www.meandmybaby.ie

[markbprice]

Hey Guys,

Just looking to see if there is anything I'm missing here.

Constructive critisism appreciated.

Regards,

Mark.

 

[php.allstar]

Hi,

Not sure about the security of the script you are using, as the search form failed a simple SQL injection/Cross Site Scripting test with the string:

a' or 't'='t'\

entered into the seach box.

Now I dont have time to dig around here but the sql error message presented could yield some juicy nuggets of info to hackers.

If the cart providers were too lazy to prevent this from happening, I'd imagine there are quite a few holes in your online store.