I am creating a dynamic web site for my final year project. It is supposed to be capable of selling cds and concert tickets on the web and give out information on venues and artists. The database that i chose to use was oracle 8i and php to display the info. This was due to the fact that i already had a little experience with this and my department doesn't support any other database for use on the web.

The problem that i now have is that the department want me to put in my report why i chose oracle/php over msaccess/asp. At least a 1000 words! I have no experience with msaccess or asp and so it has been hard. Obviously i have been reading lots of books, but most of these just say how both work, not whats good and bad.

The questions i have are,
which combination is the most secure, or easy to secure?
Are there any known holes not plugged?

Also any personal opinions on which you think is best please let me know, i need to look at this from every aspect, not only a security point of view.

Cheers guys