Media: The Making of C.W.I.S | Jam in a Nutshell

LW

Community Manager
Administrator
Moderator
Freedom! Member
Apr 2, 2016
3,045
1,251
21
Vienna, Austria
twitter.com
YouTube
lw_001
You know I was slightly looking forward to this video after seeing the last one!

Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!


That said I'll have to critizise something about your server side:

(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
upload_2020-8-11_20-59-48.png

This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:

PHP:
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.

I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report ;))
 

Jonathan

"You don't know me...but you will"
Freedom! Member
Feb 1, 2016
819
383
26
UK
jonathan.carter.games
YouTube
You know I was slightly looking forward to this video after seeing the last one!

Looks really interesting seeing the project come to life! It always amazes me when people manage to make code look good in a video, if done wrong that can get boring quickly but you make it understandable enough (I think)!


That said I'll have to critizise something about your server side:

(I know everything written in PHP, especially such a small app for a one time jam is just one huge bodge but as it's in a video and on a public server I feel like I should at least point this out)
View attachment 20532

This is prone to SQL Injection Attacks, allowing someone to get the entire table and if you set up permissions poorly even the entire database.
Instead, use a prepared statement:

PHP:
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
This makes the code 1. more readable and 2. safe from SQL Injections by sanitizing the values.

I'd also recommend you put your database credentials into a config file so you can a. reuse them and b. show your request handlers in a video without showing off your password. (If you want this part deleted so noone finds out let me know through a report ;))


Yea the server side stuff is something I know almost nothing about, what I used for this was a simple, but outdated YT tutotial on the topic xD So I'll certainly give that a try on my next game to see how it goes. yea, I forgot the creds where in there, pretty sure I've got them blurred out now, added a blur on the part where it showed, in theory should solve that problem when it updates, then again I use a different password for like everything so it wouldn't be a problem really xD. thx for pointing it out though xD