www.lowveldnet.co.za

Re redevelopment of <a href="http://www.lowveldnet.co.za">www.lowveldnet.co.za</a>

Now I know most of you can and will be going on a weekend break or a holiday in the future. I need to redevelop the lowveldnet website into something more useful. I want to add a booking system for local accommodation, attractions and events. I want some feedback as to what you would like to see on such a website.

Is the colour scheme good bad or indifferent?

As to the layout is it easy to understand once you get passed the entry page?

The headings on the top.

I want to seperate accommodation and attractions from the business area as we are going to do bookings for these.

Any suggestions for these titles. I need them to be concise yet easily understood.

My thoughts were

accommodation and activities ( too wordy but decriptive) (description and Booking)
local business (Local Business minisites)
local and travel information (Basic Info as in General Information at present)
Events ( Diary and Booking)
News and Views (Local News and Comments)
Discuss It
Galleries
FAQs
Special Offers
Local and Travel Links
Contact Us
I know I am asking you all to do some work. All criticism and advice will be appreciated.

Regards

Guy

Okay, lets start at the beginning...

Q:Is the colour scheme good bad or indifferent?

A:A resort in the jungle or near a wild reserve is my first impression, so the colour scheme fits the mood, perhaps too much, some neutral colours could be added to break it up.

Q:As to the layout is it easy to understand once you get passed the entry page?

A:The page layout is nearly consistent - did not know which link I was on though sometimes - perhaps consider a map.

Q:The headings on the top.

A:Look really outdated, no rollovers (although this is just presentation I'm talking about here) just need more thought.

Q:Any suggestions for these titles.

A:Keep them low key if you need to emphasise more then that is what the title/alt tag is for.

Other: The right hand menu bar's submenus are just lost - should try a different font color or bgcolor.

Interesting site, very productive, just needs modernised.

Just an FYI, lowveldnet.co.za, http://www.webtech.co.za and all sites created by this company are vulnerable to SQL Injection attacks.

PLEASE!!! read up on these types of attacks and how to prevent them....your customers won't appreciate their data being stolen.

From my googling I figured I need to boost the security by adding a replace command to prevent people from Injecting and creating their own Passwords.

Am I to understand that if you added to the text box some SQL code you could change the actual SQL Query to be more than I expected?

Also that you can create a page in the address bar that will give a different set of results to those I requested?

In effect is it just changing those two things that will resolve this issue?

Guy

It's vulnerable to SQL Injection attacks and parameter manipulation attacks.

These are the only two things I tested.

But what I need to know is.

Is my understanding of the subject flawed?

Am I to look at anything else, I googled and found 4guys most helpful but need to know if I understood the subject.

Guy

SQL Injection attacks can occur either from input fields (textboxes,etc...) or passed through the querystring.

How to prevent these attacks depends on the database you are using, the language the application is written in, the web server being used, and the platform the application is running on.

There is no "Simple" solution to preventing these attacks, you have to test for them first. Then research how to prevent them.

There are numerous attacks that can happen against applications (SQL Injection, Parameter Manipulation, XSS, Blind SQL Injection, Hidden Field Tampering, Cookie Hijacking, Session Hijacking, etc...)

You have to learn about each one, test for it, then take the necessary measures to prevent it.