Forums | MacLife
You are not logged in.
#1 2003-12-08 1:42 pm
- jdsmith575
- Member
- From: Texas Tech Univ.
- Registered: 2001-04-09
- Posts: 741
- Website
My PHP app. Code evaluation?
I've pretty much finished off an app I've been working on, and youz guys seem pretty good at catching coding errors. For example, Scott tipped me off to a security hole that I didn't know about.
So if you're feeling generous, and want to review my code, or want to learn PHP/MySQL and need some simple source to look at, be my guest.
Enjoy. 
Offline
#2 2003-12-08 4:52 pm
Re: My PHP app. Code evaluation?
Interesting... I'd like to see some text styles and such in there, but I'm guessing that's coming. One thing I would like to see it the SELECT menu defaulting to the current month instead of always to January.
And I'm getting the following error when I add an entry.
Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /var/www/html/casnr_look/add.php on line 89
Oh, and I would suggest doing some data validation on the fields... i.e. making sure the date is a number and such. Last time I checked, there was no such date as January LH, 2003. 
Maybe also restrict dates to future events so people can't add (accidentally or on purpose) events that took place a year ago.
Basseq is me, John Whittet.
(Finishing the remainder of the thought expressed in the post has been left as an exercise for the reader.)
Offline
#3 2003-12-08 10:50 pm
Re: My PHP app. Code evaluation?
I got a similar error when deleting an entry
Code:
Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in/var/www/html/casnr_look/delete.php on line 55
Offline
#4 2003-12-09 7:44 am
Re: My PHP app. Code evaluation?
You really don't even need mysql_free_result() unless you're expecting more traffic than Google. 
According to php.net...
mysql_free_result() only needs to be called if you are concerned about how much memory is being used for queries that return large result sets. All associated result memory is automatically freed at the end of the script's execution.
Basseq is me, John Whittet.
(Finishing the remainder of the thought expressed in the post has been left as an exercise for the reader.)
Offline
#5 2003-12-09 8:58 am
- lostghost
- Member
- From: Chicago
- Registered: 2001-07-08
- Posts: 496
Re: My PHP app. Code evaluation?
another security tip...
you need to secure your "connect.inc" page. You could either place it outside of your web site root folder, prevent its access using .htaccess or httpd.conf, or simply add .php to the end of the filename.
With the filename ending in php, if someone does find the connect include the server will process it and send nothing which is much better than sending through your database information as plain text.
Offline
#6 2003-12-10 11:35 am
- jdsmith575
- Member
- From: Texas Tech Univ.
- Registered: 2001-04-09
- Posts: 741
- Website
Re: My PHP app. Code evaluation?
Good ideas, thanks.
I didn't know that about the .inc file, but I should have known anyways.
Data validation isn't really high on my list since I'll probably be the only one doing the input, but it's a good idea nonetheless.
Offline
