Floydian

Re: [FAQ] Quotes, and heredoc That's what's up ;) There's nothing wrong with using templates. However, if "you", being a generic "you" encompassing any random person, is starting out completely new to coding, I'd recommend against using templates at first. I think ones goal when initially learning a language should be to learn the language, and not how to use a template. If you're new to php, and you're new to some template for php, then you're learning two things at once. After that, it's completely up to the person whether or not they want to use a template. There's advantages and disadvantages. Some pro coders use em, and some don't. It's really up to the person how they want to go. Consider the case of using an ajax library. It is my opinion that some people turn to an ajax library because they don't know how to code an ajax request and they just want something to do it for them. That's fine. I can tell you that I can do some crazy things with javascript and all without using any libraries, except in the case of JSON. Which is necessary to just about any substantial ajax application. But all of this goes way beyond the topic.   Which is ---- quotes. If you wanna know about what the intricacies of quotes in php are, read the first post ;)

Re: Security! I'm not sure when you'd want to strip php tags. I've never had an instance where user submitted content would be placed in a context that would allow it to become executable. That would just be horrible technique. I can see needing to strip php tags if your code were being put through eval() lol. But here's a direct quote from the guy that invented PHP: Rasmus Lerdorf: "If eval() is the answer, you're almost certainly asking the wrong question." That's the man right there. If Bill Gates told you you were using windows wrong, I think those words would/should carry a little bit of weight to them ;)   Now I get to the subject of XSS attacks. Those are based on html and javascript tags. It's common to take text from a user and display it on a screen for others to see. In this scenario, you should use htmlentities() to convert html and javascript tags into html entities. Of course there's also database injection that you have to be concerned about. So before putting the string into a db, us mysql_real_escape_string(). This can and most likely should be used in combination with htmlentities().

Re: [FAQ] Quotes, and heredoc Thanks Spudinski ;)   Wth is ===> <?=$variable?> Number one, short tags are not recommended. And number two, that's a syntax error, and number three, what is that even intended to do? Anyways, wrapping or not wrapping text in start and end PHP quotes is a good way to have large amounts of text displayed.   I know you prolly won't take my word for it, but using a bunch of <?php and ?> in a script is horrible coding technique. Like I said, I know you won't take my word for it. But if you have a large block of text, like an HTML head that has no variables in it, leaving the text as raw text outside of the php tags is an excellent way to go. However, I don't see that as being related to "quotes". Start and end tags are not quotes. Period. Hence they shouldn't be used on the fly to simulate quotes.

Re: The Point of Crime XP? I'm sorry to say but mccodes isn't a good way to learn coding php, unless you want to learn bad coding technique. mccodes is riddled with horrible coding conventions. Add to that the fact that mccodes is very insecure and it's easy to imagine someone learning off of mccodes learning to code insecure code as well. But with that said, I do realize that some people have learned that way, and that's fine. PHP is very easy to learn, and by no means does mccodes make it any easier to learn it.

Quotes is something I think the beginner PHP programmer might not understand all the intricacies of the different types of php quotes and when to use them. Three types of quotes are:   Single Quote -- ' Double Quote -- " heredoc -- <<<EOT ...... EOT   Single Quote The single quote is the fastest of the three types of quotes. The only caveat is this: if you need to concatenate your string a bunch of times in order to include variables, you're losing time because of starting and stopping the quotes. Single quotes tells php to not look for variables.   <?php echo 'This is NOT a $variable.'; // OUTPUTS: This is Not a $variable. ?>   This line of code will not print out the value of $variable. It simply sees this as pure text. If you need to use the new line character (\n or \r\n), or the tab character (\t), these characters are printed to the screen as they are instead of being a new line or tab.   <?php echo 'This will not give you a new line.\n'; // OUTPUTS: This will not give you a new line.\n ?>   Concatenating a string allows you to connect one string to another one, or some variable. A period is the operator that performs a concatenation.   <?php $variable = 'SOME RANDOM VALUE'; echo 'We want to add in a variable such as ' . $variable . ', so that we can print it out.'; // OUTPUT: We want to add in a variable such as SOME RANDOM VALUE, so that we can print it out. ?>   Single quotes often conflicts with writing HTML because html normally requires quotes. Sometimes you can just use double quotes in your html, but if your text has any apostrophes, you'll be escaping them. javascript also brings in the need to use both single and double quotes which means you'll be escaping some of those as well, and that makes the code harder to read and debug.   <?php echo ' <table class="head-table"> <tr> <td> This table isn\'t too bad as there is only one apostrophe, but the input button below is worse. </td> </tr> </table> <input type="button" onclick="some_function(\'arg1\', \'arg2\', \'arg3\')"> '; ?>   **Random thoughts** I normally use single quotes around small strings. If there is a need for one, maybe at the most, two things to be concatenated, that's fine. But any more than that, and I prefer a different approach that is outlined in the next two sections. Single quotes with lots of concatenation is very hard to read... And hence, is hard to debug. I find that most of the times, a long section of text will have some variables in it so I normally go with heredoc by default.   Double Quote Double quotes allow variables to be inserted into a string, and php will print out it's value. This benefit comes at a small price in the execution speed of the double quotes vs. the single quotes. PHP has to look at the entire string and determine if any of it contains a variable. Whereas with single quotes, that step is not needed. New line characters work as new line characters when you are using double quotes. So make sure to use the double quotes instead of single quotes when you are working with new line characters. Double quotes conflicts with html even more than the single quotes though. At least for me, I much prefer to use double quotes in html. It is prefered to do this, as javascript requires outer quotes to be double quotes and inner quotes to be single quotes. Note that it may work the other way around, but your professional Zend coder friends will laugh at you if you break that convention. ;)   <?php echo " <table class=\"head-table\"> <tr> <td> This example requires about the same amount of escaping as the last one. And I don't like escaping if I don't have to. </td> </tr> </table> <input type=\"button\" onclick=\"some_function('arg1', 'arg2', 'arg3')\"> "; ?>   Take note of the javascript in the onclick attribute in this last example and how the onclick="" uses double quotes and the arg's inside that attribute use single quotes. You can concatenate with double quotes just like you can with single quotes. Whenever you have a variable that has [] at the end of it, this variable must have {} around it if you put it inside the double quotes.   <?php echo "My name is $ir['username']"; // This example will not work. You will likely get an error on that. echo "My name is {$ir['username']}"; // This is the way you need to do that. ?>   Class properties can be inserted into double quotes strings without using {}'s.   <?php echo "The last MySQL error was: $db->mysql_error."; // This is 100% good code. ?>   You can put {}'s around any variable. This is helpful if your variable doesn't have a space after it.   <?php $var1 = "www."; $var2 = "phphorizons.com"; // yeah it's a silly example, sue me :p echo "{$var1}{$var2}"; // OUTPUT: [url="http://www.phphorizons.com"]www.phphorizons.com[/url] echo "$var1phphorizons.com"; // OUTPUT: (null) echo "{$var1}phphorizons.com"; // OUTPUT: [url="http://www.phphorizons.com"]www.phphorizons.com[/url] ?>   **Random Thoughts** I use this one more often than the single quotes. I like it because I can use apostrophes in smaller strings without any escaping. The speed issue is so minor it's not really a concern unless you're really scraping to save on CPU cycles. But by all means, don't let me stop you from optimizing your code as much as possible! heredoc And now we get to my favorite style of quotes of all. heredoc is the best of both worlds. It's faster than double quotes. (marginally) My source for heredoc being faster is: PHP5 Advanced Quick Pro Guide, Page 451, Figure 12.5 by Larry Ullman. Single quotes is the fastest of all three though. heredoc will print out the values of variables just like double quotes, and new line and tab characters are interpreted as new line and tab characters. You can't concatenate heredoc. You have to end the echo, put in your extra code, and then start a new echo. I recommend getting all your text together before echoing anything out, and putting it all into one big heredoc block. But before I get to that, let's look at the syntax of heredoc because it's very particular. echo <<<EOT ------------- You will need put in three <'s and then three upper case letters. The three upper case letters serves as your quotes. After the <<<EOT, there can be nothing else on that line. At the end of the string, you put: EOT; And that must go on a new line. ------------------------------------------------------ NOTE: It is noted by Decepti0n that the three letters can be of any length. This is true. I think you'll see that the conventional standard is three uppercase letters. Each person will almost always use the same three letters all the time, except out of necessity when those three letters appear inside the text being quoted. ------------------------------------------------------   <?php echo <<<EOT We must start on a new line like we did here. We can insert $variables, and variables with []'s on them like: {$ir['username']} so long as it has the {}'s. We can put in class properties: $db->mysql_error. And when we close out the string, we must put our end quote on a new line, and it must have a semi colon, and nothing else on the line. EOT; ?>   In order to avoid concatenating your strings, let's look at a sample query of an item table.   <?php // Define and submit a query to the database. $q_items = mysql_query('select id, name, sell_price, item_type from items'); // Initialize a variable that will contain the data from the query. $item_list = null; // perform a while loop to get the data from the query. while(list($id, $name, $cost, $type) = mysql_fetch_array($q_items)) { // Store the data in the $item_list variable, concatenate it each time to itself. $item_list .= <<<EOT <tr> <td> $name </td> <td> $type </td> <td align="right"> $cost </td> <td> [url="buy_item.php?id=$id"]Buy[/url] </td> </tr> EOT; } // End of while loop. // Now that we have all the data stored and formated in the $item_list variable in the form of an html // table that is only missing a start and end table tag, we can now do our echo all at once. // Take particular note of how readable coding in this way is. :D echo <<<EOT <table> <tr> <th colspan="4"> <h2>Item List</h2> </th> </tr> $item_list </table> EOT; ?>   One last thing of importance to note about heredoc, is that it can be used anywhere quotes are used. It's not limited to echo.   <?php // call a function with arguments using heredoc. some_function(<<<EOT arg1 EOT , <<<EOT arg2 EOT ,); // Take note how the comma does not go on the same line as the ending quote. // We'll do the same thing with an array. $my_array = array( 1=> <<<EOT blah EOT , 2=> <<<EOT foo EOT , 3=> <<<EOT bar EOT ,); ?>   I realize that this last example presents code that is harder to read than it's single and double quotes counterparts and hence, I use this sort of thing sparingly. But sometimes, it's just the thing to make life easier.   **Random Thoughts** heredoc is by far my most used quote type. Well, I do use double quotes in more situations like using them in function call arguments and whatnot, but when it comes to displaying html to a user, heredoc is the preferred method. New to PHP 5.3.0 is nowdoc. The astute reader may have noticed that heredoc is more like double quotes than single quotes. However, there isn't anything like heredoc that acts like single quotes until you get to PHP 5.3.0. I'll briefly introduce it here. <<<'EOT' blah foo bar EOT; This is nowdoc syntax. $variables are not seen when using nowdoc. nowdoc is useful instead of single quotes because single quotes don't need to be escaped ;)

Re: Programs control + shift + F3 => Folds all the functions on the page... :D control + 3, control + 2, control + 1 => wraps selected text in <h3></h3> tags control + d => duplicates a line of code, or all selected code.   Those to me are some of the most important key board short cuts for zend in case you haven't found those yet.

Re: PHP Code to send a mail when something happens well, it sounds like you need to put in a flag. something like, 0 you haven't sent the mail, or 1 you have sent the mail the flag is initially set to 0 once the Upgrade link is available, have it set this flag to 1 then, send the mail, if and only if, setting that flag to 1 was successful ie, if(mysql_affected_rows() > 0) {send mail} in other words, if the flag was already set, setting it to one results in 0 affected rows, and the mail is not sent again. when they actually click the upgrade link, make sure to set the flag to 0

Re: PHP Code not working, showing up text Replace: [b]Money:[/b] {$fm} [b]Level:[/b] {$ir['level']} "; if{$ir['exp']}>={$ir['level']}*975 { print "[url='level.php'][upgrade][/url] "; } [b]Crystals:[/b] {$ir['crystals']}   With: [b]Money:[/b] {$fm} [b]Level:[/b] {$ir['level']} OUT; if($ir['exp']>=$ir['level']*975) { print "[url='level.php'][upgrade][/url] "; } print <<<OUT [b]Crystals:[/b] {$ir['crystals']}   heredoc   If you aren't sure what "heredoc" is, I think you should look it up. Google search: php heredoc   You had php code inside of a heredoc block. heredoc is essentially custom quotes. <<<OUT or <<<FOO or <<<UGH doesn't matter what three uppercase letter you use, it just needs to be something that isn't in your text.   <<<OUT is bad because out is a fairly common word I use <<<EOT I think some folks use <<<EOF   and the end quotes are:   EOT; or EOF; OUT; FOO; UGH;   That's the basics of it. You can't concatenate.   echo <<<EOT dfadfasdf asdfasdfafd asdfasdfadf EOT . $code . <<<EOT adfasdd asdfsdf asdfa EOT;   That just doesn't work.   It'd have to be:   echo <<<EOT dfadfasdf asdfasdfafd asdfasdfadf EOT; echo $code; <<<EOT adfasdd asdfsdf asdfa EOT;

Re: How Do I Delete The Inactive delete from users where laston < unix_timestamp() - 60 * 60 * 24 * 30   Take the current time, and subtract 30 days from it. You're subtracting seconds, so you need 30 days worth of seconds: 60 seconds * 60 (minutes) * 24 (hours) * 30 (days)   now that you have a timestamp that points to 30 days ago, you simply need to see if laston is less than that. "laston" may be a different column name, I'm not 100% if that's the right name for that as mccodes isn't what I work on day in day out. Keep in mind, just deleting the users presents some problems. If they had a gang, and they were the leader, and no one else is in the gang, that gang will be stuck having 0000000000 members. Any items they had for sale in the market will point to User=> [] Basically, it'll be empty. There's more things that happen, trust me. You really need to be thorough about removing all traces of the user, and not just their row in the users table.

Re: Cron alternative? we did a lengthy discussion about cron alternatives, search the forum for it. it should be easy to find   for hosp times it goes like this   hosp time = time() + 60 * $random; where $random is your random number of minutes you want them in hosp.   then, if (hosp time > time()) { you're still in hosp}   it's super simple. there is no one minute, or five minute cron on my game, and hosp and jail time are not run by crons at all. a benefit to this, is hosp time and jail time is exact to the second check it out on my game some time. if you have less than 3 minutes in hosp/jail, the seconds left is display with the minute. :D

Re: Programs Does notepad++ have code syntax highlighting? I can't tell you how invaluable to me that is. I use Zend Studio Pro. The Pro version includes ftp which is another invaluable thing for me since I code locally, and then upload to the server when I'm done. There are free alternatives such as Aptana Studio which also has syntax highlighting, and ftp. Aptana also has code folding which is something I would not do without. http://www.aptana.com/studio/

Re: [FAQ] sprintf - no, it's not a phone company I'm glad ya'll are liking it :D

Re: Help! ditto on mdshare that's the basics of the basics also, there's no way anyone is going to be able to fix your login problem without seeing some code.

Re: Stalemate bans members   There's no reason to escape the $userid. Number one, $userid is derived from the $_SESSION['userid']; variable, which itself was orginally pulled from the database upon confirming the password and the login name. Therefore, $userid is not user INPUT. However, I think it is good practice to type cast the userid anyways. Number two, you have quotes around your database tables when it should be back ticks. And the back ticks are really not required here. Number three: you're missing a " at the beginning of the query. Number four: You misspelled attacking, and number fiver: you misspelled userrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrid. $q_update = sprintf('update users set attacking = 0 where userid = %d' $userid); mqsql_query($q_update, $c);   if it's version 2 of mccodes $q_update = sprintf('update users set attacking = 0 where userid = %d' $userid); $db->query($q_update);

Re: View Surrenders In this situation, I would load up that page, then click on "view source" and look at the html that was output by the script. Since the submit button isn't being shown, it would seem that there's an error somewhere in the while loop. If php is outputting an error message, and that error message is getting inserted into the select drop down menu, that could cause the html error you're seeing. It's also possible that if gangs on your game are allowed to put special symbols like < > ' " into their gang names, that could be what's causing the html error there, and again, the view source on the html should show what that error is. Go ahead and check that out, and post the source html here if you don't see anything yourself so I can take a look at it. From what I can tell, I'm pretty sure there's an html error coming in here. Another thing you can do, is take a query like $ggq=$db->query("SELECT * FROM gangs WHERE gangID=".$r[$f]); and run it in php my admin. You can also try to echo the $r[$f] variable as well so that you can see what value it contains. Keep in mind, that this query is done in the middle of a select html element, so you will want to comment out the echo's that output the select, and that will allow you to echo this value to the screen. If that $r[$f] variable doesn't come out with a number, then that is definitely the reason why the html is getting errors. Try that stuff out and let me know what happens.

Re: View Surrenders so nothing is printed to the screen at all eh? looking at the code, no matter what you throw at that function, ie, in terms of a $_POST['subm'] variable, it will print something, which leads me to believe that the function is not getting called at all.

Re: View Surrenders what about it is not working? are you getting errors? is the page displaying at all, or are you getting the white page of death? if the page is displaying, what isn't displaying the should be?

Re: NEEED A CODER   Well, what did you mean by what you said? I did quote you exactly verbatim.

Re: New Login pg. Does it do this:   Just wondering....

Re: NEEED A CODER Make sure you give krisler access to your database, and two weeks to a month to write a SQL query... You'll love the results! You'll see that krisler wasn't joking when he says his queries "COULD DAMAGE MOSLY ANY GAME"  

Re: HELP!! lol Hijack! 0 is an infinite :D It's infinitely undefined. How more undefined from 1 is 0? Is it more undefined from 1 than from 2? Such unanswerable questions are the result of an "in--finite" property. Here's a couple more. What's infinity divided by two? Infinity. What's undefined divided by two? undefined :) Infinity + infinitiy = infinity undefined + undefined = undefined Okay, I'm done bustin your balls Nyna :D

Re: strang ' marks appearing I try to refrain from "ditto" posts, but this one just begs for Iso's post to be ditto'ed DITTO!!

Re: strang ' marks appearing I'm sure someone can figure out why, but how is anyone going to figure it out without looking at the code? For crying out loud lol And if/when you do post the code, also post a sample of the added ''''' so that we can know where it's coming in at.   Edit: By the way, I think you may be assuming that we're all working with a copy of mccodes and mise well just look at ours. There's a flaw in that thinking, if you do in fact think that. I don't use mccodes. And I doubt most people that are really good at coding will use mccodes. I coded my game completely from scratch, and Nyna, one of the better coders around here has coded her own stuff from scratch. The second possible flaw in your thinking is that other people with mccodes have the same problem, and know how it should be fixed already. I'm sure there are those folks out there, but narrowing the list of possible people to answer your question to just those folks is sure to have you waiting a long time for an answer. So, post your crime code, and you'll likely have an answer in a day or two. Or don't post it. doesn't matter to me. My game is bumping along nicely and there are no errors or "weird things" happening on it.

Re: Attacking bug check if the person being attacked is in fed I have no idea of what your coding ability is, and if you don't have any/much at all, then you'll need to post your attack file.

Re: [FAQ] Securing Input Variables Knowing how to do something, and knowing how to teach it are definitely two different skill sets. It's been said that those that can't do something, teach it. In other words, if you aren't good enough to make money doing something, perhaps you can make money teaching it instead. :)