Zeggy
-
Posts
401 -
Joined
-
Last visited
-
Days Won
1
Content Type
Profiles
Forums
Events
Everything posted by Zeggy
-
Re: Toughest Developer Puzzle Ever Did you get the email on level 30 as well? :D
-
Re: Toughest Developer Puzzle Ever what's on level 27 again? EDIT: oh wait, um... take the first letter from each line, read downwards the answer is that word, which also happens to be the hint for the next puzzle
-
Re: Toughest Developer Puzzle Ever I finished it! ^_^
-
Re: Toughest Developer Puzzle Ever level 13 google: 376006 bob: 808 bios: 5018 legos: 50637
-
Re: Class Problem Sorry, but you've missed the point of OOP. A User is NOT a type of database, which is why you should not extend the db class. A user doesn't connect to a database server, it doesn't execute queries. It might use the database in some functions, which is why you should try to make the two classes work together instead of making one an extension of the other. If you have another class, say a Game class or an Enemy class that also needs to use the database, and you also extend the database class, then each class will connect to the database in separate connections. In fact, if you have more than one User instance, each one will have separate connections as well, as they are all separate db child classes. What you want is for each page to use just one connection. All users, all classes should share a single connection. To get the two classes to work together, you can either set $db as a global, or pass it as a reference to the constructor or some other function: function setDb(&$db) { $this->db = $db; } function otherFunction() { //If you need to use the database object $this->db->query('query'); }
-
Re: First attempt at securing files. Once you've cast a variable to an int, you don't need to escape it or convert it to html entities. You really don't want to convert a mysql query to html entities. mysql_real_escape_string should just be used on single values/parameters, not on entire sql queries or it will also escape the single quotes around your string values: UPDATE ... SET username='bla' WHERE... -> UPDATE ... SET username=\'bla\' WHERE...
-
Re: protection mccodes v2 Learn from your mistakes. Just listening to other people telling you what functions to use won't help you in any way. You need to know why you are using those functions, what exactly they are doing and when you should use them. Being hacked is not a bad thing, because it's another opportunity to learn. Check yours logs to see what happened. When did it happen? Who? How? If you log everything properly, you'll be able to find out exactly what happened, and how you can fix it and then you can make sure it never happens again. But of course... it will also do you some good to read up on common security holes. Some google keywords: xss sql injection csrf wikipedia This website looks quite informative, but I don't know, I haven't read it myself: http://php.robm.me.uk/
-
Re: Tactical RPG Engine You might get more interest if you could show something - a demo, screenshots/design images, design docs, ideas, whatever you've already got going. (Cuz your forum is kind of empty at the moment) :)
-
Re: Passwords and MD5 encryption query... regardless of what algorithm you use, if you salt it well you should have no problems. if you salt it appropriately, your rainbow tables won't do any good. but still, use a more modern algorithm to avoid problems with collisions.
-
Re: Include or Require? It's better if you use absolute paths rather than relative paths if you are including files that include other files, and all the files are in different directories. Saves a lot of confusion if you know (as well as the computer) exactly where your includes/requires are pointing to. Actually: / = a directory itself, the top directory (absolute) ../ = parent directory (relative) ./ = current working directory (relative)
-
Re: Fav band, music I thought it was Fav band, not Fav bands :roll: My favourite would be Blink 182.
-
Re: Guitars... Hmm, I play a lot of Blink 182... I can also play Hysteria by Muse, although I still need to practice this song :P (http://www.youtube.com/watch?v=DR2DpgV8fPw) I can also play some others, but can't really think of them now... (It's 7AM, too early for me :P Gotta catch a flight)
-
Re: PHP Form issue Yes, but they're not meant to. You know what the value is and you know exactly what you are expecting (apparently/assuming, not much info is given about the context by the OP). The problem here is that the user also knows what you are expecting (a number corresponding to the user ID). And then you solve this problem by removing that ability for the user - by encrypting it or doing something else to it so it's difficult for the user to replicate an alternative value. But I suppose, yeah, sessions would be an easy solution :) EDIT: Oh wait, it's for a shout box. In that case... if the user is logged in, surely the user variables are available?
-
Re: One Big Code! include($_GET['page']); //DIE!
-
Re: Is this worth it? Umm, I know how to do an insert properly. What you wrote above is exactly what I suggested in my first post. My previous post was responding to the problem nyna posed (about concurrency issues when using your own auto increment implementation).
-
Re: Is this worth it? Hmm, I'll give it another go :P Do you combine the two queries? INSERT INTO table ((SELECT id FROM table...)+1)... Or does that make no difference?
-
Re: Is this worth it? You have to remember, you are using one query. They're different threads, but performing the same procedures. You used two different queries above ($id+1 and $id+2). You can't know when to use which, so you can't actually implement that. Would the solution be... transactions? Or locking the table? What's the trade off in performance?
-
Re: Is this worth it? lol, did you even read floydian's post? we know what you want to use it for, and yes, it's a good idea. floydian simply posted some feedback for you. Yep, in fact, no values are inserted at all for auto increment columns. So just insert data for specific columns, in your case, the coumns that contain the query and the error.
-
Re: Trying something out Like I said, a person who prefers windows over linux (and has used both) would most likely be a gamer. For new computer users, I seriously doubt anybody would be advised to go for linux rather than windows or mac. And for your statement that any decent game will also be created for mac, I lol'd. Then I googled it. To my surprise, there are actually a few modern games for the mac. But still, ridiculous. And to see how ridiculous, look at this top list of games for the mac: http://uk.gamespot.com/games.html?type= ... subnav;all Most of the games are outdated, while several of the top games weren't even made in this millenium. Compare that to the top list of games of PC or any other console. All of the top games were released within the last 6 months. Conclusion: gaming on the mac is a joke. Just wondering: what do you do on your linux? (programming, word processing, email?)
-
Re: Trying something out So many people bashing windows... It's quite simple. If you're a gamer, use windows. If you're not, use whatever you want. :)
-
Re: QUERY ERROR It tells you what the error is right there: Table 'phaser_PhaserDB.ads' doesn't exist In your database, a table called 'phaser_PhaserDB.ads' doesn't exist, and your page is trying to get data from that table. You can fix it by: Adding that table to the database. Or removing the code that's causing the error.
-
Re: PHP Form issue You encrypt it so you know you can trust it :) And this doesn't appear to be user input, it's a hidden form field. Also, sessions aren't infallible.
-
Re: PHP Form issue Use a salted hash... and just pick a good salt and encryption method. If they don't know the salt and are unlikely to guess the salt, they won't be able to create their own hash when they change the username. I thought the point was that hashes are non-reversible.