1. Shop with a credit card, not a debit card. The procedures for dealing with fraudulent credit card activities are much more entrenched(and easier to deal with) since credit cards have been around for years. Debit cards are still a relatively new thing, and since they are tied to your actual checking account can be a mess to sort out if checks have bounced or payments have been missed. Credit cards still offer a layer of protection that debit cards don’t.

2. Use Firefox. This could have been number one on the list. I suggest all home users use Firefox at all times, instead of Internet Explorer. And, with online shopping, it’s even more important. The fact is, Internet Explorer remains the single biggest target for viruses and spyware in existence. To get Firefox just go to http://www.mozilla.org and download it.

3. Look for the padlock symbol. The presence of this symbol: in your browser’s address bar means that the purchase you are about to make is encrypted as it travels across the internet.

4. Avoid prices that are way out of line. What I mean is, if the price seems to be way higher or lower than market price then move on. What you will find is that most of the time these low prices are accompanied by ridiculously high shipping rates to compensate. Extremely low prices are a sign that all is not right with this vendor.

5. Don’t rush. Take your time when making a purchase from an online vendor that you’ve never dealt with before. Step through each page and read all the fine print during checkout.

6. Use different passwords. If you are making a purchase from a new vendor and they require “registration” or that you set up an account with them, don’t use a common password. Use a different password for each account. I know it’s a pain, but you can write them down and keep them in a desk drawer or something to make it easier. Having the same password on all of your website accounts is a major security risk for you.

7. Use one-time use e-credit cards if you can. I use these all the time through paypal. Basically, you can generate credit card numbers that are tied to your paypal account. These numbers are only valid for one transaction. That way, if someone hacks your account at that particular site all they will get is a useless card number. Paypal offers these numbers as do many banks.

8. Check seller ratings. If you are dealing with a vendor that you’ve never heard of before, consider looking them up on a rating service such as bizrate.com or pricegrabber.com.

Hope these help. Shop safe and keep your radar up. If something seems fishy just close your browser and don’t go back to the site.

’ OR 1=1

it will get rejected at this step. All of the SQL keywords are
stored in big lookup table and checked against. The next step then is
to bind the variables instead of passing them in as plain strings. This
is a crucial step to avoid SQL injection. So instead of:

$sql="SELECT * FROM users WHERE username="$username" AND 
password="$password" LIMIT 1

we use:

$sql="SELECT * FROM users WHERE username=? AND password=? LIMIT 1
$sth=$dbh->prepare($sql);
$sth->execute($username,$password);

The final thing we do is check the row count of the result set. Even
though we used “LIMIT 1″, if there is an injection going on then we must
assume that it has been changed. Be sure and check that you have a row
count that is sane for the operation you are performing. If you are
logging someone in then you should return an error if the result count
is 0 or greater than 1, like this:

die unless($sth->rows() eq 1);

Next time I’ll focus on SQL injection that happens beyond the front
gate. Sometimes you can’t be so strict on row counts and syntax checks
once a user is inside.