Floydian

Re: Manage gang problem need really good help Old code { echo sprintf("You have declined the application by %s.<br } else if ($bappdata['business'] != 0); {   possible solution: { echo sprintf("You have declined the application by %s. ", ''); } else if ($bappdata['business'] != 0); {

Re: Help Avatar! lol, typing google favicon is almost as easy as typing:   make an image, name it favicon.ico (GIMP can output to ico format) place in top level folder of your site. then link the favicon in your html header   <link rel="icon" href="favicon.ico" type="image/vnd.microsoft.icon" />

Re: A small cron problem Glad I could help ;)

Re: A small cron problem Instead of $db->query("UPDATE users SET userBANKAMMT = userBANKAMMT + (userBANKAMMT/100*3.0) WHERE userBANKAMMT > 0 AND investlevel == 0"); $db->query("UPDATE users SET userBANKAMMT = userBANKAMMT + (userBANKAMMT/100*5.5) WHERE userBANKAMMT > 0 AND investlevel == 1");   try   $db->query("UPDATE users SET userBANKAMMT = userBANKAMMT + (userBANKAMMT/100*3.0) WHERE userBANKAMMT > 0 AND investlevel = 0"); $db->query("UPDATE users SET userBANKAMMT = userBANKAMMT + (userBANKAMMT/100*5.5) WHERE userBANKAMMT > 0 AND investlevel = 1");   It's just 1 equal sign in mysql comparison statements. mysql has the assignment operator which is also used for comparison (=).

#-----------------------------------------# # iif function # # Why is not this in PHP beats me! # #-----------------------------------------# function iif($condition,$value_true="",$value_false="") { if($condition) return $value_true; else return $value_false; }   I ran across this bit of code in a commercial php application. It's a simple function, and does what it's supposed to. BUT..... "Why is not this in php...." Well, it is in php. It's called a ternary operator....   $result = $condition ? $value_true : $value_false;   And the egg is on their face!

Re: Good Programming? That's an American phrase that means: Go and do the best you can with what you have at the same time as wishing a bit of luck with the statement that is implied by the phase "I know you'll 'get em' or else I wouldn't have said it". Go kick ass would be mostly an equivalent expression. The difference being a go get em being geared towards a younger audience. :)

Re: Simple Lastaction Func I was originally going to say it was a nice function, but then I saw the return error during testing. But it is a nice function that you mostly came up with. ;) Kudos

Re: Simple Lastaction Func CRAP!!! Including Isomerizer!! The regex is a waste of time. Are we really going to take the extraordinary action of killing script execution if a number isn't passed to the function? Wow... Second, minutes, hours, and days will always be plural. That's a small oversight, but when I see 1 days, or 1 hours, or 1 minutes on a game, it makes me think they're lazy folks. Worst of all is the logic error. You're performing all of your manipulations on the time in the $last variable. But you are returning the $time variable!!! This function doesn't do a damn thing!!   Here is the cleaned up function:   function lastaction($time) { // $time = the lastaction fetched from users table settype($time, 'integer'); // make sure the $time is actually numeric $last = time() - $time; if ($last >= 24 * 60 * 60) { $last = floor($last / (24 * 60 * 60)); $unit = $last == 1 ? 'day' : 'days'; } // check days elseif ($last >= 60 * 60) { $last = floor($last / (60 * 60)); $unit = $last == 1 ? 'hour' : 'hours'; } // check hours elseif ($last >= 60) { $last = floor($last / 60); $unit = $last == 1 ? 'minute' : 'minutes'; } // check minutes else { $unit = $last == 1 ? 'second' : 'seconds'; } // lastly check seconds $lastaction = sprintf("%u %s", $last, $unit); return $lastaction; // return the result.. } // ex: $last = lastaction($fetch['lastaction']); echo $last; result = last time player made an action   I tested this function and it operates as required.

Re: Simple Question So the header and footer would have the dynamic content, but the body would be static? In that case, the start and end tags would be fine.   In contrast, if you had a form with four input elements, and each needed some dynamic content placed in it, I would NOT use start and end tags all through that form. I'd generate the entire form in the context of a heredoc statement. And then, if the rest of the page where static, then by all means, place that content outside of the php tags. It's just like embedded javascript. It's extremely poor programming technique to have javascript embedded all over your document. It should all be condensed into an external js file and attached to the DOM dynamically. PHP can't be attached in the same way as javascript, so you have to have php tags in the HTML somewhere, so it's use should be minimized as much as possible. One or two sets should be all you need. If it starts getting into four, five, six sets of php tags, you really should ask yourself, is there a cleaner way to write this code?

Re: How to....   $result = mysql_query("SELECT * FROM `users` WHERE `id`='".$id."'");   Why do people select every column from the users table? I see this all the time. Every select query selects every row in the table, even when all that is needed is an item name or gang name...   echo $username = user_info('username');   Code condensing like that may be easier and better for pog-one, but that doesn't make it better. For instance, the order of operations there is a bit harder to understand at a glance that the other way around. I know pog-one you're going to say "that's not true". But step back for a second, and consider that for you "that's not true", but for others, it may be entirely true. That's really such a trivial deal, I wouldn't make anything of it. What's not trivial, is getting every single column from the users table. It's likely that if you're in the habbit of doing that sort of thing, that many more queries you've written are like that pog-one, and that's something you could really do well to optimize. ;)

Re: InnoDB or MyISAM The info was linked to directly from the MySQL site. If the info is wrong, the egg is on their face, no? I.e., claiming to have a customer you actually do not have could be considered a minor fraud... (but alas it has nothing to do with innodb lol so I'll leave it at that and respond to Nyna to pm)

Re: Time Stamp. lol that's a nice way to do it

Just in case anyone is under the illusion that the big companies on the web do things better than us lowly non corporate entities can, here's something for you to ponder. I'm going to paste a few lines from the comments in pay pal's "pp_main.js" javascript file.   This script doesn't appear to have been coded by someone that thought someone else would be reading their comments... You've gotta wonder what other shortcuts they've taken!   So, the point I've made so far is that these folks aren't perfect. Their "crap" stinks just like everyone else's, as the saying goes. lol As Billy Mays would say, "But that's not all!!"   These folks are using an off the shelf library provided by Yahoo called The Yahoo! User Interface Library (YUI). There's nothing wrong with that at all. I use the same exact code library in most of my work. I've seen YUI in use on cpanel as well. If you've ever seen those templates they use that allow you to change the order of the menus by dragging them around, that's a YUI interface. And the regular File Manager (not the Legacy one) uses a YUI Datatable to display the folders and files. There's probably more YUI. So I took a quick look and they have YUI TreeView, Event, Panel, and quite a bit more. YUI is a free library with extensive documentation. I highly suggest that anyone interested in javascript check it out.   Now I've demonstrated that these folks are using technology available to the masses in order to create their slick UI's (user interfaces). So anyone that shares the sentiment in the following quote from a person who shall not be named now, is sadly mistaken.     I guess by that reasoning, PayPal authored Yahoo YUI. Did I get that right? Perhaps they also wrote the ECMAScript 262 standard used to define the javascript standard which is used to build their entire UI? No, these folks use the same things we all can use. They don't reinvent the wheel (to use Nyna's fav quote) when there's a perfectly good wheel available already. Whilst PHP may not be the end all be all, there isn't anything else available for server side scripting that eclipses PHP in any significant way.   Sure there's pluses and minuses to all scripting languages. PHP is one of quite a few top notch scripting languages. MySQL is used by so many people it's not even funny. Just check out the MySQL Customers page and you'll see a number of banks, government institutions, and even Google on it!   Now that you've been empowered, go get em!! ;)

Re: InnoDB or MyISAM Read this: http://www.mysql.com/customers/customer.php?id=75 And then a little bit of this one: http://www.bytebot.net/blog/archives/2007/04/26/mysql-at-google  

Re: Time Stamp. I normally write my time stamp deals like this:   $time = time(); $last_on = // value from database :) if ($last_on > $time - 60 * 60 * 24 * 4) { // we're good to go } else { // we're not good to go }   where the amount subtracted from time follows this pattern:   second * minutes(opt) * hours(opt) * days(opt) The second, third, and fourth parts of that equation are optional. For 6 hours: 60 * 60 * 6 I do it this way because it makes the code much more readable. ;)

Re: Account System without MySQL This is pro quality material? :?

Re: InnoDB or MyISAM I've only used myisam Attempted once to enable innodb on my local web server but it didn't work out. I'm not sure where I went wrong, but I did something wrong during the mysql install process. Since then, I've gone 100% with myisam and for me there is no need for anything else. I use a number of methods to ensure a user can only do one transaction at a time. This can involved setting a transaction id and then unsetting it after the transaction is done. No other transactions would be allowed until the transaction was completed. In situations where one person buys something in a market and another person removes that same thing at the same time, I would use a different technique where I attempt to delete the item first, and if that's successful, carry on. It's simple, compatible with php 4, and can easily be turned into a db transaction like deal where you have a class that handles all transactions. Any script that wanted to do some sort of cash or item transaction would use a set of code that secures all of this for you. Something like: $item = new Item(); $item->removeShopItem($item_id); or $item->buyShopItem($item_id); You could even have $item->removeShopItem($item_id, $shop_id); // for user owned shops, or multiple game run shops Wish I could say something about innodb, but it doesn't seem like something that is neccessary in a gaming context. I couldn't say what banks use as I've never been employed by wells fargo... nor do I know anyone else that has either...   On a side note, PHP is used in lots of top notch sites. Let's not forget that Yahoo employs Rasmus Lerdorf and has employed him since 2002. Of course he's the creator of PHP. I can't point to any yahoo pages that have a .php extension on them as they remove all that stuff, but I assure you that Yahoo is not letting Rasmus Lerdorf's PHP skills go to waste... Pay Pal appears to be using ColdFusion which isn't any better or worse than PHP. Again, I can't say 100% for sure that they are because of the lack of extensions on web pages, but a few of them do have a cfm extension. The main pages do not have that though. Google uses mysql for it's search engine and that's a fact. I can't think of any other example of usage of mysql that is more prominent than that. mysql dominates the database market for a reason. Sure there's lots of other db's out there, but I doubt any of them have more market share than mysql. If it's good enough for google, it ought to be good enough for the rest of us.

Re: Basic Ajax is easy Yeah, I dun think there is any question that javascript is here to stay for the foreseeable future. In fact, I think javascript is so important for web design that I'd caution anyone that wants to be a web programmer to not overlook javascript. The worst thing about javascript though are the tutorials. I saw one that said document.write is the chief way to output data to the screen! What a load of crap... document.write is one of the worst ways to output data to the screen! And most tutorials completely miss the fact that javascript is an object oriented language. One tutorial said you could have strings, numbers and arrays for data types, completely missing objects!!!! And that summarizes the state of javascript with most people: MISUNDERSTOOD

Re: [FAQ] Scaling an image That's phat Spudinski!   I took the liberty of modifying your code and making a javascript version of it, posted here.

I'll throw 98% of the credit for this to Spudisnki and his how to in the php how to's which does the same thing. I thought it'd be worth noting that the same thing could be done with javascript. I even took his code and converted it to javascript format with minimal changes. The changes mostly involve removing $'s and getting the image size via the DOM instead of PHP's GD library. His PHP FAQ is here. Check that out for his explanation of why this is useful!   <html> <head> <title>Image Resizing!</title> </head> <body> [img=bar_samp.jpg] </body> <head> <script> // use document.getElementById to get a reference to the image object in the DOM // the image we're resizing must have an id attribute. We're using id="my-image" var image = document.getElementById('my-image'); var config = []; config[0] = 150; config[1] = 150; if (image.width > config[0] || image.height > config[1]) { // if the width or hieght is greater than the specified ones var xr = config[0] / image.width; // specified width divided by the original width var yr = config[1] / image.height; // specified height divided by the original height if (xr * image.height < config[1]) { // if the height is less than the width image.height = Math.ceil(xr * image.height); // calculate the height, as it will be less than the width image.width = config[0]; // the width doesnt need any further calculation } else { // if the width is less than the height image.width = Math.ceil(yr * image.width); // calculate the width, as it will be less than the height image.height = config[1]; // the height doesnt need any further calculation } } </script> </head> </html> <!-- // Ignore the php tags lol, only used for colorization... ?>-->

Re: Basic Ajax is easy ST-Mike, there's many good points in there. I would add to it, and perhaps amend a few things. Ajax is never required. Iframes make it possible to do most of what ajax can do. And there's always the possibility of just not having the functionality that ajax might provide. It's not absolutely necessary to warn a new user upon signing up that the username they choose is not available as soon as they type it in. What's more important is that the form data is preserved once they submit the form. If there is an error, the data they typed in should be filled back into the form. And in that way, ajax is only a nicety. Yeah, that could be considered nit picking ;) Like I said, just a slight amendment to what you were saying. _______________________________ Your second tip I have an actual disagreement with. However, I don't disagree entirely. The question one must ask themselves, should my site cater to everyone possible, at the expense of more advanced features supported by every major browser in existence for the last 6 years? For the sake of argument, javascript is and has been supported by every major browser for a long time. People actually have to disable it. If people choose to take that route, should our site cater to that? Ajax is entirely out of the question if you disable javascript. You probably noticed that the ajax script I provided does check if the browser supports three different means of creating an XHR Request. If none of the three will work, it alerts the user to this fact (I've never received a report of anyone getting this error). Of course that requires javascript to not be disabled. So it boils down to what you want for your site. If you are going to cater to non javascript people, you should consider that anything that uses ajax will require that you provide a way to do the equivalent thing without ajax. This sort of thing can lead to hard to maintain websites and may not be worth it in the end. This usually means eliminating the use of ajax. Some cases where I would want to do this would be sites intended for informational purposes where it is expected that your users will be stuck in the past. Perhaps a site dedicated Geriatrics? It's my opinion that anyone that wants to play games online should have javascript enabled. HTML by itself is intended to be a means of text transfer, not a means for generating dynamic web pages. One big reason people disable javascript is because they believe javascript to be a security issue. It would only be a security issue if the site you're visiting is allowing malicous users to post javascript, or if the website itself is posting malicous javascript code, and even then, browsers are very very good a keeping users safe. After all, if they can't keep their users happy and safe, they lose market share. Beginning in FireFox 3, mozilla has disabled cross domain XHR Requests. This has been disabled in IE and Opera for some time now. There are major security concerns where websites make use of remote server javascript. To sum all of that up, javascript is not inherently unsafe. Simply being on the internet exposes your computer to the world. Therefore, if one wants to be paranoid about it, they shouldn't be on the internet at all. One big argument in favor of javascript is that Google and Yahoo are BIG proponents of using javascript on their pages. Yahoo mail beta is entirely generated from javascript. Turn off javascript, and Yahoo mail beta will do nothing! Google's gmail is ajax based and won't work without javascript. The main area in my mind where javascript legitimately not an option in many cases is mobile phones. Newer phones do have javascript enabled browsers, but many phones can't handle javascript at all. If you're going to make your game 100% mobile compatible, it's highly recommended that you setup a mobil subdomain and create pages designed to work well with phones.   To sum up what I'm saying here, suggesting to people that they should be cautioned about their use of javascript is like telling people they should be cautioned against using any sort of images because of Lynx and people that still use text only browsers... It really isn't something people should be concerned about in conjunction with a game site. Geriatrics, perhaps, but not php powered games... ----------------- As for the chat room example, that amounts to nothing more than an anecdotal account of one instance where someone got their stuff wrong. It has nothing really to do with ajax, at least fundamentally. Any time you're dealing with logins, you're dealing with security. Whether your site uses ajax, or not, security is going to be a concern and people get that wrong all the time. Some bank had millions of credit card number compromised a few days ago. Now that's a big deal there! You know banks are paying big money to have secure systems installed, and yet, they have problems too. So while I agree with most of what you've said, I think the subject matter you've brought up really doesn't apply to ajax, and the topic "Basic ajax is easy!". In other words, nothing you've said has made what I've stated in the original post any more difficult than it was before. The cautionary words really apply better to a discussion on browser security than basic entry level ajax.

Re: Simple Question pog-one's example is bad programming technique in most cases. An example of when you might wanna put HTML text outside of php tags is when your document header is entirely static. In other words, it always stays the same. Or perhaps your footer might be done this way. Despite any performance differences of different techniques for outputting HTML in a php script, if you look at professionally coded scripts, you really don't see the use of start and end php tags for the sole purpose of outputting one small tid bit of php generated output. For instance, phpBB appears to use some sort of parser that takes html files that are used for templating and swaps out certain things for dynamic content. You might have something like: The phpBB script would swap out BASE_PHPBB_DIRECTORY for whatever that "constant" represented. I know people won't take my word for it, but it is definitely true that use of start and end php tags is, in general, bad programming technique and you should stay away from it.

Re: Help with makeing mods W3schools and php.net iv learned but how do i make a mod I recommend getting a Buddha statue think real hard while you're rubbing it's belly... Okay, on a more serious note, perhaps you should start with the obligatory "Hello world!" examples, and more up from there?   One last thing, if you've learned all there is to learn from w3 schools, and php.net, then you should be teaching me how to code... Because I have LOTS to learn from those sites...

Re: learning mysql_real_escape_string just need to verify. What Nyna likely is talking about could be illustrated by saying (in a more helpful manner perhaps...) that securing user input against mysql injections is one thing, but securing the game against, for example, javascript code being inserted into a string displayed to users, perhaps in the form of a profile signature, that would not be remedied by the use of any database escaping function. I'll save Nyna the trouble of pointing out that "that's not all there is to it". Indeed, you're right. But that illustrates the point that the input can be stored in a database safely, but may still be unsafe to output back to the users.

Re: learning mysql_real_escape_string just need to verify. Understanding how you to use the function requires an understanding of what the function does. mysql real escape string mysql -- well, this is for use in mysql queries real -- this part means that this function takes into account the current character set of the connection (not something you need to worry about too much from a programming point of view. It's just there to make sure things don't break in certain ways) escape -- This is the heart of it. I'll explain more about this one in a second. string -- As Nyna pointed it, this clues us into the fact that this function is intended to operate on strings. Worry not, if you pass a number to this, php converts it to a string. But, the point is that numbers have better methods for us to use.   Escape. When we escape something, we're taking a character that has a special meaning and rendering it neutral. Let's look at some PHP examples of escaping.   Suppose we wanted to put something like "$dollars" into a string, and we wanted it to litterally be $dollars, and not the variable $dollars. It's the $ symbol that makes $dollars a variable. In order to neutralize that special meaning of the $ symbol, we use a \ symbol. Our string would have to be written like this: "\$dollar" in order for that string to literally mean "$dollar".   Now, when it comes to MySQL, there's all sorts of special characters that have special meaning and we don't want users typing in these special characters and causing us problems. By default, all of these special characters are not numbers. If you are dealing with a pure number, escaping the number does nothing for you because there is NO special character there.   So, to recap, mysql_real_escape_string() is used to neutralize special characters that might screw up our queries.   Now, in the first post we have this code: <span class="syntaxdefault"><?php $db</span><span class="syntaxkeyword">-></span><span class="syntaxdefault">query</span><span class="syntaxkeyword">(</span><span class="syntaxstring">"UPDATE users SET crystals=crystals-{$_POST['crystals']} WHERE userid=$userid"</span><span class="syntaxkeyword">, </span><span class="syntaxdefault">mysql_real_escape_string</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">users</span><span class="syntaxkeyword">), </span><span class="syntaxdefault">mysql_real_escape_string</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">crystals</span><span class="syntaxkeyword">)); </span><span class="syntaxdefault">?> </span>   The biggest mistake here is in this line: mysql_real_escape_string(users),   users is considered a constant here. You have to use quotes around strings, if you pass a string to a function. Then, the assumption that the column from the database table can be inserted into the function and escaped is backwards. PHP doesn't know what that is. What it does know is what is contained in the user's input. $_POST['crystals'] could be passed into the mysql_real_escape_string() function, but not the table column crystals. It's already been said that crystals is a number that doesn't need to be escaped, but here we have a syntactical error in addition to the theoretical error of escaping numbers. ;)