thewooleymammoth
-
Posts
768 -
Joined
-
Last visited
Never
Posts posted by thewooleymammoth
-
-
ermm... whoooo said that's mine o.O
noted =p
HAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAAHAHAHAHAHAHA, thats awesome. good find on that.
I sure do wish i knew who really did make 30 cents
-
damn 30c per click would be amazing. i made a site a long time ago (terrible site) while i was just learning. it was a picture site and i just uploaded my personal collection of pictures from the internet. (terribly illigal). i only made 1/2 cent per click because my site had no good keywords. I didnt think people made as much as 30 cents per click.
now I am reconsidering making another site and trying to make it real specific like yours. I could use some extra cash.
-
i like it alot more, much more inviting. i think that could work once you have some more content.
-
I lied :-\ how about more like 30 cents to a dollar? ;p
msormr.com is a trial in cashing in with google that was the evolution of my dyno charts site. Not trying to plug the site tho so if you go to it don't comment that i'm 'just trying to get my clicks up'
?? what are you talking about? you saying you made that site also?
-
instead of random recipe i would put featured recipe, or recipe others enjoyed. to me something like that would make me want to look at it more. random makes me kinda not care. but if i think others liked that, or that someone is recommending... you get the point
everything seems to work fine for me...
windows 7 - chrome
-
not trying to kick him, sorry if it seemed rude, however if i was looking for php tutorials and saw that they only had 100 visits in the last two weeks, i would begin to question the integrity of the site.
-
its off balance, everything is to the left. very little to the right.
-
besides that fact that 100 visitors in almost two weeks is not something to be that proud of...
-
i would love 11 cents as well.
-
Oh boy, my bad.
I thought this was the problem so I connected to my database earlier, but the mysql_real_escape_string() was one line before the connection...
Though the problem is now; does this infect characters as a '/' ?
It adds an escape character ('\') during data insertion/updating, but it shouldn't be visible during data retrieval. If you do see an escape character during data retrieval, chances are you have magic quotes on, which is considered a no-no (if memory serves, it should be turned off by default in PHP5, and may be completely removed from the language when version 6 is finally released).
ussually mine returns the slashes with the data. stripslashes() should do the trick
-
what\ever should return what\\ever the "\" nullifys the effect of the following character. so by adding the slash it nullifies someones attempt to nullify your quote. and injection would like this
here is your sql
SELECT * FROM users WHERE username = "user1" AND password = "password"
the user enteres >badpassword" or 1=1\<
here is the string rendered so you see whats inside the varibale you put in the string
SELECT * FROM users WHERE username = "root" AND password = "badpassword" or 1 = 1\"
that would grant that access to any account. Here is what mysql_real_escape_string(); does
he enteres >badpassword" or 1=1\<
and here is what the query looks like after mysql_real_escape_string()
SELECT * FROM users WHERE username = "root" AND password = "badpassword\" or 1 = 1\\"
the added backslashes remove the breakout of your string input so that all of that is still in the string and not evaluated. it also nullifies the final backslash so that that backslash does not nullify your final quote and your query still gets executed
hopefully that made sense.
-
you need to be connected to the mysql server before you can use that function.
-
css dropdowns i think would be better. the actual drop downs are a little out dated. but they do still work, its a little unclear how they are organized (as mentioned). for some reason there is a horizontal scroll bar on the main content? i would just let that div grow. I think the site would look a little better on larger resolutions if you centered it.
The news stories could have the title in bold and a little bit of the text of the actual news. its kinda hard to figure out whats happening int he stories, nothing really makes me want to read more.
I know you have been developing this and you might not want to do this for pride issues. But i think a CMS like drupal could really benefit you. its basically exactly what you are trying to do.
-
2. Escaping all data that will interact with your db. This will prevent injection attacks. And, no, addslashes won't cut it. You need to use the escape function that's related to the db you're using (like, say, mysql_real_escape_string).
i agree 100%, regex is the best way to validate input, i dont have any right now, but there are prebuilt regex functions you can use, search around for them.
-
use mysql_real_escape_string(); for login or mysql related variables.
-
<?php //name your page according to what you want in the get if(isset($_GET['page'])) include('includes/'.strip_tags($_GET['page']).'.php')//this is not very secure look up filtering strings for more security. else include('includes/home.php'); ?>
if somone typed in index.php?page=uploadpics your site would go into the directory "includes/uploadpics.php".
this also allows you to have a uniformed look
<head> </head> <body> <div id='main'> <?php //name your page according to what you want in the get if(isset($_GET['page'])) include('includes/'.strip_tags($_GET['page']).'.php')//this is not very secure look up filtering strings for more security. else include('includes/home.php'); ?> </div> </body> <!-- etc etc etc -->
also, consider that people have different resolutions so you may want to have your site in a div and be about 950px wide and centered. it looks strange spread out across my ginat monitor
-
i would suggest a dark theme for clubs and bars. people dont really associate sky blue with partying and dancing.
-
you have a great point, however i am 1 step ahead, i am writing the code right now so it will act like the contact link works on my site http://ericwooley.com So you can email from inside the page.
-
seems to work pretty well, you may consider making each feild required when someone adds a chart. blank spots make it feel unfinished. atleast n/a.
Nice work though, youll have a database site up and running before you know it.
-
some testimonials. Good idea. i will see what he thinks of that.
thanks for the input.
-
if you dont want to change the design not much else we can say, have at adding content!
-
Completely different looking now. still gonna be a paragraph under the picture to make the heights line up.
-
the content seems really cluttered and the headers dotn stand out to me.
-
Eric - I forgot, I made a music video contest just for you bud
Check it out in browse contests
nice lol, I dont have the time to make a video right now, ive been doing a lot of digital art though.
If there were a contest i could enter these in i would, but they dont fit anywhere.
http://5wooley4.deviantart.com/
I may have figured out why that bug occured. it was a large file in CMKY format. Deviant art told me that browsers dont work with CMKY.
My first PHP heavy web site
in Website Critique
Posted
damn i wish. Ive been brainstorming for a site all day... nothin comin too me yet. best thing ive come up with is a piratebay clone for usenet. no good usenet nzb sites out there. but im not sure im willing to deal with so many legal shinanagans.