Originally posted here by Soda_Popinsky
You can't query a text file quickly. Read about indexing:
http://en.wikipedia.org/wiki/Database#Indexing

Security isn't about cutting functionality, is about securing required functionality. I would accept the risk of attacks like SQL injection for the benefits of a DBMS.

Is having a webserver on an ecommerce website a risk? If so, would you restrict access to port 80?
Point taken and accepted. Up to now I've never really had any experience with databases (and I'm still learning PHP), so I wanted to minimise risks. But, security by losing functionality isn't the way to go (as you said) - and a text file being used as a database would be a nightmare

Do you know any good SQL injection articles I could read, and in particular how to secure against them? I already found some info in SANS' reading room and in the PHLAK documentation, but I want to get more informed before I start using SQL. Google also provided some nice articles, but recommendations are welcome

Thanks,

-jk