wow that was way too long... rewrite:
I'm hacking together some bank code that's going to be managing deposits & withdrawls coming from some third party accounting service via HTTP post data.
It's going to be somewhat high traffic, privy to malevolant users, and there will undoubtedly be numerous hack attempts on the system. Also, this isn't going to be my money, and it's more money than i could afford to lose out of my pocket if something goes wrong.
Two things i've been told are 1) "check your post headers", and 2) "lock your table". I'm not sure how to do either of these, but i can probably find out. anything else i should know or traps people have fallen into with this type of thing? I need to have it robust incase a deposit is sent & my server is down or times out (i think i can handle that with some basic code inside the 3rd party site by processing a refund as soon as i'm certain the deposit timed out). Thanks in advance!
// What do you mean by "RL"? Hang on, lemme check wikipedia...