Karlos94

Compatibility with existing MC Codes mods, I wouldn't a agreewith you doing this. I like the idea of where your coming from, but making it compatible with MC Codes is a bad idea IMHO. If you was to do this, I wouldn't consider helping or using it. If you want to create a new game engine, do it but don't allow it to become 'part' of MC Codes. Start fresh, be different, and don't get stuck in trying to make MC Codes mods being compatible. It's just my personal opinion but I'm 1 person..

Not from MySQL, but with MySQL. I normally like to do it myself, but I want a change and see if it can make my life eaiser.. It's nothing permanent, just something I'd like to try out.

I have a few ORMs in mind that I wish to use for a project I have in mind, however I am not sure which one to use. I am asking you to name an ORM that you would personally use which works well with MySQL. Some current ORMs I have in mind   Doctrine 1.1.5 Propel 1.4.0 RedBean 0.8.2   Don't worry about repling quickly because I'll be off in 4/5 hours and won't be back till Sunday, but if you can contribute I will be most thankful. (Mainly targeted at more experienced website developers.)

I believe if you read it correctly you'll find out it is..

Sorry I didn't send your a private message when I said I would, however I only got my invite today so I shall message you as soon as possible... My computer is being a bit of a... You know..

I don't have an account currently, however someone has sent me an invite and I'm awaiting the email. However if it doesn't come through I should hopefully have my 'request an invite' application accepted. I'll PM you within the next 24 hours with my account, if I get it..

I believe your missing the point. You game will still be vunerable to the exploit. If I was you I would completely sort the problem, not just a 'quick' fix where you game can still be exploited. See if you make an error while writing an MySQL query and one of the fields are the user level field, they will be able to see the new field name due to the error. I'd say try sorting the error, not covering it..

Is there a copy of this framework, I'd like to see what I'll be using before I say I will help with this project.

This looks like it was simply updating a field in the MySQL database and an abusive user would improve their user level to become part of the game staff. Why not use some MySQL functions to help counter against it? I mean INET_ATON() and INET_NTOA() is great for storing IP's. With finding useful open source snippets to get a retieve a valid IP can be hard to find, but I have managed to find one on this forum. [FAQ] How do I retrieve the remote IP of a user

I can understand what you mean for a small thing, but wouldn't checking the input to an array be more efficent compared to regexp? I would test but I have no access to any testing enviroments at this moment in time.

That is a valid point, however preg_match() can see to slow down the processing. I'd personally say K.I.S.S (Keep it simple stupid..), this seems like that you rather use something more complex than needed. Try messing with a ternary operator and inclue these functions.. isset() empty() strtolower() array() in_array() strlen() As I said.. K.I.S.S

LazyT: Just because his is laid out like that, doesn't mean you have to go for that style.. If he wants it to be that style and I sure most people would agree with me that he should learn PHP and have a half decent attempt at it his self. But it's my view.. Other people may and some will have different views.

a_bertrand: I only did that as an example, however I would first off make the field in the mysql database and make sure they can't input anything different. I also understand where your coming from about XSS expolits. Also whenever someone checks input data before inserting or updating anything, they need to make sure that it goes into there database exactly how it should, by that I mean not allowing any chance for an exploit or bug to occur.

The best way personally is do keep it simple IMHO. Why type up so much code hundred's of times to display the same thing? Just use a function.. Surely everyone knows them.   function fName($uId) { // Funtion declared and requires a parameter. $iGet = mysql_query("SELECT `username`, `uColour` FROM `users` WHERE `userid`=".$uId); // Let's query the information required.. if (!mysql_num_rows($iGet)) { // Make sure Id is valid... return '<span style="color: #FF0000;">Invalid Id.</span>'; // The Id failed the check, let's return the error. } // End check. $uInfo = mysql_fetch_assoc($iGet); // Let's get the information needed. return '<span style="color: '.$uInfo['uColour'].';">'.stripslashes($uInfo['username']).'</span>'; // Let's return the information.. Not echo it. } // Let's end the function..   Might contain an error, I haven't coded anything for a while.

Why do you need to use a case and function there? Just but the code needed within the case... You are giving yourself even more to write.. And debug if needed.