Jump to content
xisto Community
Sign in to follow this  
Samleeuwenburg

Help Me By Reviewing My Website Tips, comments, all feedback is welcome

Recommended Posts

Hey guys, I made this website to learn php but I also have use it for an intake at my new school. Design is not counted but the php and mysql use is.

I love getting feedback from people who are php programmers themselfs and feedback from users,

Can you guys please test my webpage and leave some feedback for me? It will be very usefull for me to finish the webpage!!

Thnx alot!!

Website : http://forums.xisto.com/no_longer_exists/

Share this post


Link to post
Share on other sites

I suppose in some important areas you have filtered the input, but you seem to have forgotten about $_GET. I haven't tried all the pages, but this page allows for arbitrary HTML (don't worry, it is just Google :angel:—but it could have been worse).

Share this post


Link to post
Share on other sites

I suppose in some important areas you have filtered the input, but you seem to have forgotten about $_GET. I haven't tried all the pages, but this page allows for arbitrary HTML (don't worry, it is just Google :angel:but it could have been worse).

first of all thanks alot for helping out, I don't really get what this means though.. Does this mean every page I use the GET function is unsafe? How can I fix this? Because I still want to use the get function so you can bookmark the page or link it.

For example when u click on a quote it uses it's id to load the right quote from the database with the get function

Share this post


Link to post
Share on other sites

I get it now. In my php script I echo the ?q= from the link, so that means you can write any html in there. what is good way to prevent this?

for numbers I could do a check if its a number or not. but if its a word like the category.php page uses what could i use to prevent html use?

Share this post


Link to post
Share on other sites

I get it now. In my php script I echo the ?q= from the link, so that means you can write any html in there. what is good way to prevent this?for numbers I could do a check if its a number or not. but if its a word like the category.php page uses what could i use to prevent html use?

PHP has a function for stripping HTML from a string: strip_tags(). Use it for every _GET variable you output to the browser. Or you can just have this at the beginning of the script:
$_GET = array_map("strip_tags", $_GET);

Share this post


Link to post
Share on other sites

I'm not a PHP Programmer so I won't be able to give you a feedback regarding how it might have been set up. I could, however, provide some pointers to better the design of your site. The site's color is simple. And since you're posting quotations, I would suggest adding more designs to it. Not the very flashy ones. Maybe some swirls here on the header and a small version of it on the footer. I would also suggest losing the gradient-tube effect of the navigation bar. For easier identification, putting a :hover effect and/or :active effects on the navbar will significantly increase the appeal of the website - inverting the colors is simple but would be sufficient. All in all, you have a good starting point for a design. Put more detail and you're good to go.

Share this post


Link to post
Share on other sites

Thanks alot for all the replies. and yes I know the design sucks but lucky for me I wont be scored for that part.and also thank you Treufusion for that piece of code, ill mess around with it and see what comes up.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.