V2 few things needed

[iHinman]

I'll be needing a login.php and a matching register.php, with a matching background/theme, will also be needing a game logo, let me know how much you want?

[Script47]

What is your budget?

[iHinman]

My budget is currently open to offers.

[iHinman]

I will also be in need of security help as atm my game is 100% standard mccodes

[iHinman]

And a complete game background:template, that's all haha thankyou.

[Coly010]

If you have the time to go through each of your files for security I would set up functions based on what each input variable should be:

 

function test_string_input($str){
  global $db;
  $str = trim($str);
  $str = stripslashes($str);
  $str = $db->real_escape_string($str);
  return $str;
}
function test_int_input($int){
  $int = abs((int) $int) + 0;
  return $int;
}

 

Then when you have an incoming variable:

$num = test_int_input($_GET['int']);
$str = test_string_input($_GET['str']);

 

I know some people might criticise my methods for security but they've worked for me so far.

[Script47]

If you have the time to go through each of your files for security I would set up functions based on what each input variable should be:

 

function test_string_input($str){
  global $db;
  $str = trim($str);
  $str = stripslashes($str);
  $str = $db->real_escape_string($str);
  return $str;
}
function test_int_input($int){
  $int = abs((int) $int) + 0;
  return $int;
}

 

Then when you have an incoming variable:

$num = test_int_input($_GET['int']);
$str = test_string_input($_GET['str']);

 

I know some people might criticise my methods for security but they've worked for me so far.

I don't why you don't just do all the sanitizing in all one line? Not having a go at you, but just curious at why you're doing it all separately?

[Coly010]

I don't why you don't just do all the sanitizing in all one line? Not having a go at you, but just curious at why you're doing it all separately?

Honestly? For readability for myself. I don't want to be going through code if I have a bug and be trying to decipher a messy one line of code, it's just a common practice I have with all my code, a habit so to speak, so that its easily read. /:

[Script47]

Honestly? For readability for myself. I don't want to be going through code if I have a bug and be trying to decipher a messy one line of code, it's just a common practice I have with all my code, a habit so to speak, so that its easily read. /:

Ah, I have seen many people do it like this an finally though to myself I should ask why. xD

[Coly010]

Ah, I have seen many people do it like this an finally though to myself I should ask why. xD

 

I pride myself in thinking that if I was to give a developer a file I coded they would be able to understand everything in it, everything would be well laid out, there would be comments when it's appropiate to explain what/why I chose to do something. That might mean there's a bit of white space in the file, but as far as I'm aware white space hasn't killed anyone yet.

[jcvenom]

I pride myself in thinking that if I was to give a developer a file I coded they would be able to understand everything in it, everything would be well laid out, there would be comments when it's appropiate to explain what/why I chose to do something. That might mean there's a bit of white space in the file, but as far as I'm aware white space hasn't killed anyone yet.

I 100% love this guy and respect him. I also agree with his statement why should anyone question the way he does things if its right? Its for his readability, I see nothing wrong with what he has produced in his post.

[Script47]

I 100% love this guy and respect him. I also agree with his statement why should anyone question the way he does things if its right? Its for his readability, I see nothing wrong with what he has produced in his post.

Who said anything wrong to him? Why can't we question the way he does something? It simply asking a question, no ones flaming him for doing something.

[jcvenom]

Who said anything wrong to him? Why can't we question the way he does something? It simply asking a question, no ones flaming him for doing something.

Thats okay XD and he gave you a response

[DAMINK]

Am i wrong in thinking just having comments in your code can be a security risk?

Depending on what you put there obviously however any comment does become readable right.

Any information to a potential hacker has to be a bad thing.

[Coly010]

Thats okay XD and he gave you a response

[MENTION=69823]jcvenom[/MENTION] thanks for the praise, but just remember, the only way you (in a general sense, not just you particularly) can learn is to ask questions of stuff your aren't sure or are curious about :)

 

Am i wrong in thinking just having comments in your code can be a security risk?

Depending on what you put there obviously however any comment does become readable right.

Any information to a potential hacker has to be a bad thing.

Well for one, the only way a hacker is going to see a php comment is if they have the file, in which case they've accessed your server, in which case you have a lot more to worry about than them reading

// user attacks first

For example.

I wouldn't leave a password for my database in a comment, there's no need for it be there. I only have comments when something is remotely messy or confusing to help me/someone else understand what is going on in the code.

I hope I don't sound like an idiot now lol

[DAMINK]

Well for one, the only way a hacker is going to see a php comment is if they have the file.

Oh ok i thought it was viewable in the source of the html when it was a comment in a php file.

[Coly010]

Oh ok i thought it was viewable in the source of the html when it was a comment in a php file.

nope, you can't view php source code after the page has loaded because it's a server side language. Essentially when a user clicks a link to a page, if that page is a php file, the php code gets executed by the server, and then any html code in the file, be it from a php echo(); or if it's from html code outside of the php tags, is executed and produces the page the user sees.

So by the time the page has loaded, if you were to use the view source feature on your web browser, there is no php code there to be shown. If there was then it would be a heck of a lot harder to secure your files, because a hacker could just see what your doing, and possibly even manipulate and change variables / database queries you have in your file.