>>Phillip, you might need to double check but last I looked cfshopkart it was storing credit card details in its database (an MS Access database).
Last time I looked at it, a couple of weeks ago, it had queries that did not use use cfqueryparam. Double plus ungood. You can always use that tool (the name escapes me) to cfqueryparam-tize the queries. I have used it before and it worked well enough, It did not add the cfsqltype attribute. I had to do that by hand, but it did 90% of the grunt work. My advice, free and worth every penny, is to get something battle tested. I have 5-6 carts under my belt and they can be rather involved and hence there is a lot that can, and if that Murphy fellow has anything say about it, will go wrong. G! On Wed, Jul 22, 2009 at 10:53 PM, Kevan Stannard <ke...@stannard.net.au>wrote: > > Phillip, you might need to double check but last I looked cfshopkart it was > storing credit card details in its database (an MS Access database). And if > you're on shared hosting this this db is likely to be web accessible. If > this is still the case then avoid this cart. > Mike, cfshopkart was one of the authors first cf applications so is not a > good example of a well designed or coded app. > > -- Gerald Guido http://www.myinternetisbroken.com http://www.cfsimple.org/ "To invent, you need a good imagination and a pile of junk." -- Thomas A. Edison ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324854 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4