Re: Executing PHP files on remote web server

Jerry Stuckle wrote:
The Natural Philosopher wrote:
Jerry Stuckle wrote:
rdyornot wrote:
"Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> wrote in message news:gvv8dr$3pb$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
How much is your time worth? How much is the company losing because you have to spend your time trying to learn PHP?

The company doesn't care. I work 100 hrs/wk, but I'm salaried. I only get paid for 40 hrs. Even if I spend 80 hrs/mo on training, the company still gets the hours worked by two employees for the price of one.


Whatever.

Not to mention what happens if your database gets screwed up (or exposed) because you're not familiar with things like SQL injection and other security items associated with having something on the internet?

I may be brand new to PHP but I'm not a rookie database developer. (I know 6 flavors of SQL so learning a 7th shouldn't take that long.) The syntax may be different between programming languages and database engines, but the concept of avoiding SQL injections isn't that different. Certified Oracle DBAs are required to take formal Oracle classes, and we learn how to build solid database structures, safeguard data, avoid SQL injections, and a whole lot more. And I'm a Unix system administrator and network administrator, trained in network and database security, so I have some idea about how to "keep 'em out." There are good reasons to expect success in this endeavor.


Being a database developer is completely different from being a programmer (and vice versa). And building a database is completely different from building a program. Additionally, SQL injection from a DBA's perspective is completely different from that of a programmer. And finally, Unix administration has NOTHING to do with any of this.

Quite frankly, while you have good experience in database administration and Unix administration, I see virtually nothing in this which provides the necessary experience for programming.

Can you afford NOT to hire a contractor to do it right?

Oh, ye of little faith. When I post my code, surely someone more experienced than I am in PHP will say, "Don't do it *that* way. Do it this way," thereby helping me avoid the road to ruin. Something tells me you'll be one of them. :-)


Not little faith. Great experience. And don't expect others to solve you security problems. We're willing to help, but we won't do your work for you.

But for your own sake, if your data is at all important, get someone who knows what he's doing.

Everyone who became an expert started out in my shoes, knowing nothing about the programming language but eager to learn all they could, and willing to ask for advice from the experts. And follow it. Whenever possible. (I can't follow your advice about hiring a contractor. I have zero influence over staffing decisions.)


And few of us started out on our on sensitive data - those who did often learned the hard way.

Thank you for the advice.



Don't mind Jerry. He has problems, like not getting enough work and spending too much time telling people how difficult it all is, because that's the way it is for him.

So he prattles on about 'sql injection' which is completely irrelevant if the agency that has access cannot write create or alter a table, for example.


Spoken like a true nudnik who doesn't know the first thing about serious programming. But of course we know you can't get a job as a programmer.

SQL injection is not just a write/create/alter problem. It can be a problem with read-only access, also. But since you don't understand SQL injection (or anything else about security, for that matter), you wouldn't know the difference.


As usual, a brush off statrement with NO code, or sample or example to back it up.

Show me and example of SQL injection using only select and I'll listen to you.

Until then shut up.
.

Relevant Pages

  • Re: Executing PHP files on remote web server
    ... The syntax may be different between programming languages and database engines, but the concept of avoiding SQL injections isn't that different. ... SQL injection from a DBA's perspective is completely different from that of a programmer. ... Quite frankly, while you have good experience in database administration and Unix administration, I see virtually nothing in this which provides the necessary experience for programming. ...
    (comp.lang.php)
  • Re: Executing PHP files on remote web server
    ... because you're not familiar with things like SQL injection and other ... may be different between programming languages and database engines, ... Unix administration has NOTHING to do with any of this. ... the necessary experience for programming. ...
    (comp.lang.php)
  • Re: Executing PHP files on remote web server
    ... The syntax may be different between programming languages and database engines, but the concept of avoiding SQL injections isn't that different. ... SQL injection from a DBA's perspective is completely different from that of a programmer. ... Quite frankly, while you have good experience in database administration and Unix administration, I see virtually nothing in this which provides the necessary experience for programming. ...
    (comp.lang.php)
  • Re: Executing PHP files on remote web server
    ... The syntax may be different between programming languages and database engines, but the concept of avoiding SQL injections isn't that different. ... SQL injection from a DBA's perspective is completely different from that of a programmer. ... Quite frankly, while you have good experience in database administration and Unix administration, I see virtually nothing in this which provides the necessary experience for programming. ...
    (comp.lang.php)
  • Re: Theres got to be a better way
    ... I work with annoyingly complex database tables whose structure ... Programming is all about reinventing the wheel. ... But we're still writing code must like we did 40 years ago. ...
    (comp.lang.php)