Media: The Making of C.W.I.S | Jam in a Nutshell
- Thread starter Jonathan
- Start date
You know I was slightly looking forward to this video after seeing the last one!
Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!
That said I'll have to critizise something about your server side:
(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.
I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report
)
Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!
That said I'll have to critizise something about your server side:
(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:
PHP:
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report
)
You know I was slightly looking forward to this video after seeing the last one!
Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!
That said I'll have to critizise something about your server side:
(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
View attachment 20532
This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.PHP:$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)"); $stmt->bind_param("sss", $firstname, $lastname, $email);
I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report
Yea the server side stuff is something I know almost nothing about, what I used for this was a simple, but outdated YT tutotial on the topic xD So I'll certainly give that a try on my next game to see how it goes. yea, I forgot the creds where in there, pretty sure I've got them blurred out now, added a blur on the part where it showed, in theory should solve that problem when it updates, then again I use a different password for like everything so it wouldn't be a problem really xD. thx for pointing it out though xD
