Media: The Making of C.W.I.S | Jam in a Nutshell

  • Wondering what earned you credits on the forums? The full list has now been added here
  • Remember to read the F.A.Q. before posting in the Support section/Portal!
LW001

LW001

Administrator
Administrator
Moderator
Beta
Wiki Contributor
Freedom! Member
Apr 2, 2016
3,015
1,212
21
Vienna, Austria
twitter.com
YouTube Channel ID
YouTube Channel
Twitter
lw_002
You know I was slightly looking forward to this video after seeing the last one!

Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!


That said I'll have to critizise something about your server side:

(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
upload_2020-8-11_20-59-48.png

This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:

PHP: 
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.

I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report ;))
 
Jonathan

Jonathan

"You don't know me...but you will"
Retired Moderator
Beta
Wiki Contributor
Freedom! Member
Event Winner 2017
Feb 1, 2016
818
379
26
UK
jonathan.carter.games
YouTube Channel ID
YouTube Channel
LW001 said:
You know I was slightly looking forward to this video after seeing the last one!

Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!


That said I'll have to critizise something about your server side:

(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
View attachment 20532

This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:

PHP: 
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.

I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report ;))
Click to expand...


Yea the server side stuff is something I know almost nothing about, what I used for this was a simple, but outdated YT tutotial on the topic xD So I'll certainly give that a try on my next game to see how it goes. yea, I forgot the creds where in there, pretty sure I've got them blurred out now, added a blur on the part where it showed, in theory should solve that problem when it updates, then again I use a different password for like everything so it wouldn't be a problem really xD. thx for pointing it out though xD
 
You must log in or register to reply here.
Top Bottom