Jump to content

avillanu

Members
  • Posts

    46
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

avillanu's Achievements

Member

Member (2/5)

0

Reputation

  1. Well it's just a rating script for a content site, I don't think anybody would go through the trouble of really going out of their way to find a workaround.
  2. Well I'll be releasing my script for free, I just want my users to have the easiest time possible. Thanks everyone for the help.
  3. I forgot to mention that this script will be released for free and help small-time webmasters, so your contribution will help the good of humanity
  4. Site: http://www.crawfordresearch.com/arcade/ This is one of my first PHP scripts, so please be forgiving. I would also highly appreciate it if you guys had any suggestions. Note: I know that users can vote multiple times, I'm working on a solution for this. Thanks Alex
  5. Wouldn't the IP database eventually get huge if there is one row for every vote?
  6. ok, would the best way to do this is with IP addresses or is there another way?
  7. MySQL I forgot to mention: I've done a bit of googling and seen some solutions. But what makes mine a bit more complex is that it's okay for users to vote on multiple pieces of content, just not on the same one.
  8. In my CMS I have a rating program where people can rate each piece of content. Fairly simple to implement - the only problem is that voters can vote multiple times. Anyone know a way to prevent this?
  9. Would it be okay to put it in the query or should it be before it as suggested by hackerkts?
  10. I've fully read http://us.php.net/manual/en/function.mysql-real-escape-string.php and I'm still confused. Everyone has their own "best practice" code and they're all different. I've done extensive googling and it's the same. This is a huge headache as everyone is acting like an authority.. This is what I'm planning to do for my script. Please let me know of any shortcomings. 1) [Example 1442 in link] - add mysql_real_escape_string to ALL MySQL queries. Would this be enough? It would seem this would catch anything. 2) $id = intval($_GET['id']) instead of a simple $_GET['id']. Would this be necessary if I do the previous prevention method (1) and is there some code that be used if the variable passed is a string? Also, how are these methods affected if magic_quotes_gpc is onor off?
  11. I have a simple division between two variables but I'd like the output to only show the answer with two decimal places and truncate the rest. Is there anyway to do this?
  12. I'm rewriting my first script (CMS). As you can imagine, it's written like a newbie. I haven't learned OOP yet so nothing revolutionary, but I'd like to made the code cleaner and more secure. My thoughts: * Anti-MySQL Injection Use: $id = intval($_GET['id']) What should I use regarding username/password and strings passed by the users? * Make variables more memorable/descriptive * Should I bother using LOCK tables? I have a basic CMS which tracks views, user ratings and such. More info here: http://www.php-mysql-tutorial.com/mysql-update-and-delete.php * Add indents to make code more readable. * Should I add MySQL close connect? I see this is some tutorial examples and not in others. * Should I use functions? something like displayTopContent(); instead of having multiple lines of code...once again this would make the code much more readable, are there any drawbacks to doing this? Any other suggestions would be greatly appreciated.
  13. Thanks - it does work when I remove the desc part... 'desc' however does not work...I'd really prefer not having to rename the column, any ideas how this can be done?
  14. OK I inserted the code as instructed. This is what I got: Problem with Query: update generic_games set name = '12 Holes of X-Mazzzx', desc = 'Pick your putter and go out to putt a hole in one.Move the ball to where you want it then click,move your mouse according to the arrow then click to shoot the ball, and play all twelve holes', image = '12 Holes of X-Mas.png', filename = '12 Holes of X-Mas.swf', cat = '1' where id='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'Pick your putter and go out to putt a hole in one.Move the ball to where' at line 2
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.