 |
|
||||||||
| |||||||||
|
||||||
 |
|
|
Thread Tools | Display Modes |
|
|
||||
03-05-2011, 03:46 AM
Okay, first of all, try changing the sql statement to be:
PHP Code:
Secondly, just as a matter of semantics, the reply code is changing your original post date, so viewing the post shows "incorrect" information (so to speak). You should maybe use a last updated field or something similar instead of changing the date. Hope that change works for you. drums 
|
|
|
|
||||
|
03-05-2011, 05:19 AM
thanks for the help works like a charm one more thing though im trying to do an admin feature were admins can view all the users but other admins except for the one with main_admin = to 1 in the database but i just can't figure out how i will get it to work and also how do you do the thing were it counts views?
here is the page PHP Code:
|
|
|
|
||||
|
03-05-2011, 05:20 AM
part 2 becuase so long
PHP Code:
|
|
|
|
||||
|
03-05-2011, 05:21 AM
and part 3
PHP Code:
|
|
|
|
||||
|
03-05-2011, 11:35 AM
For counting views, add a "views" field to the topics database and then just add an update sql statement into the topic view code.
You could start with something basic like "UPDATE topics SET views = views+1" For your admins question, have you tried a simple SQL statement like "SELECT users FROM user_file WHERE main_admin!=1" drums
|
|
|
|
||||
|
03-06-2011, 12:51 AM
Profile page should be easy, but bbcode is going to be more of a challenge.
Also, for what it's worth, you need to toughen up your code against malicious SQL injection attacks, script kiddies, etc Is this for a specific project, fun, or just to learn something new? drums
|
|
|
|
||||
|
03-06-2011, 01:42 AM
Start a new thread, because I think you'll get some other valuable replies with a topic heading like "Any tips to strengthen my php code against SQL injections and other attacks?" and then just ask for some ideas...
 First steps though are to make sure you filter all GET/POST variables to ensure that they are what you expect, that you remove html code and script code when it shouldn't be there, initialise any other variables to blank or default values (which avoids problems if you or future users have php "register_globals" on) and finally that you double check any variables you're using in sql statements to ensure they don't contain things like " ' UNION SELECT .....' ". PHP has some built in functions for filtering strings, email addresses, etc which you can use like filter_input . I think you could add it (fairly easily) into your mss function (not sure what that does in your code, but looks like you're using it to do some checking already?). Knowing a little bit about regex filtering will also be a big help here (with things like removing HTML from input). I can re-post some of this in your new thread with a little more detail. Well done with the forum stuff though. You should chat to Ndogg, he has written his own forum software too.
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.5.2
vBulletin Skin developed by: vBStyles.com
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.5.2
vBulletin Skin developed by: vBStyles.com