Forums - Open Redstone Engineers
[PHP & SQL] My very first programming thats actually useful - Printable Version

+- Forums - Open Redstone Engineers (https://forum.openredstone.org)
+-- Forum: Off-Topic (https://forum.openredstone.org/forum-4.html)
+--- Forum: Programming (https://forum.openredstone.org/forum-8.html)
+--- Thread: [PHP & SQL] My very first programming thats actually useful (/thread-1538.html)

[PHP & SQL] My very first programming thats actually useful - EDevil - 12-09-2013

I would REALLY like some feedback of you guys to see if i did things well and if it looks... well, solid. This has been my first actual program that can do some stuff useful
(on school we had to do $number1 = 4, $number2 = 8, echo $number1 + $numerb; <--- >.> )

So, this was an program for a client of us, wanting to make himself a lottery. Clients will get a link by the owner to my script, on which you need to enter your mail. Once you've done that, your mail address with a uniquely generated Number (lottery Wink) will be stored in a SQL database. The script will search for another Random number if the number already exists, and will also stop if the mail address is already stored in the database.
*Future stuff*Users will get an mail once they've singed up with their random generated number. That really isn't too hard.

Script time!

Code:
<?php
//Make connection with the server
$db = new mysqli('localhost', 'testuser14', 'supersecretpassword', 'lottery');
//check if this is a valid mail address
if(isset($_POST['mailform']) && !empty($_POST['mailform'])){
    $email = mysql_real_escape_string($_POST['mailform']);
    if(!mb_ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
        // Wrong mail entered. Will give error message
        print '<script type="text/javascript">';
        print 'alert("Your mail address seems wrong. Please take a look at it.")';
        print '</script>';
    }else{
        // Successful mail
        //Check if the mail address is already registered in the DB
        $mailcheck = mysqli_query($db, "SELECT * FROM maindb WHERE mail = '$email'");
        if(mysqli_num_rows($mailcheck) > 0){
            print '<script type="text/javascript">';
            print 'alert("This mail is already registered!")';
            print '</script>';
        }else{
            // Generate a random number and save it. If the generated number already exists, make a new one.
            $lot1 = mt_rand(1,5300);
            $check = mysqli_query($db, "SELECT * FROM maindb where lotnumber = $lot1");
            if(mysqli_num_rows($check) == 0){
                mysqli_query($db, "INSERT INTO maindb (lotnumber, mail) VALUES ('" . $lot1 . "','" . $email . "');");
                //Send mail
            }else{
                $check2 = $check;
                while(mysqli_num_rows($check2) >= 1){
                    $lot2 = mt_rand(1,5300);
                    $check2 = mysqli_query($db, "SELECT * FROM maindb where lotnumber = $lot2");
                    if(mysqli_num_rows($check2) >= 1){
                        //Lets the while loop repeat itself
                    }else{
                        mysqli_query($db, "INSERT INTO maindb (lotnumber, mail) VALUES ('" . $lot2 . "','" . $email . "');");
                        //Send mail
                    };
                };
            };
        };
    };
};
$db->close();
?>


RE: [PHP & SQL] My very first programming thats actually useful - Somepotato - 12-10-2013

You should look into using ajax and preventing multiple entries from a single IP

RE: [PHP & SQL] My very first programming thats actually useful - Malcolmforde - 12-10-2013

Watch all of Toms hacking videos on Computerphile. He goes over common security errors that should be fixed immediately such as cross-site scripting.
It shall make it more secure!

RE: [PHP & SQL] My very first programming thats actually useful - EDevil - 12-10-2013

(12-10-2013, 02:54 AM)Somepotato Wrote: You should look into using ajax and preventing multiple entries from a single IP

Thank you for the tip, but i'll think i'll stay with php for now, since im finally getting the hang of it.

(12-10-2013, 06:46 AM)Malcolmforde Wrote: Watch all of Toms hacking videos on Computerphile. He goes over common security errors that should be fixed immediately such as cross-site scripting.
It shall make it more secure!

I'll take a look at it! Thank you very much for the provided link!

RE: [PHP & SQL] My very first programming thats actually useful - Somepotato - 12-10-2013

Using ajax doesn't imply you have to use another language

RE: [PHP & SQL] My very first programming thats actually useful - Malcolmforde - 12-11-2013

(12-10-2013, 09:26 AM)EvilDevil59NL Wrote:
(12-10-2013, 02:54 AM)Somepotato Wrote: You should look into using ajax and preventing multiple entries from a single IP

Thank you for the tip, but i'll think i'll stay with php for now, since im finally getting the hang of it.

(12-10-2013, 06:46 AM)Malcolmforde Wrote: Watch all of Toms hacking videos on Computerphile. He goes over common security errors that should be fixed immediately such as cross-site scripting.
It shall make it more secure!

I'll take a look at it! Thank you very much for the provided link!

*provides link to cross-site scripting*
http://www.youtube.com/watch?v=L5l9lSnNMxg
The guy in that video is Tom. Watch all the videos he is featured in.