iHinman Posted December 27, 2014 Posted December 27, 2014 I'll be needing a login.php and a matching register.php, with a matching background/theme, will also be needing a game logo, let me know how much you want? Quote
iHinman Posted December 27, 2014 Author Posted December 27, 2014 My budget is currently open to offers. Quote
iHinman Posted December 27, 2014 Author Posted December 27, 2014 I will also be in need of security help as atm my game is 100% standard mccodes Quote
iHinman Posted December 27, 2014 Author Posted December 27, 2014 And a complete game background:template, that's all haha thankyou. Quote
Coly010 Posted December 27, 2014 Posted December 27, 2014 If you have the time to go through each of your files for security I would set up functions based on what each input variable should be: function test_string_input($str){ global $db; $str = trim($str); $str = stripslashes($str); $str = $db->real_escape_string($str); return $str; } function test_int_input($int){ $int = abs((int) $int) + 0; return $int; } Then when you have an incoming variable: $num = test_int_input($_GET['int']); $str = test_string_input($_GET['str']); I know some people might criticise my methods for security but they've worked for me so far. Quote
Script47 Posted December 27, 2014 Posted December 27, 2014 If you have the time to go through each of your files for security I would set up functions based on what each input variable should be: function test_string_input($str){ global $db; $str = trim($str); $str = stripslashes($str); $str = $db->real_escape_string($str); return $str; } function test_int_input($int){ $int = abs((int) $int) + 0; return $int; } Then when you have an incoming variable: $num = test_int_input($_GET['int']); $str = test_string_input($_GET['str']); I know some people might criticise my methods for security but they've worked for me so far. I don't why you don't just do all the sanitizing in all one line? Not having a go at you, but just curious at why you're doing it all separately? Quote
Coly010 Posted December 27, 2014 Posted December 27, 2014 I don't why you don't just do all the sanitizing in all one line? Not having a go at you, but just curious at why you're doing it all separately? Honestly? For readability for myself. I don't want to be going through code if I have a bug and be trying to decipher a messy one line of code, it's just a common practice I have with all my code, a habit so to speak, so that its easily read. /: Quote
Script47 Posted December 27, 2014 Posted December 27, 2014 Honestly? For readability for myself. I don't want to be going through code if I have a bug and be trying to decipher a messy one line of code, it's just a common practice I have with all my code, a habit so to speak, so that its easily read. /: Ah, I have seen many people do it like this an finally though to myself I should ask why. xD Quote
Coly010 Posted December 27, 2014 Posted December 27, 2014 Ah, I have seen many people do it like this an finally though to myself I should ask why. xD I pride myself in thinking that if I was to give a developer a file I coded they would be able to understand everything in it, everything would be well laid out, there would be comments when it's appropiate to explain what/why I chose to do something. That might mean there's a bit of white space in the file, but as far as I'm aware white space hasn't killed anyone yet. Quote
jcvenom Posted December 27, 2014 Posted December 27, 2014 I pride myself in thinking that if I was to give a developer a file I coded they would be able to understand everything in it, everything would be well laid out, there would be comments when it's appropiate to explain what/why I chose to do something. That might mean there's a bit of white space in the file, but as far as I'm aware white space hasn't killed anyone yet. I 100% love this guy and respect him. I also agree with his statement why should anyone question the way he does things if its right? Its for his readability, I see nothing wrong with what he has produced in his post. Quote
Script47 Posted December 27, 2014 Posted December 27, 2014 I 100% love this guy and respect him. I also agree with his statement why should anyone question the way he does things if its right? Its for his readability, I see nothing wrong with what he has produced in his post. Who said anything wrong to him? Why can't we question the way he does something? It simply asking a question, no ones flaming him for doing something. Quote
jcvenom Posted December 27, 2014 Posted December 27, 2014 Who said anything wrong to him? Why can't we question the way he does something? It simply asking a question, no ones flaming him for doing something. Thats okay XD and he gave you a response Quote
DAMINK Posted December 27, 2014 Posted December 27, 2014 Am i wrong in thinking just having comments in your code can be a security risk? Depending on what you put there obviously however any comment does become readable right. Any information to a potential hacker has to be a bad thing. Quote
Coly010 Posted December 27, 2014 Posted December 27, 2014 Thats okay XD and he gave you a response [MENTION=69823]jcvenom[/MENTION] thanks for the praise, but just remember, the only way you (in a general sense, not just you particularly) can learn is to ask questions of stuff your aren't sure or are curious about :) Am i wrong in thinking just having comments in your code can be a security risk? Depending on what you put there obviously however any comment does become readable right. Any information to a potential hacker has to be a bad thing. Well for one, the only way a hacker is going to see a php comment is if they have the file, in which case they've accessed your server, in which case you have a lot more to worry about than them reading // user attacks first For example. I wouldn't leave a password for my database in a comment, there's no need for it be there. I only have comments when something is remotely messy or confusing to help me/someone else understand what is going on in the code. I hope I don't sound like an idiot now lol Quote
DAMINK Posted December 27, 2014 Posted December 27, 2014 Well for one, the only way a hacker is going to see a php comment is if they have the file. Oh ok i thought it was viewable in the source of the html when it was a comment in a php file. Quote
Coly010 Posted December 27, 2014 Posted December 27, 2014 Oh ok i thought it was viewable in the source of the html when it was a comment in a php file. nope, you can't view php source code after the page has loaded because it's a server side language. Essentially when a user clicks a link to a page, if that page is a php file, the php code gets executed by the server, and then any html code in the file, be it from a php echo(); or if it's from html code outside of the php tags, is executed and produces the page the user sees. So by the time the page has loaded, if you were to use the view source feature on your web browser, there is no php code there to be shown. If there was then it would be a heck of a lot harder to secure your files, because a hacker could just see what your doing, and possibly even manipulate and change variables / database queries you have in your file. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.