E-Commerce Script, Database help Options

[oddjobmj]

Hello!

I recently payed someone to write a pretty basic E-commerce script that interfaces with paypal's e-commerce package and stores the data on my database. It works well and looks great, but I don't know if it's "safe". I really have no experience in that area, and since the script is customized I don't know what to expect. I can link to the "test" page so the general function can be reviewed, but I'm looking for one or more people that would be willing to review the setup via FTP. Again, however, I don't know exactly what pieces are critical and I may very well miss something.

If no one is willing or able to review my site via FTP, I would highly appreciate it if someone could outline the scripts/code that I should post here; the critical portions.

Here is a link to the page:

http://platinum-leveling.com/sheldon/order1.php

I believe if you go up a directory to http://platinum-leveling.com/sheldon/ you may be able to access the files associated with that page.

I'm open to any suggestions whether it be related to my question or not.

I truly appreciate your time, and thank you for your help!

Let me know if there is anything I can provide for you.

~Mark

EDIT: I realize this probably would be better off in the server side scripting section. I am usually very good at posting in the correct section, and I apologize. I will refrain from making a second post about the same topic there. If an admin would be willing to move the thread I would greatly appreciate it.

This post has been edited by oddjobmj: Mar 5 2009, 05:05 PM

[Darin McGrew]

EDIT: I realize this probably would be better off in the server side scripting section.

I agree. I moved it.

[Brian Chandler]

Of course if you don't know whether the programs are security conscious, it's a bad idea to post them... Have you looked for "SQL injection testing" or similar? (It ought to be possible to write a program that takes an arbitrary web page and sysyematically tests for (at least the most obvious) injection problems, but we live in a world with a cluless Legal Industry that intentionally or not keeps making such services into crimes.)

If no one is willing or able to review my site via FTP, I would highly appreciate it if someone could outline the scripts/code that I should post here; the critical portions.

It's hard to tell which that would be! Are there comments at the head of each file saying what it does? If so you could probaby post them, and we could suggest what needs looking at. Otherwise the problem is that you're really asking for confidential consultation, which is not quite what this _forum_ is supposed to be...

(If there are no comments anywhere, such consultation could be expensive ;-( )

[oddjobmj]

I appreciate your response Brian.

I'm looking for automated SQL Injection testing tools now.

As a side note: I am willing to pay for such consultation if necessary.

I'll look into SQL injection and post back.

Thanks again!

~Mark

[Darin McGrew]

The Jobs Seeking Programmers forum is right next door...