Floydian

Re: Tutorial: v1 - v2 Conversion um what about using the class method is safer than the using the built in msyql_query function? function query($query) { $this->last_query=$query; $this->num_queries++; $this->result=mysql_query($this->last_query, $this->connection_id) or $this->query_error(); return $this->result; } as you can see, it's just doing a mysql_query inside a class. Nothing, absolutely nothing safer about that bro man. :mrgreen:

Re: Url Encode I'm definitely open to doing some coding for you. What did you have in mind?

Re: itemmarket.php help On a side note, it's not correct to call a function before it's defined. All of mccodes is written with this error. You'll notice the switches always come before the function definitions. That is incorrect. The proper way to do it is to have the function definition before the switch. Like I said, this is a side note, and not directly related to a "solution" for the problem that was already fixed.

Re: MCcodes Header Help Just because someone may have had the same problem doesn't mean fixing it will be the same. I see it as one of two things: An html error An error in the logical flow of your script lots of people have those errors, but fixing them is different for every one.

Re: MCcodes Header Help source = View HTML source As in, View >> View Source >> You can see the html source code of the page you're looking at. As for your header, I wouldn't want to see it lol, unless you're paying me to look at it. As for your problem, you haven't given anywhere near enough detail for me to even begin helping you. I gave you the advice that could lead to an easy fix if you're problem was caused by the die function preventing html from being output by the $h->endpage() function. It seems that you don't think that's the problem. I guess you're stuck. Good luck with it.

Re: MCcodes Header Help normally mccode scripts end with:   $h->endpage(); ?>   So, when you call the die function, call the endpage() function first. If that doesn't work, then you've got some sort of whacky problem that might be difficult to help you solve without at the very least seeing a source of you html. if ($ir['user_level'] < 2) { echo "What ya tryna do bro?"; $h->endpage(); die; } That is basically what you want to do. You'll commonly see text placed into the die function, but that is not the best practice since that string will be the last thing sent as html output and will come after any </body></html>, unless you put that in the die function.

Re: HOW DO I SORT OUT THE DATABASE!!! Like moths to a flame... 8-)

Re: Url Encode there isn't much to it when you need to echo out URL links that might contain special characters, urlencode() you string Say you wanted to pass the value: ?action=view_item&id=23&link_back=auction&link_back_action=action=view_auction Perhaps this is a bit too complicated, but, let's view this broken up into composite parts. ?action=view_item that is the variable that controls the switch   id=23 that is the item id link_back=auction you can match that up to an array that gives you a file name for the auction $file_names = array('auction' => 'auction.php'); that way you're link is secure link_back_action=action=view_auction ah, here we have something that needs to be urlencoded link_back_action <<<< that is the variable name action=view_auction <<<< that is the value but that equal sign is gonna be a pain That value could easily be something more complex, suppose you wanted to include the auction ID (to match up the particular auction item) action=view_auction&id=1234 so now you have a string you want to pass in the URL that you DO NOT WANT BROKEN UP INTO variable => value pairs $link_back = urlencode('action=view_auction&id=1234'); and now the value you will pass in the URL is: ?action=view_item&id=23&link_back=auction&$link_back And now you have a complex string with control/special characters in it that can be passed as one variable => value pair. You don't have to urldecode that on the other end. Any ways, there's many many uses I'm sure, but it really comes down to, are you trying to pass something in a URL that won't work? If it's not working, try URL Encoding it Are you trying to use something passed in a URL that won't work, try URL Decoding it. :-)

Re: Securing Variables There's certainly cases where "internal" data in the form of a string is stored in a db and in that situation I'd certainly not use htmlentities. For instance, when serializing data, applying htmlentities will make the data unusable later on. In my experience, 99% of the strings I store in a db, get displayed at some point. So I fail to see the reason to leave out htmlentities on an escaping function when you know that almost all of the strings you're storing will need the html and javascript neutralized. It's much better than applying it on a case by case basis where you're bound to miss one somewhere. I also fail to see why one would escape individual quotes when you can simply apply a mysql_real_escape_string() function. Then again, I've seen numerous mods that someone coded, then sold, and there was no database protection at all, so I guess your method of escaping individual quotes is better than nothing. :-) All those union select deals people have been doing are a case in point...

Re: Securing Variables lol then ya owe me one :p

Re: HOW DO I SORT OUT THE DATABASE!!! um, no users table, aye caramba run the installer again....

Re: HOW DO I SORT OUT THE DATABASE!!! I'm not sure if you're looking to make money on this game, or if you're just doing this as a hobby, akin to twiddling your thumbs. If you're looking to make money at this, and at the risk of sounding like an ass, perhaps I can save you some frustration man. It sounds like you barely know anything about coding. I'm guessing you know how to run an installer and ran into a problem and couldn't solve it. So, that means you prolly don't know php or mysql. I have no idea what kind of skills you have in administering a web site or a web server, so I won't make a guess on that, but I'll assume you have at least a rudimentary set of skills in those two areas (as without them, since you don't have php or mysql you're basically doing something you know absolutely nothing about.). Okay, so now I sound like an ass, but if I'm right and you are in the situation I think you are, lemme tell you what's prolly going to happen: 1. Getting people to join your game is going to be a hassle because you prolly don't have the skills to really make it good. Anyone can edit HTML, but can you make a php script? When people login to your game and see the same old tired things that are in place everywhere else, they'll move on leaving you to wonder why the people that sign up don't ever really stay. 2. Some folks will take advantage of "KNOWN" bugs in mc code and ruin the economy in your game over and over again. Since you prolly don't have the skills to fix these bugs, and due to #1 you likely won't have the player base to be able to afford to fix these problems using money earned from running the game.   All of this can be overcome by putting out some good money and hiring the folks that can make it happen for you. I'm guessing you're not in that position. Or you can learn php and mysql, and in that case, take a year, seriously, maybe even more, and learn them well. Then get your game going. Anyways, now that I'm sure I've thoroughly taken your opinion of me and flushed it, I say this cuz you're prolly spending a few bucks on web hosting, and you might even buy a mod or two. SAVE YOUR MONEY lol Stick with a free host, twiddle your thumbs on some php and mysql for a year, and then come out with your game. You'll thank me in the end for saving you the frustration of being one of the many that had high hopes and struggled on striving to make it work, when it was doomed in the first place. :mrgreen:

Re: HOW DO I SORT OUT THE DATABASE!!! I should have noted that this line here: mysql_select_db('my_db_name'); is the line of code that was missing or in error. Sorry if that omission caused any confusion. To add to the point about going into cpanel. If you don't know your database name, go into cpanel as was mentioned, and once you're looking at the mysql database stuff, you'll see the databases (schemas) that you have. There could be more than one schema there, so you'll have to figure out which is the right one. If one of them is called information_schema, it's definitely not the one you want.

Re: HOW DO I SORT OUT THE DATABASE!!! Now that I can connect to the site, the problem appears to be that you're missing the line of code that selects the database to connect to.   <?php $con = mysql_connect(HOST, USER, PASS); mysql_select_db(DB); ?>   That's what my connection script looks like. Of course that's included on every page that needs a db connection. Note the use of constants. Each of those could just as easily be something like $con = mysql_connect('localhost', 'db_user_name', 'db_user_pass'); mysql_select_db('my_db_name');

Re: HOW DO I SORT OUT THE DATABASE!!! Unable to connect Firefox can't establish a connection to the server at www.criminalnation.x10hosting.com.

Re: Securing Variables You're welcome! I think you came up with the order by rand(), so consider it an even trade :p

Re: Crons code=adadfweqwefwf is something that is "passed" to the script The script prolly checks the $_GET['code'] to see if it matches a predetermined code (this predetermined value would be set in the script itself) and is used to determine if the script should run or not. passing a code in such a manner is used to prevent a player in your game from easily being able to run a cron themselves. so, make that code is matching up properly or you crons will most like work, but nothing will happen as the script will "die" if the code isn't matched properly.

Re: Securing Variables Not sure what the argument is about, but since this thread is back on top again, ya might want to avoid this function:   function clean($string) { if (ini_get('magic_quotes_gpc') == 'off') { $string = addslashes($string); } else { $string = mysql_real_escape_string(htmlspecialchars(stripslashes(trim($value)))); } return $string; }   lol What good does it do to test if magic quotes is off, and addslashes to it, if when magic quotes IS on, you stripslashes, then do special characters and mysql escape? The out come is totally different based on whether or not magic quotes is on or off. Basically it amounts to this, if magic quotes is off, simulate the effects of magic quotes. If magic quotes is on, compensate for magic quotes by stripping the slashes and doing htmlspecial characters and mysql escape. Secondly, this function is in error because the variable $value is never defined! Here's a better mc code type "clean" function:   // database escape and htmlentities function clean($string) { global $c; // if magic quotes is on, strip the slashes it adds if (ini_get('magic_quotes_gpc')) { $string = stripslashes($string); } // remove whitespace from the beginning and end of the string then apply htmlentities and mysql escape $string = mysql_real_escape_string(htmlentities(trim($string)), $c); return $string; }   It's important to note that this function, results in the same outcome no matter if magic quotes is on or off. trim, htmlentites, and mysql escape is always applied

Re: Help please Put that after your header, and before the rest of the code on the page.   if ($ir['level'] < 100) { die('You must be level 100 or higher to gain access to this page.'); }

Re: Randomizing users order by rand(), I would have thought it more complicated than that. That's very good to know! [me=Floydian]gets busy right away trying to figure out where he can use order by rand().[/me]

Re: [V2] Staff Items Good deal :-)

Re: HELP PLEASE There are 3 commas before where you got the error. Is there a reason those 3 commas have nothing between them? Most likely, you'll have to submit something there. Perhaps you left a couple fields in the form blank? I've found mc codes is very slack on validation, and I can see leaving out fields in a form causing a query to fail.

Re: Mysql/PHP problem You're welcome! Thanks for letting me know it worked.

Re: Php program Can't say that I do. Perhaps you might reword that into proper English though... That sentence reads like this: Anyone know a "person" testing a file program. Where PHP is a proper noun and the action assigned to that noun is "testing a file program".

Re: Mysql/PHP problem $TimeDiff = "SELECT TIMEDIFF('2007-11-17 17:10:19','2007-11-17 17:07:05')"; $DownTime = mysql_query($TimeDiff) or die (mysql_error()); If you take that, and then do: echo $DownTime; you are echoing a memory resource locator. In other words, that variable simply holds the "directions" to a place in memory. so, you would need to do msyql_fetch_array or mysql_fetch_row which ever one you choose does not matter, especially if you use list, which I highly recommend in most situations. list($mytime) = mysql_fetch_array($DownTime); echo $mytime; // and you're get the results you expect.