Alan

What guest said - both. JS to save a trip to the server (and thus conserve resources, bandwidth, time etc) PHP (or the language of your choice) on the backend to fully validate *all* input ensuring you duplicate what was done at JS level (after all, your client's JS may be disabled, or worse) With care, you can write decent forms that are essentially self-validating at both layers.

There's no pleasing some people. Standard competitive ranking is the easiest to implement and is the one that will be the most familiar to players given its common usage from primary school upwards. What you want sounds more like dense ranking which is a little more interesting to implement and is database engine specific. So since you want an answer to a question that you didn't define - you will need to provide more information: 1: Sample data - 4-6 rows with duplicates as I had and of course the rank that you would apply to each row. 2: Database engine (PostgreSQL, MySQL, Oracle, SQL Server, NoSQL* etc) 3: Scripting language (may be helpful) 4: Ideally, the exact ranking mechanism

If we assume you are using an integer based experience then the solution is pretty easy. To demonstrate, create some test data with "points" being the field we are interested in determining rank from: CREATE TABLE test ( id INT UNSIGNED NOT NULL, name VARCHAR(25) NOT NULL, points INT UNSIGNED NOT NULL, PRIMARY KEY (id), UNIQUE KEY (name) ) ENGINE=InnoDB; INSERT INTO test (id, name, points) VALUES (1, 'Tom', 100), (2, 'Alison', 58), (3, 'Dick', 88), (4, 'Susan', 102), (5, 'Harry', 99), (6, 'Alan', 88); Now to get the every rank... SELECT id, name, points, FIND_IN_SET(points, (SELECT GROUP_CONCAT(points ORDER BY points DESC) FROM test)) AS rank FROM test ORDER BY rank; which would result in +----+--------+--------+------+ | id | name | points | rank | +----+--------+--------+------+ | 4 | Susan | 102 | 1 | | 1 | Tom | 100 | 2 | | 5 | Harry | 99 | 3 | | 3 | Dick | 88 | 4 | | 6 | Alan | 88 | 4 | | 2 | Alison | 58 | 6 | +----+--------+--------+------+ or to get just the rank for an individual... SELECT id, name, points, FIND_IN_SET(points, (SELECT GROUP_CONCAT(points ORDER BY points DESC) FROM test)) AS rank FROM test WHERE name = 'Alan' which of course yields +----+--------+--------+------+ | id | name | points | rank | +----+--------+--------+------+ | 6 | Alan | 88 | 4 | +----+--------+--------+------+

Personally, I find this highly distasteful; while we do have mail logs; they are *only* available to staff if in the extreme case, somebody wishes to report the sender and even then we can only see the mails that are specifically tagged in the conversation. Why? Simple, we take the privacy of our players *very* seriously. Mail is held in an encrypted form, so even if the server itself is compromised, a highly unlikely scenario, nothing can be gleaned without considerable (30+ years) work. Logs are not here to prevent players breaking the rules - that is what your game logic is for. Even simple logs like McCodes cash/bank/crystal transfer logs are never needed by any member of staff unless an issue has been raised that cannot be fully understood by following players statements. ""Staff"" have too long at all levels abused their position by having access to and basing their own actions on the content of these. We treat all our players with the respect that they are due, by maintaining their privacy as much as any service provider or financial house will do and ensure that support staff are their purely to deal with any contention or other problems that may arise. When player/owners of McCodes et.al. start to take it upon themselves to follow the same rules that they expect their players to follow, the genre, the codebase, and the entire player base may just start to become a little more mature; till then we have children playing the part of "staff" with none of the social skills or responsibility needed to run what is in essence a small business.

S'pose I'd better be in IRC for your "just while you're here... " and the "oh and by the way... " not to the mention the "how the frak do you do that??? " problems then ;)

So on one hand, we publically renounce people who have ""stolen"" scripts, on the other, we blatantly disregard the copyright rules.. Still, as CE/MWG has never really had that much of a clean record, and even a casual glance around these forums is sufficient to build an almost 100% complete (ignoring staff functions) McCodes V1 & V2, I guess posting such material can really be considered "fair use". Discuss ;)

if (!ctype_digit($_POST['number'])) { // Some error code } else { $number = abs(intval($_POST['number'])); // Turn in to variable so it easier to obtain and you don't have to use the $_POST[''], and get absolute value. } A remarkable number of errors in so few lines; No existence testing - ie: array_key_exists('number', $_POST) abs() - Why ? ctype_digit() looks at the digits 0-9 only no - sign intval() - Why ? as above, ctype_digit() look sat the digits 0 -9 only - no decimal point Have you tried intval() on large numbers? The response various between 32 & 64 bit machines, and in reality, it is unlikely that you actually need an integer. SELECT username FROM users WHERE userid = "123" works just as well as SELECT username FROM users WHERE userid = "123" and while the 123 in this case is (in the former example) as string, you don't need to escape it as we already know it is injection safe.

The answers on this forum really do worry me at times. Has anybody actually looked at the documentation for mysql_query() ? From the PHP docs: which means it is very easy to determine if your statement has worked or not:if (($rs = mysql_query($sql)) === false) { throw new Exception("..."); } else { /* do something sane with $rs */ /* ... */ mysql_free_result($rs); } The error provided even states the problem: Although to be accurate, while a boolean has been passed instead of a resource, it is in fact False - which thankfully makes error checking a little easier.$q=mysql_query("SELECT * FROM items WHERE itmid = {$_GET['id']}"); is a pretty dreadful statement albeit in keeping with the rest of McCodes - perhaps a little defensive programming is in order? // ensure provided data looks like a number $id = array_key_exists('id', $_GET) && ctype_digit($_GET['id']) ? $_GET['id'] : 0; // construct sql statement $sql = "SELECT FROM `items` WHERE `itmid` = $id"; // execute the query $rs = mysql_query($sql); // error checking if ($rs === false) { throw new Exception('Database Error - Please contact staff'); exit; } // do something sane with $rs // ... // Optionally, release memory mysql_free_result($rs); Longer? Certainly Safer? Certainly Production quality? Not really, failing to pass the mysql link resource is unwise as is using the mysql extension itself Solves the problem? In this instance, from the information provided by the OP I'd say yes

He [Guest] raises an interesting point, one that has long made me pause before posting anything here - few people know of my capabilities (Guest does), but it would be inappropriate for me to submit code to somebody who has published a requirement for high quality code (a good thing if I'm honest) without first proving themselves to others. Perhaps a mod site needs more openness and the ability for authors of all levels to post safe in the knowledge that their code is secure, and will be paid for in full to them. - - - Updated - - - He [Guest] raises an interesting point, one that has long made me pause before posting anything here - few people know of my capabilities (Guest does), but it would be inappropriate for me to submit code to somebody who has published a requirement for high quality code (a good thing if I'm honest) without first proving themselves to others. Perhaps a mod site needs more openness and the ability for authors of all levels to post safe in the knowledge that their code is secure, and will be paid for in full to them.

I seem to remember doing this 4+ years ago; I even used a neat trick that changed the color of the span depending on the width of it - but I'll leave that as an exercise. http://jsfiddle.net/2edJF/

Well I'm guessing the game will not be strong in the math department then :D

Any more clues, and I might as well write the whole thing myself - and we know how that will end (MTG will ""rewrite"" it, claim it as his, or some other muppet will ""secure"" it after failing to understand every aspect of it) :D

Why are you using two statements when one will suffice? Assuming an ISAM backend, then you are needlessly locking the entire table twice... UPDATE users SET stamina = LEAST(maxstamina, stamina + $n2 *5) -- WHERE ...

Obvious my learned friend ... 2 Pints of Pol Pot and a Stoneybridge (Bonus prize for anybody spotting the link)

Free .tk domains. What do I win?

Since Edit Post is also broken... Login now works - might have been a glitch, but I really dislike seeing logins that fail; especially ones that display your password in plain text rather than masked. - - - Updated - - - Since Edit Post is also broken... Login now works - might have been a glitch, but I really dislike seeing logins that fail; especially ones that display your password in plain text rather than masked. - - - Updated - - - And while I dislike replying to myself... why are all these double posts appearing ? - - - Updated - - - And while I dislike replying to myself... why are all these double posts appearing ?

More theme problems... Login - Broken More activity link - Broken Image zoom - Broken I'd use another browser, but given the one I use is one of the big four ... you'd have though a little basic testing might have been done first. - - - Updated - - - More theme problems... Login - Broken More activity link - Broken Image zoom - Broken I'd use another browser, but given the one I use is one of the big four ... you'd have though a little basic testing might have been done first.

I still say CSS is a good alternative to this -- http://jsfiddle.net/7wCJ9/1/

Interesting to note that nobody has asked to what purpose the templating system will be put to. An "open-source project" does not yield many clues, but there are many different answers based on the type of project. For example, consider a pretty much static set of web pages; assuming data can be pre-fetched ie: vis standard GET/POST methods, AND assuming the pages change very little, is there any need for a template system outside of keeping computational logic separate from display logic? In a business application where pages may need complex rules to render based on prior selection of say forms, especially if many parts are shared throughout the application, then there is a strong case for templating. As for games, while they exhibit similar problems, they usually need to be fast - which might suggest staying away from things like Smarty. Personally, I'm with Guest here; Twig is an excellent all-round tool, which is highly extensible offering superb facilities along with the added bonus of being similar to Jinja2 making portability of templates between scripting languages an added feature. Personally, I'd start by looking at exactly what the project is going to be doing; examine how often the templates will need to go through a ""compilation"" stage, and what sort of facilities might be needed outside of the very basic variable, loop and conditional elements common to most. There's also the point about who is going to editing templates. Users? Staff? Developers? Each will introduce their own special take on which system is finally used, and may well be the driving force between template engine selection. - - - Updated - - - Interesting to note that nobody has asked to what purpose the templating system will be put to. An "open-source project" does not yield many clues, but there are many different answers based on the type of project. For example, consider a pretty much static set of web pages; assuming data can be pre-fetched ie: vis standard GET/POST methods, AND assuming the pages change very little, is there any need for a template system outside of keeping computational logic separate from display logic? In a business application where pages may need complex rules to render based on prior selection of say forms, especially if many parts are shared throughout the application, then there is a strong case for templating. As for games, while they exhibit similar problems, they usually need to be fast - which might suggest staying away from things like Smarty. Personally, I'm with Guest here; Twig is an excellent all-round tool, which is highly extensible offering superb facilities along with the added bonus of being similar to Jinja2 making portability of templates between scripting languages an added feature. Personally, I'd start by looking at exactly what the project is going to be doing; examine how often the templates will need to go through a ""compilation"" stage, and what sort of facilities might be needed outside of the very basic variable, loop and conditional elements common to most. There's also the point about who is going to editing templates. Users? Staff? Developers? Each will introduce their own special take on which system is finally used, and may well be the driving force between template engine selection.

While templates are without a doubt a wise move for almost any self-respecting project these days; with or without them, you can produce beautiful layouts with nothing more than CSS. Consider CSS Zen Garden Design List - where every design differs only in its CSS.

Clue: The script needs to be called once. Doesn't matter if it's 1 second, 86,400 seconds or 31,536,000 seconds since it was last called. - - - Updated - - - Clue: The script needs to be called once. Doesn't matter if it's 1 second, 86,400 seconds or 31,536,000 seconds since it was last called.

[alan@node86 ~/tmp]$ php -l test.php PHP Parse error: syntax error, unexpected '$alchohol_amount' (T_VARIABLE) in test.php on line 51 Errors parsing test.php Pretty self explanatory... Use the tools in front of you and setup your php.ini (or .user.ini) to display errors.

$bought = sprintf("UPDATE users SET money = money + %u, bankmoney = %u WHERE (userid = %u", 50000, 0, $userid); I would have a closer look at that if I were you. Not only is it open to race condition errors (difficult to reproduce, but nevertheless something that can be considered a violation of basic security principals), but more importantly - suspect. Don't you mean... $bought = 'UPDATE users SET money = money - 50000, bankmoney = 0 WHERE money >= 50000 AND userid = ' . $userid; (Assertions about the value of $userid left as an exercise for the reader).

Marginally OT but nevertheless... Say what now? While I agree, I'd not bother to mres the id, I'd at least have an assertion that it was either an int or a string of digits. Just because its a SELECT does not mean every effort should be taken to ensure that *any* variable that is passed to is fully sanitized. As I've said before, and I'll no doubt say again ... [user Input] -> mysql_real_escape_string() -> [Database] -> htmlentities() -> [browser Output] where [user Input] means anything from the superglobals (GET/POST/COOKIE/ENV/SESSION/SERVER/FILES), and/or anything read from a file or stream. mres() / he() can of course be replaced with your tool of choice depending on your database and of course scripting language. I'd also point out "encoding", but I'm sure everybody will do what they normally do and ignore it altogether - with latin_swedish_ci data tables, iso-8859-1 code, cp-1251/2 or utf-8 html... Fun for all the family

Some clues from a past article ... Can you spot the bugs?