upload in the first place is better?

Having said that I understand that if someone is determined enough they will get in anyway!?
 
Upvote 0

red-team

Free Member
Jul 16, 2007
10
0
Thats not strictly true. Getting a php shell on the server is the second stage of an attack (the first stage finding that the site is vulnerable to an RFI attack). As mentioned before, this gives the attacker full visibility but only limited access as the shell will only have webuser rights. Although, a backdoor can still be installed, but the ultimate goal for the attacker would be to become root user (which can be done by finding a local root exploit) - he/she then 'owns' the server and you may never know.

Don't forget, RFI attacks are just one example, there are many other ways of getting access to server - the key thing is to understand what your are developing, implement security as best you can, keep your servers patched and routinely test them for vulnerabilities.

KR,
Dave
 
Upvote 0
Sounds like hard work to me to do it all manually.

There are many free (General public license) solutions out there. You would be better to adapt one of those rather than try to code everything from scratch.

Have a look at OScommerce for the shopping site aspect and Joomla if you want a web-based content management system.

I can help you get them set up if you have the right hosting package. Some hosts offer them directly in your control panel via Fantastico (a script installation system).

Spend your time building the content of the site, not hand coding the framework.
 
Upvote 0

Latest Articles

Join UK Business Forums for free business advice