Djkanna

Looks pretty good.

$ipcheck = mysql_query("SELECT * FROM ipfinder WHERE ip = '".$z['lastip']."'") or die(mysql_error()); //Error is here

Demo Account: -Username: MakeWebGames -Password: MWGUser Why do you take 5 seconds to redirect me back to the login page after register, rather than redirecting me into the game? :) Looks pretty cool, I like the colour scheme. Probably shouldn't see this on a new account. Message after successfully buying a Katana.

Right, cleaned up a bit. Thread remains open due to Razor requesting other collab experiences with him, to be posted here. On that note: Razor has been nothing short of respectful towards me both professionally and personally, which is all I can say.

Neat, thanks for your time and effort.

He only admitted it to the post prior to this one, the quote is rather sarcastic. You provided a screenshot of the DB, which the only identifying information is the game name. Back to the point: The screenshot, along with the quote doesn't equal proof, it just means someone is spamming your game with Razors game. Which anyone that knows Razor, knows the game. ;) Now that he's admitted it means you have proof, but it brings up a new question: Why did you retaliate by spamming his game and then post this thread?

I gave it up a while ago, roughly around the time my net got bad! >_< Minecraft on the other hand, if you're ever playing, give us a shout! ;)

May I ask: Where's your proof?

No worries, best of luck. -Closed.

What worries me is they go out of their way to mention that their services are valid. Guess it's true, it's all in the name... :o

Welcome back.

Good luck with it.

A(1): Possibly. A(2): Possibly. Not very helpful I'm aware. However you've done your own checks on the person in question, so go with your gut as they say.

Not bad, not bad at all.

It may be more beneficial to have stand-alone native apps that interact with your game, for IOS/Android. (But then again, despite the whole mobile first frenzy, it doesn't mean you have to follow suit.) Though still keep in mind a mixture of <caution buzzwords ahead> Adaptive Design and Responsive Design, for every other device being used.

In all fairness, I could have been more clear. However it's done now, that point is made. :)

// Sanitize input function clean($str) { return (htmlspecialchars(strip_tags(trim($str), ENT_QUOTES, "UFT-8"))); } $mess = clean($_POST['mess']);$mess = mysqli_real_escape_string($mess); echo $mess; Take yours; return (htmlspecialchars(strip_tags(trim($str), ENT_QUOTES, "UFT-8"))); Take mine: return (htmlspecialchars(strip_tags(trim($str)), ENT_QUOTES, "UFT-8")); Pay special attention to the position of things. :) htmlspecialchars ( strip_tags ( trim ( $str ) ), ENT_QUOTES, "UTF-8" ) ); Hopefully the above makes it a little more clear.

The relation doesn't matter. From what I remember from that period, the context wasn't really you couldn't block SQL injection with just one function, it was more so, you cannot secure your site with one flawed function. You surely can use custom made functions to help prevent certain things. The problem with these functions that float around the forums, is one of two things: The function is flawed. Where the function is being used, is problematic. As for your last query: Sorry if wasn't all that clear. The parameters that should be passed to htmlspecialchars, are currently being passed to the strip_tags function instead. return (htmlspecialchars(strip_tags(trim($str)), ENT_QUOTES, "UFT-8")); Notice the position difference to that of your clean function in the post prior to my first.

Thread locked, if you wish to discuss each others reputations here, then PM is a good place to go. :) Frosty if you need this thread unlocked, for reasons relating to the original motive behind the thread, let a staff member know and they *should* clean it up for you. -DJK.

100. My question: Why are you over thinking this, also what's the end goal? If you're looking for more information about the combinations you're using, then look at each function separately. Then piece together what happens when you combine, from what you know about them individually. (on a different note: The option params, in your clean function are in strip_tags() rather than htmlspecialchars().)

Done, best of luck. Don't know what you win, but I hope it's a real boat! :P Ps: Did squidward get away?

$itmname = (isset($_POST['itmname']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['itmname'])) ? strip_tags($db->escape($_POST['itmname'])) : ''; With: $itmname = (isset($_POST['itmname']) && preg_match( "/^[a-z0-9_]+([\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['itmname'])) ? strip_tags($db->escape($_POST['itmname'])) : ''; See more

Looks awfully similar.

Welcome back (if I can say that) Publius. Best of luck getting GRPG back up and running.

Thread locked. Take your anti-skooda remarks to his collab thread. I'll reopen the thread once it's ascertained that Skooda is indeed the owner of the engine, and has permission to sell it on.