It’s not “working” if you do not even consider the slightest security topics.
Oh crap, happy birthday when your security faults lead to serious legal risks.
Oh i’m sure, if all of your code looks that messy, it will break every page.
Why need a backup when everybody else has your data? You may find some auctions on ebay soon. Or, who needs backps anyways if your data will be deleted on a regular basis. No data - no legal issues from exposed user information.
Thinking security is just some minor “update” to a software is just naiv from the point of any experienced developer. Just read up SQL-Injection.
Thank you for picking out the pieces you want to squabble over instead of helping chorn. I have already stated I’ll be looking into it but your argument is extremely moot at this point. I’m not super worried about auctions occurring on ebay when they happen daily already. The entire point myself and Mr. Maxwell are trying to reach to you is that security IS AN ISSUE but it doesn’t matter RIGHT NOW. The program isn’t live. It’s not live for months still to go! But to do anything - pieces have to operate! Then we can worry about updates. This is a singular function in thousands of pages I’m not super worried. Thank you for the heads up on SQL-Injection I’ll give it a look definitely.
Please, have something useful to the situation to say or grovel on another post please and thank you
Your extreme ignorance is showing. What I posted is the most valuable post in this thread.
The OP is running DANGEROUS code. It is a danger to the users of the application and the security of their personal information. It is a DANGER to everyone else on the server. It is a DANGER to the entire network the server is on. It is a DANGER to the entire Internet. Just search the internet for the countless story’s of data breaches. They happen for exactly reasons like this, out of date servers and software or the “programmer” didnt know what he was doing or he said “I guess I may care in the future for sure” and never did.
Nobody should rightfully help to get this “working”. The code should IMMEDIATELY be removed from the internet until it is secured and the server should IMMEDIATELY be upgraded.
What the op is really saying here is “I have a few thousand pages of attack vectors just waiting to be exploited.” That is just completely unacceptable. For well over TEN YEARS the PHP manual had/has a BIG RED warning about this code. There is no excuse whatsoever for ANYONE to keep running it.
It is offline. The entire thing. This isn’t a public function. It is a private program ran on a private machine via paid employees of a private corporation. Everything about it is offline and physically secure to the individual - which there are 2. Myself and the CEO. Which again - makes the argument irrelevant at the moment. Thank you for the concern. It will be addressed. Just not right now.
The security aside, the code you are using will straight up not work in current PHP whatsoever no matter what you do, therefore you are just wasting your time. You will be FORCED to run an obsolete server and software for it to do anything.
I would be surprised if your CEO would have you continue on your current path if he knew the entire time and effort you are exerting will have to be completely re-done again.
Do you have any idea how many data breaches came from paid employees of private corporations? That is probably one of the top 5 sources of computer crimes.
Trust me, NOBODY needs physical access to your server to compromise it.